./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor634936658 <...> Warning: Permanently added '10.128.1.8' (ED25519) to the list of known hosts. execve("./syz-executor634936658", ["./syz-executor634936658"], 0x7fff88133f30 /* 10 vars */) = 0 brk(NULL) = 0x5555720a9000 brk(0x5555720a9e00) = 0x5555720a9e00 arch_prctl(ARCH_SET_FS, 0x5555720a9480) = 0 set_tid_address(0x5555720a9750) = 296 set_robust_list(0x5555720a9760, 24) = 0 rseq(0x5555720a9da0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor634936658", 4096) = 27 getrandom("\x7f\x78\x1b\xbb\xbf\x77\xfa\x20", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555720a9e00 brk(0x5555720cae00) = 0x5555720cae00 brk(0x5555720cb000) = 0x5555720cb000 mprotect(0x7f9ba450d000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f9ba44509a0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f9ba44509a0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 mkdir("./syzkaller.2iI0Gm", 0700) = 0 chmod("./syzkaller.2iI0Gm", 0777) = 0 chdir("./syzkaller.2iI0Gm") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 298 ./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x5555720a9760, 24) = 0 [pid 298] chdir("./0") = 0 [pid 298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 298] setpgid(0, 0) = 0 [pid 298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 298] write(3, "1000", 4) = 4 [pid 298] close(3) = 0 [pid 298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 298] write(1, "executing program\n", 18executing program ) = 18 [pid 298] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 298] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 298] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[299]}, 88) = 299 [pid 298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 298] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[300]}, 88) = 300 [pid 298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] memfd_create("syzkaller", 0) = 3 [pid 299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 299] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 299] munmap(0x7f9b9c005000, 138412032) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 299] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 300 attached ) = 0 [pid 299] close(3) = 0 [ 23.507426][ T28] audit: type=1400 audit(1744814341.169:66): avc: denied { execmem } for pid=296 comm="syz-executor634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.526755][ T28] audit: type=1400 audit(1744814341.169:67): avc: denied { read write } for pid=296 comm="syz-executor634" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.548135][ T299] loop0: detected capacity change from 0 to 256 [pid 299] close(4) = 0 [pid 299] mkdir("./file0", 0777) = 0 [pid 299] mount("/dev/loop0", "./file0", "exfat", 0, "" [pid 300] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 298] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 23.551269][ T28] audit: type=1400 audit(1744814341.169:68): avc: denied { open } for pid=296 comm="syz-executor634" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 23.581503][ T28] audit: type=1400 audit(1744814341.169:69): avc: denied { ioctl } for pid=296 comm="syz-executor634" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 298] futex(0x7f9ba45136ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba43e4000 [pid 298] mprotect(0x7f9ba43e5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4404990, parent_tid=0x7f9ba4404990, exit_signal=0, stack=0x7f9ba43e4000, stack_size=0x20240, tls=0x7f9ba44046c0} => {parent_tid=[301]}, 88) = 301 [pid 298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] futex(0x7f9ba45136e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] futex(0x7f9ba45136ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x7f9ba44049a0, 24) = 0 [pid 301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 301] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = -1 ENOENT (No such file or directory) [pid 301] futex(0x7f9ba45136ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... futex resumed>) = 0 [pid 298] futex(0x7f9ba45136e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] futex(0x7f9ba45136ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 3 [pid 301] futex(0x7f9ba45136ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... futex resumed>) = 0 [pid 298] futex(0x7f9ba45136e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] futex(0x7f9ba45136ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] write(3, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 300] rt_sigprocmask(SIG_SETMASK, [], [pid 301] <... write resumed>) = 4096 [pid 301] futex(0x7f9ba45136ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 298] <... futex resumed>) = 0 [pid 301] futex(0x7f9ba45136e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 300] creat("./bus", 000) = 4 [pid 300] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 23.584223][ T299] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 23.615462][ T28] audit: type=1400 audit(1744814341.229:70): avc: denied { mounton } for pid=298 comm="syz-executor634" path="/root/syzkaller.2iI0Gm/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 23.617884][ T299] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [pid 300] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] <... mount resumed>) = 0 [pid 299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 299] chdir("./file0") = 0 [pid 299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 299] ioctl(6, LOOP_CLR_FD) = 0 [pid 299] close(6) = 0 [pid 299] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] exit_group(0) = ? [pid 299] <... futex resumed>) = ? [pid 299] +++ exited with 0 +++ [pid 300] <... futex resumed>) = ? [pid 300] +++ exited with 0 +++ [pid 301] <... futex resumed>) = ? [pid 301] +++ exited with 0 +++ [pid 298] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=298, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/bus") = 0 [ 23.652784][ T299] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 23.665378][ T28] audit: type=1400 audit(1744814341.329:71): avc: denied { mount } for pid=298 comm="syz-executor634" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 302 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x5555720a9760, 24) = 0 [pid 302] chdir("./1") = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 302] write(1, "executing program\n", 18) = 18 [pid 302] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 302] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 302] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[303]}, 88) = 303 ./strace-static-x86_64: Process 303 attached [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 302] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[304]}, 88) = 304 [pid 302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 302] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 304] creat("./bus", 000) = 3 [pid 304] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 1 [pid 304] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 304] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 1 [pid 304] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 304] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 302] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 302] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 1 [pid 304] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 304] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 302] <... futex resumed>) = 0 [pid 304] <... futex resumed>) = 1 [pid 304] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 303] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 303] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 303] memfd_create("syzkaller", 0) = 5 [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 303] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 303] munmap(0x7f9b9c005000, 138412032) = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.700342][ T28] audit: type=1400 audit(1744814341.359:72): avc: denied { unmount } for pid=296 comm="syz-executor634" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 23.732907][ T28] audit: type=1400 audit(1744814341.389:73): avc: denied { mounton } for pid=302 comm="syz-executor634" path="/root/syzkaller.2iI0Gm/1/bus" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=file permissive=1 [pid 303] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 303] close(5) = 0 [pid 303] close(6) = 0 [pid 303] mkdir("./file0", 0777) = 0 [pid 303] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 303] chdir("./file0") = 0 [pid 303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 303] ioctl(6, LOOP_CLR_FD) = 0 [pid 303] close(6) = 0 [pid 303] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 303] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 302] exit_group(0 [pid 304] <... futex resumed>) = ? [pid 302] <... exit_group resumed>) = ? [pid 304] +++ exited with 0 +++ [pid 303] <... futex resumed>) = ? [pid 303] +++ exited with 0 +++ [pid 302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 23.735439][ T303] loop0: detected capacity change from 0 to 256 [ 23.764850][ T303] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 23.775416][ T303] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 23.785806][ T303] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/bus") = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x5555720a9760, 24) = 0 [pid 306] chdir("./2") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] write(1, "executing program\n", 18) = 18 [pid 306] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 306] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[307]}, 88) = 307 [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 306] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 306] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[308]}, 88) = 308 [pid 306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 306] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] creat("./bus", 000) = 3 [pid 308] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 1 [pid 308] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 308] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 1 [pid 308] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 308] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 1 [pid 308] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 308] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = 1 [pid 308] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] memfd_create("syzkaller", 0) = 5 [pid 307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 307] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 307] munmap(0x7f9b9c005000, 138412032) = 0 [pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 307] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 307] close(5) = 0 [pid 307] close(6) = 0 [pid 307] mkdir("./file0", 0777) = 0 [ 23.802332][ T28] audit: type=1400 audit(1744814341.469:74): avc: denied { unmount } for pid=296 comm="syz-executor634" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 23.836793][ T307] loop0: detected capacity change from 0 to 256 [ 23.844476][ T307] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [pid 307] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 307] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 307] chdir("./file0") = 0 [pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 307] ioctl(6, LOOP_CLR_FD) = 0 [pid 307] close(6) = 0 [pid 307] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] exit_group(0 [pid 308] <... futex resumed>) = ? [pid 306] <... exit_group resumed>) = ? [pid 308] +++ exited with 0 +++ [pid 307] <... futex resumed>) = ? [pid 307] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/bus") = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 309 ./strace-static-x86_64: Process 309 attached [pid 309] set_robust_list(0x5555720a9760, 24) = 0 [pid 309] chdir("./3") = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 309] setpgid(0, 0) = 0 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 309] write(3, "1000", 4) = 4 [pid 309] close(3) = 0 [pid 309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 309] write(1, "executing program\n", 18executing program ) = 18 [pid 309] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 309] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 310 attached => {parent_tid=[310]}, 88) = 310 [pid 310] set_robust_list(0x7f9ba44469a0, 24 [pid 309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 309] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] <... set_robust_list resumed>) = 0 [pid 309] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 309] <... futex resumed>) = 0 [pid 310] memfd_create("syzkaller", 0 [pid 309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 309] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[311]}, 88) = 311 [pid 309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 309] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 311] creat("./bus", 000) = 3 [pid 311] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 309] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 1 [pid 311] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 311] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 309] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 1 [pid 311] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 311] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 309] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 309] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 1 [pid 311] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 311] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = 1 [pid 311] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 310] <... memfd_create resumed>) = 5 [pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 310] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 310] munmap(0x7f9b9c005000, 138412032) = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.855055][ T307] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 23.865834][ T307] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 310] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 310] close(5) = 0 [pid 310] close(6) = 0 [pid 310] mkdir("./file0", 0777) = 0 [pid 310] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 310] chdir("./file0") = 0 [pid 310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 310] ioctl(6, LOOP_CLR_FD) = 0 [pid 310] close(6) = 0 [pid 310] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 310] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] exit_group(0 [pid 311] <... futex resumed>) = ? [pid 309] <... exit_group resumed>) = ? [pid 311] +++ exited with 0 +++ [pid 310] <... futex resumed>) = ? [pid 310] +++ exited with 0 +++ [pid 309] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/bus") = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 312 ./strace-static-x86_64: Process 312 attached [pid 312] set_robust_list(0x5555720a9760, 24) = 0 [pid 312] chdir("./4") = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 312] setpgid(0, 0) = 0 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 312] write(3, "1000", 4) = 4 [pid 312] close(3) = 0 [pid 312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 312] write(1, "executing program\n", 18executing program ) = 18 [pid 312] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 312] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 312] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[313]}, 88) = 313 [pid 312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 312] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 312] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[314]}, 88) = 314 [pid 312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 312] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 313 attached ./strace-static-x86_64: Process 314 attached [pid 312] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] set_robust_list(0x7f9ba44259a0, 24 [pid 313] set_robust_list(0x7f9ba44469a0, 24 [pid 314] <... set_robust_list resumed>) = 0 [pid 314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 314] creat("./bus", 000 [pid 313] <... set_robust_list resumed>) = 0 [pid 314] <... creat resumed>) = 3 [pid 313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 313] memfd_create("syzkaller", 0 [pid 314] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... memfd_create resumed>) = 4 [pid 313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 314] <... futex resumed>) = 1 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 314] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 312] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 314] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 312] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] <... write resumed>) = 131072 [pid 314] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 314] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 312] <... futex resumed>) = 0 [pid 314] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] munmap(0x7f9b9c005000, 138412032) = 0 [pid 313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.907536][ T310] loop0: detected capacity change from 0 to 256 [ 23.915926][ T310] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 23.926504][ T310] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 23.936981][ T310] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 313] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 313] close(4) = 0 [pid 313] close(6) = 0 [pid 313] mkdir("./file0", 0777) = 0 [pid 313] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 313] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 313] chdir("./file0") = 0 [pid 313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 313] ioctl(6, LOOP_CLR_FD) = 0 [pid 313] close(6) = 0 [pid 313] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 312] exit_group(0 [pid 314] <... futex resumed>) = ? [pid 312] <... exit_group resumed>) = ? [pid 314] +++ exited with 0 +++ [pid 313] <... futex resumed>) = ? [pid 313] +++ exited with 0 +++ [pid 312] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/bus") = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 315 ./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x5555720a9760, 24) = 0 [pid 315] chdir("./5") = 0 [pid 315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 315] setpgid(0, 0) = 0 [pid 315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 315] write(3, "1000", 4) = 4 [pid 315] close(3) = 0 [pid 315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 315] write(1, "executing program\n", 18) = 18 [pid 315] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 executing program [pid 315] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 315] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[316]}, 88) = 316 [pid 315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 315] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 315] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[317]}, 88) = 317 [pid 315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 315] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 317 attached [pid 317] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 317] creat("./bus", 000) = 3 [pid 317] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 317] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 317] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 317] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 317] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 315] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 317] <... futex resumed>) = 1 [pid 317] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 317] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 315] <... futex resumed>) = 0 [pid 317] <... futex resumed>) = 1 [pid 317] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 316 attached [pid 316] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 316] memfd_create("syzkaller", 0) = 5 [pid 316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 316] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 316] munmap(0x7f9b9c005000, 138412032) = 0 [pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 23.979789][ T313] loop0: detected capacity change from 0 to 256 [ 23.987258][ T313] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 23.997783][ T313] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 24.008274][ T313] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 316] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 316] close(5) = 0 [pid 316] close(6) = 0 [pid 316] mkdir("./file0", 0777) = 0 [pid 316] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 316] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 316] chdir("./file0") = 0 [pid 316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 316] ioctl(6, LOOP_CLR_FD) = 0 [pid 316] close(6) = 0 [pid 316] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] exit_group(0) = ? [pid 317] <... futex resumed>) = ? [pid 317] +++ exited with 0 +++ [pid 316] +++ exited with 0 +++ [pid 315] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=315, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/bus") = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 318 ./strace-static-x86_64: Process 318 attached [pid 318] set_robust_list(0x5555720a9760, 24) = 0 [pid 318] chdir("./6") = 0 [pid 318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 318] setpgid(0, 0) = 0 [pid 318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 318] write(3, "1000", 4) = 4 [pid 318] close(3) = 0 [pid 318] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 318] write(1, "executing program\n", 18) = 18 [pid 318] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 318] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 318] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[319]}, 88) = 319 [pid 318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 318] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 318] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[320]}, 88) = 320 [pid 318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 318] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 320] creat("./bus", 000) = 3 [pid 320] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = 0 [pid 318] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... futex resumed>) = 1 [pid 320] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 320] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = 0 [pid 318] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... futex resumed>) = 1 [pid 320] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 320] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = 0 [pid 318] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 318] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 320] <... futex resumed>) = 1 [pid 320] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 320] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... futex resumed>) = 0 [pid 320] <... futex resumed>) = 1 [pid 320] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 319 attached [pid 319] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 319] memfd_create("syzkaller", 0) = 5 [pid 319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 319] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 319] munmap(0x7f9b9c005000, 138412032) = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.046317][ T316] loop0: detected capacity change from 0 to 256 [ 24.054799][ T316] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 24.065386][ T316] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 24.075803][ T316] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 319] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 319] close(5) = 0 [pid 319] close(6) = 0 [pid 319] mkdir("./file0", 0777) = 0 [pid 319] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 319] chdir("./file0") = 0 [pid 319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 319] ioctl(6, LOOP_CLR_FD) = 0 [pid 319] close(6) = 0 [pid 319] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 319] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] exit_group(0) = ? [pid 319] <... futex resumed>) = ? [pid 319] +++ exited with 0 +++ [pid 320] <... futex resumed>) = ? [pid 320] +++ exited with 0 +++ [pid 318] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=318, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/bus") = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 321 ./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x5555720a9760, 24) = 0 [pid 321] chdir("./7") = 0 [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 321] setpgid(0, 0) = 0 [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 321] write(3, "1000", 4) = 4 [pid 321] close(3) = 0 [pid 321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 321] write(1, "executing program\n", 18) = 18 [pid 321] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 321] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 321] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[322]}, 88) = 322 [pid 321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 321] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 321] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[323]}, 88) = 323 [pid 321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 321] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 323] creat("./bus", 000) = 3 [pid 323] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 323] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 323] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... futex resumed>) = 1 [pid 323] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 323] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 323] <... futex resumed>) = 1 [pid 323] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 322] memfd_create("syzkaller", 0) = 5 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 322] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 322] munmap(0x7f9b9c005000, 138412032) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.114227][ T319] loop0: detected capacity change from 0 to 256 [ 24.122167][ T319] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 24.132748][ T319] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 24.143468][ T319] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 322] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 322] close(5) = 0 [pid 322] close(6) = 0 [pid 322] mkdir("./file0", 0777) = 0 [pid 322] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 322] chdir("./file0") = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 322] ioctl(6, LOOP_CLR_FD) = 0 [pid 322] close(6) = 0 [pid 322] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 321] exit_group(0) = ? [pid 322] <... futex resumed>) = ? [pid 322] +++ exited with 0 +++ [pid 323] <... futex resumed>) = ? [pid 323] +++ exited with 0 +++ [pid 321] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/bus") = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 324 ./strace-static-x86_64: Process 324 attached [pid 324] set_robust_list(0x5555720a9760, 24) = 0 [pid 324] chdir("./8") = 0 [pid 324] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 324] setpgid(0, 0) = 0 [pid 324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 324] write(3, "1000", 4) = 4 [pid 324] close(3) = 0 [pid 324] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 324] write(1, "executing program\n", 18) = 18 [pid 324] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 324] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 324] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[325]}, 88) = 325 [pid 324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 324] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 324] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 324] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[326]}, 88) = 326 [pid 324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 324] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 326] creat("./bus", 000) = 3 [pid 326] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... futex resumed>) = 0 [pid 324] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... futex resumed>) = 1 [pid 326] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 326] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... futex resumed>) = 0 [pid 324] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... futex resumed>) = 1 [pid 326] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 326] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... futex resumed>) = 0 [pid 324] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 324] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... futex resumed>) = 1 [pid 326] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 326] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... futex resumed>) = 0 [pid 326] <... futex resumed>) = 1 [pid 326] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 325 attached [pid 325] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 325] memfd_create("syzkaller", 0) = 5 [pid 325] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 325] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 325] munmap(0x7f9b9c005000, 138412032) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.177306][ T322] loop0: detected capacity change from 0 to 256 [ 24.185623][ T322] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 24.196474][ T322] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 24.207055][ T322] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 325] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 325] close(5) = 0 [pid 325] close(6) = 0 [pid 325] mkdir("./file0", 0777) = 0 [pid 325] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 325] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 325] chdir("./file0") = 0 [pid 325] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 325] ioctl(6, LOOP_CLR_FD) = 0 [pid 325] close(6) = 0 [pid 325] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 324] exit_group(0 [pid 326] <... futex resumed>) = ? [pid 324] <... exit_group resumed>) = ? [pid 326] +++ exited with 0 +++ [pid 325] <... futex resumed>) = ? [pid 325] +++ exited with 0 +++ [pid 324] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=324, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/bus") = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 327 ./strace-static-x86_64: Process 327 attached [pid 327] set_robust_list(0x5555720a9760, 24) = 0 [pid 327] chdir("./9") = 0 [pid 327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] setpgid(0, 0) = 0 [pid 327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 327] write(3, "1000", 4) = 4 [pid 327] close(3) = 0 [pid 327] symlink("/dev/binderfs", "./binderfs") = 0 [pid 327] write(1, "executing program\n", 18) = 18 executing program [pid 327] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 327] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 327] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[328]}, 88) = 328 [pid 327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 327] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 327] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 327] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[329]}, 88) = 329 [pid 327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 327] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 329] creat("./bus", 000./strace-static-x86_64: Process 328 attached ) = 3 [pid 329] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 329] <... futex resumed>) = 1 [pid 329] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 329] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 329] <... futex resumed>) = 1 [pid 329] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 329] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 327] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 329] <... futex resumed>) = 1 [pid 329] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 329] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... futex resumed>) = 0 [pid 329] <... futex resumed>) = 1 [pid 329] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 328] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 328] memfd_create("syzkaller", 0) = 5 [pid 328] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 328] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 328] munmap(0x7f9b9c005000, 138412032) = 0 [pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.244677][ T325] loop0: detected capacity change from 0 to 256 [ 24.252968][ T325] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 24.263509][ T325] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 24.273709][ T325] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 328] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 328] close(5) = 0 [pid 328] close(6) = 0 [pid 328] mkdir("./file0", 0777) = 0 [ 24.310043][ T328] loop0: detected capacity change from 0 to 256 [ 24.328165][ T328] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 24.338925][ T328] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [pid 328] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 328] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 328] chdir("./file0") = 0 [pid 328] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 328] ioctl(6, LOOP_CLR_FD) = 0 [pid 328] close(6) = 0 [pid 328] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] exit_group(0) = ? [pid 328] <... futex resumed>) = ? [pid 328] +++ exited with 0 +++ [pid 329] <... futex resumed>) = ? [pid 329] +++ exited with 0 +++ [pid 327] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=327, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/bus") = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 330 ./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x5555720a9760, 24) = 0 [pid 330] chdir("./10") = 0 [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 330] setpgid(0, 0) = 0 [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 330] write(3, "1000", 4) = 4 [pid 330] close(3) = 0 [pid 330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 330] write(1, "executing program\n", 18) = 18 [pid 330] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 330] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 330] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 330] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 330] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[331]}, 88) = 331 [pid 330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 330] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 330] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 330] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 330] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[332]}, 88) = 332 [pid 330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 330] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 332 attached [pid 332] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 332] creat("./bus", 000) = 3 [pid 332] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 330] <... futex resumed>) = 0 [pid 330] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 332] <... futex resumed>) = 1 [pid 332] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 332] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 330] <... futex resumed>) = 0 [pid 330] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 332] <... futex resumed>) = 1 [pid 332] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 332] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 330] <... futex resumed>) = 0 [pid 330] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 332] <... futex resumed>) = 1 [pid 332] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 332] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 330] <... futex resumed>) = 0 [pid 332] <... futex resumed>) = 1 [pid 332] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 331 attached [pid 331] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 331] memfd_create("syzkaller", 0) = 5 [pid 331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 331] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 24.350012][ T328] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 331] munmap(0x7f9b9c005000, 138412032) = 0 [pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 331] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 331] close(5) = 0 [pid 331] close(6) = 0 [pid 331] mkdir("./file0", 0777) = 0 [pid 331] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 331] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 331] chdir("./file0") = 0 [pid 331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 331] ioctl(6, LOOP_CLR_FD) = 0 [pid 331] close(6) = 0 [pid 331] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 330] exit_group(0 [pid 332] <... futex resumed>) = ? [pid 330] <... exit_group resumed>) = ? [pid 332] +++ exited with 0 +++ [pid 331] <... futex resumed>) = ? [pid 331] +++ exited with 0 +++ [pid 330] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/bus") = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 333 ./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x5555720a9760, 24) = 0 [pid 333] chdir("./11") = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 333] write(1, "executing program\n", 18) = 18 [pid 333] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 333] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 333] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[334]}, 88) = 334 [pid 333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 333] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 333] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 333] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 333] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[335]}, 88) = 335 [pid 333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 333] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 335] creat("./bus", 000) = 3 [pid 335] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... futex resumed>) = 1 [pid 335] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 335] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... futex resumed>) = 1 [pid 335] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 335] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... futex resumed>) = 1 [pid 335] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 335] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = 1 [pid 335] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 334] memfd_create("syzkaller", 0) = 5 [pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 334] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 334] munmap(0x7f9b9c005000, 138412032) = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.385821][ T331] loop0: detected capacity change from 0 to 256 [ 24.393472][ T331] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 24.404163][ T331] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 24.414895][ T331] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 334] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 334] close(5) = 0 [pid 334] close(6) = 0 [pid 334] mkdir("./file0", 0777) = 0 [pid 334] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 334] chdir("./file0") = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 334] ioctl(6, LOOP_CLR_FD) = 0 [pid 334] close(6) = 0 [pid 334] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 333] exit_group(0) = ? [pid 334] <... futex resumed>) = ? [pid 334] +++ exited with 0 +++ [pid 335] <... futex resumed>) = ? [pid 335] +++ exited with 0 +++ [pid 333] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=333, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/bus") = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 336 ./strace-static-x86_64: Process 336 attached [pid 336] set_robust_list(0x5555720a9760, 24) = 0 [pid 336] chdir("./12") = 0 [pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 336] setpgid(0, 0) = 0 [pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 336] write(3, "1000", 4) = 4 [pid 336] close(3) = 0 [pid 336] symlink("/dev/binderfs", "./binderfs") = 0 [pid 336] write(1, "executing program\n", 18) = 18 [pid 336] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 336] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 336] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[337]}, 88) = 337 [pid 336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 336] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 336] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 336] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[338]}, 88) = 338 [pid 336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 336] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 338] creat("./bus", 000) = 3 [pid 338] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 336] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] <... futex resumed>) = 1 [pid 338] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 338] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 336] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] <... futex resumed>) = 1 [pid 338] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 338] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 336] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] <... futex resumed>) = 1 [pid 338] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 338] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 338] <... futex resumed>) = 1 [pid 338] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 337 attached [pid 337] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 337] memfd_create("syzkaller", 0) = 5 [pid 337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 337] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 337] munmap(0x7f9b9c005000, 138412032) = 0 [pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.451495][ T334] loop0: detected capacity change from 0 to 256 [ 24.459985][ T334] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 24.470473][ T334] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 24.481239][ T334] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 337] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 337] close(5) = 0 [pid 337] close(6) = 0 [pid 337] mkdir("./file0", 0777) = 0 [pid 337] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 337] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 337] chdir("./file0") = 0 [pid 337] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 337] ioctl(6, LOOP_CLR_FD) = 0 [pid 337] close(6) = 0 [pid 337] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 337] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 336] exit_group(0 [pid 338] <... futex resumed>) = ? [pid 336] <... exit_group resumed>) = ? [pid 338] +++ exited with 0 +++ [pid 337] <... futex resumed>) = ? [pid 337] +++ exited with 0 +++ [pid 336] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/bus") = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 339 ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x5555720a9760, 24) = 0 [pid 339] chdir("./13") = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 executing program [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 339] write(1, "executing program\n", 18) = 18 [pid 339] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 339] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[340]}, 88) = 340 [pid 339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 339] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 339] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[341]}, 88) = 341 [pid 339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 339] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 341] creat("./bus", 000) = 3 [pid 341] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 341] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 341] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 341] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 341] <... futex resumed>) = 1 [pid 341] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 340] memfd_create("syzkaller", 0) = 5 [pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 340] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 340] munmap(0x7f9b9c005000, 138412032) = 0 [pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.532170][ T337] loop0: detected capacity change from 0 to 256 [ 24.540883][ T337] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 24.552025][ T337] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 24.563731][ T337] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 340] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 340] close(5) = 0 [pid 340] close(6) = 0 [pid 340] mkdir("./file0", 0777) = 0 [pid 340] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 340] chdir("./file0") = 0 [pid 340] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 340] ioctl(6, LOOP_CLR_FD) = 0 [pid 340] close(6) = 0 [pid 340] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] exit_group(0) = ? [pid 340] <... futex resumed>) = ? [pid 340] +++ exited with 0 +++ [pid 341] <... futex resumed>) = ? [pid 341] +++ exited with 0 +++ [pid 339] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=339, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/bus") = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 342 ./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x5555720a9760, 24) = 0 [pid 342] chdir("./14") = 0 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 342] setpgid(0, 0) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 342] write(1, "executing program\n", 18) = 18 [pid 342] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 342] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 343 attached => {parent_tid=[343]}, 88) = 343 [pid 343] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 343] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 342] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 343] <... futex resumed>) = 0 [pid 342] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] memfd_create("syzkaller", 0 [pid 342] <... futex resumed>) = 0 [pid 342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 342] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 343] <... memfd_create resumed>) = 3 [pid 342] <... mprotect resumed>) = 0 [pid 343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 344 attached => {parent_tid=[344]}, 88) = 344 [pid 342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 344] set_robust_list(0x7f9ba44259a0, 24 [pid 343] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 342] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 344] <... set_robust_list resumed>) = 0 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 344] creat("./bus", 000 [pid 343] <... write resumed>) = 131072 [pid 343] munmap(0x7f9b9c005000, 138412032 [pid 344] <... creat resumed>) = 4 [pid 343] <... munmap resumed>) = 0 [pid 344] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 344] <... futex resumed>) = 1 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... openat resumed>) = 5 [pid 343] ioctl(5, LOOP_SET_FD, 3 [pid 344] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [ 24.605375][ T340] loop0: detected capacity change from 0 to 256 [ 24.614667][ T340] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 24.625177][ T340] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 24.635307][ T340] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 344] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 344] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 342] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 0 [pid 344] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 344] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 344] <... futex resumed>) = 1 [pid 344] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 344] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = 0 [pid 344] <... futex resumed>) = 1 [pid 344] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 343] <... ioctl resumed>) = 0 [pid 343] close(3) = 0 [pid 343] close(5) = 0 [pid 343] mkdir("./file0", 0777) = 0 [pid 343] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 343] chdir("./file0") = 0 [pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 343] ioctl(5, LOOP_CLR_FD) = 0 [pid 343] close(5) = 0 [pid 343] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 342] exit_group(0) = ? [pid 343] <... futex resumed>) = ? [pid 343] +++ exited with 0 +++ [pid 344] <... futex resumed>) = ? [pid 344] +++ exited with 0 +++ [pid 342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/bus") = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 345 ./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x5555720a9760, 24) = 0 [pid 345] chdir("./15") = 0 [pid 345] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 345] setpgid(0, 0) = 0 [pid 345] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 345] write(3, "1000", 4) = 4 [pid 345] close(3) = 0 [pid 345] symlink("/dev/binderfs", "./binderfs") = 0 [pid 345] write(1, "executing program\n", 18executing program ) = 18 [pid 345] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 345] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 345] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[346]}, 88) = 346 [pid 345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 345] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 345] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 345] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 345] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[347]}, 88) = 347 [pid 345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 345] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 346 attached [pid 346] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 346] memfd_create("syzkaller", 0) = 3 [pid 346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 346] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 346] munmap(0x7f9b9c005000, 138412032) = 0 [pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 346] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 347 attached [pid 347] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 24.673795][ T343] loop0: detected capacity change from 0 to 256 [ 24.681137][ T343] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 24.691659][ T343] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 24.702112][ T343] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 347] creat("./bus", 000) = 5 [pid 347] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... futex resumed>) = 1 [pid 347] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 347] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... futex resumed>) = 1 [pid 347] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 347] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 345] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 345] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 347] <... futex resumed>) = 1 [pid 347] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 347] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 345] <... futex resumed>) = 0 [pid 347] <... futex resumed>) = 1 [pid 347] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 346] <... ioctl resumed>) = 0 [pid 346] close(3) = 0 [pid 346] close(4) = 0 [pid 346] mkdir("./file0", 0777) = 0 [pid 346] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 346] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 346] chdir("./file0") = 0 [pid 346] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 346] ioctl(4, LOOP_CLR_FD) = 0 [pid 346] close(4) = 0 [pid 346] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 346] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 345] exit_group(0) = ? [pid 346] <... futex resumed>) = ? [pid 346] +++ exited with 0 +++ [pid 347] <... futex resumed>) = ? [pid 347] +++ exited with 0 +++ [pid 345] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=345, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/bus") = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 349 ./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x5555720a9760, 24) = 0 [pid 349] chdir("./16") = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 349] write(1, "executing program\n", 18) = 18 [pid 349] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 349] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[350]}, 88) = 350 [pid 349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 349] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 349] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[351]}, 88) = 351 [pid 349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 349] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 351 attached [pid 351] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 351] creat("./bus", 000) = 3 [pid 351] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 351] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 351] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 351] <... futex resumed>) = 1 [pid 351] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 351] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 351] <... futex resumed>) = 1 [pid 351] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 350] memfd_create("syzkaller", 0) = 5 [pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 350] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 350] munmap(0x7f9b9c005000, 138412032) = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.742981][ T346] loop0: detected capacity change from 0 to 256 [ 24.751837][ T346] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 24.762398][ T346] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 24.773637][ T346] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 350] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 350] close(5) = 0 [pid 350] close(6) = 0 [pid 350] mkdir("./file0", 0777) = 0 [pid 350] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 350] chdir("./file0") = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 350] ioctl(6, LOOP_CLR_FD) = 0 [pid 350] close(6) = 0 [pid 350] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 349] exit_group(0 [pid 351] <... futex resumed>) = ? [pid 349] <... exit_group resumed>) = ? [pid 351] +++ exited with 0 +++ [pid 350] <... futex resumed>) = ? [pid 350] +++ exited with 0 +++ [pid 349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/bus") = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 352 ./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x5555720a9760, 24) = 0 [pid 352] chdir("./17") = 0 [pid 352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 352] setpgid(0, 0) = 0 [pid 352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 352] write(3, "1000", 4) = 4 [pid 352] close(3) = 0 [pid 352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 352] write(1, "executing program\n", 18) = 18 [pid 352] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 352] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 352] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 352] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[353]}, 88) = 353 [pid 352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 352] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 352] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 352] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[354]}, 88) = 354 [pid 352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 352] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 354 attached [pid 354] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 354] creat("./bus", 000) = 3 [pid 354] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... futex resumed>) = 0 [pid 352] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 354] <... futex resumed>) = 1 [pid 354] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 354] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... futex resumed>) = 0 [pid 352] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 354] <... futex resumed>) = 1 [pid 354] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 354] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... futex resumed>) = 0 [pid 352] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 354] <... futex resumed>) = 1 [pid 354] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 354] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... futex resumed>) = 0 [pid 354] <... futex resumed>) = 1 [pid 354] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 353 attached [pid 353] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 353] memfd_create("syzkaller", 0) = 5 [pid 353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 353] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 353] munmap(0x7f9b9c005000, 138412032) = 0 [pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.814542][ T350] loop0: detected capacity change from 0 to 256 [ 24.823882][ T350] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 24.834427][ T350] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 24.845028][ T350] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 353] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 353] close(5) = 0 [pid 353] close(6) = 0 [pid 353] mkdir("./file0", 0777) = 0 [pid 353] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 353] chdir("./file0") = 0 [pid 353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 353] ioctl(6, LOOP_CLR_FD) = 0 [pid 353] close(6) = 0 [pid 353] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 353] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 352] exit_group(0) = ? [pid 353] <... futex resumed>) = ? [pid 353] +++ exited with 0 +++ [pid 354] <... futex resumed>) = ? [pid 354] +++ exited with 0 +++ [pid 352] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=352, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/bus") = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 355 ./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x5555720a9760, 24) = 0 [pid 355] chdir("./18") = 0 [pid 355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 355] setpgid(0, 0) = 0 [pid 355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 355] write(3, "1000", 4) = 4 [pid 355] close(3) = 0 [pid 355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 355] write(1, "executing program\n", 18) = 18 [pid 355] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 355] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 356 attached => {parent_tid=[356]}, 88) = 356 [pid 355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 355] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 355] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[357]}, 88) = 357 [pid 355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 355] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 356] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 356] memfd_create("syzkaller", 0) = 3 [pid 356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 ./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 356] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 357] creat("./bus", 000) = 4 [pid 357] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 357] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 357] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 355] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 357] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 357] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 356] <... write resumed>) = 131072 [pid 356] munmap(0x7f9b9c005000, 138412032) = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.882671][ T353] loop0: detected capacity change from 0 to 256 [ 24.891682][ T353] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 24.902187][ T353] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 24.913146][ T353] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 356] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 356] close(3) = 0 [pid 356] close(6) = 0 [pid 356] mkdir("./file0", 0777) = 0 [pid 356] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 356] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 356] chdir("./file0") = 0 [pid 356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 356] ioctl(6, LOOP_CLR_FD) = 0 [pid 356] close(6) = 0 [pid 356] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] exit_group(0) = ? [pid 356] <... futex resumed>) = ? [pid 356] +++ exited with 0 +++ [pid 357] <... futex resumed>) = ? [pid 357] +++ exited with 0 +++ [pid 355] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=355, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/bus") = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 358 ./strace-static-x86_64: Process 358 attached [pid 358] set_robust_list(0x5555720a9760, 24) = 0 [pid 358] chdir("./19") = 0 [pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 358] setpgid(0, 0) = 0 [pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 358] write(3, "1000", 4) = 4 [pid 358] close(3) = 0 [pid 358] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 358] write(1, "executing program\n", 18) = 18 [pid 358] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 358] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 358] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 358] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 358] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[359]}, 88) = 359 [pid 358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 358] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 358] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 358] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 358] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[360]}, 88) = 360 [pid 358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 358] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 360 attached [pid 360] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 360] creat("./bus", 000) = 3 [pid 360] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 360] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 360] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 360] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 360] <... futex resumed>) = 1 [pid 360] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 359] memfd_create("syzkaller", 0) = 5 [pid 359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 359] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 359] munmap(0x7f9b9c005000, 138412032) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 24.959755][ T356] loop0: detected capacity change from 0 to 256 [ 24.969474][ T356] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 24.980249][ T356] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 24.990897][ T356] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 359] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 359] close(5) = 0 [pid 359] close(6) = 0 [pid 359] mkdir("./file0", 0777) = 0 [pid 359] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 359] chdir("./file0") = 0 [pid 359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 359] ioctl(6, LOOP_CLR_FD) = 0 [pid 359] close(6) = 0 [pid 359] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 359] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 358] exit_group(0) = ? [pid 359] <... futex resumed>) = ? [pid 359] +++ exited with 0 +++ [pid 360] <... futex resumed>) = ? [pid 360] +++ exited with 0 +++ [pid 358] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=358, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/bus") = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 361 ./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x5555720a9760, 24) = 0 [pid 361] chdir("./20") = 0 [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 361] setpgid(0, 0) = 0 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 361] write(3, "1000", 4) = 4 [pid 361] close(3) = 0 [pid 361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 361] write(1, "executing program\n", 18) = 18 [pid 361] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 361] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[362]}, 88) = 362 [pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 361] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 361] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[363]}, 88) = 363 [pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 361] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 363] creat("./bus", 000) = 3 [pid 363] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] <... futex resumed>) = 1 [pid 363] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 363] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] <... futex resumed>) = 1 [pid 363] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 363] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] <... futex resumed>) = 1 [pid 363] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 363] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] <... futex resumed>) = 0 [pid 363] <... futex resumed>) = 1 [pid 363] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 362] memfd_create("syzkaller", 0) = 5 [pid 362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 25.027875][ T359] loop0: detected capacity change from 0 to 256 [ 25.036442][ T359] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 25.047053][ T359] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 25.057505][ T359] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 362] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 362] munmap(0x7f9b9c005000, 138412032) = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 362] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 362] close(5) = 0 [pid 362] close(6) = 0 [pid 362] mkdir("./file0", 0777) = 0 [pid 362] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 362] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 362] chdir("./file0") = 0 [pid 362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 362] ioctl(6, LOOP_CLR_FD) = 0 [pid 362] close(6) = 0 [pid 362] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] exit_group(0) = ? [pid 362] <... futex resumed>) = ? [pid 362] +++ exited with 0 +++ [pid 363] <... futex resumed>) = ? [pid 363] +++ exited with 0 +++ [pid 361] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=361, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/bus") = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 364 ./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x5555720a9760, 24) = 0 [pid 364] chdir("./21") = 0 [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 364] setpgid(0, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 364] write(3, "1000", 4) = 4 [pid 364] close(3) = 0 [pid 364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 364] write(1, "executing program\n", 18) = 18 [pid 364] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 364] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 364] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 364] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 364] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[365]}, 88) = 365 [pid 364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 364] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 364] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 364] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 364] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[366]}, 88) = 366 [pid 364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 364] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 366] creat("./bus", 000) = 3 [pid 366] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 1 [pid 366] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 366] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 1 [pid 366] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 366] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] <... futex resumed>) = 0 [pid 364] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 1 [pid 366] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 366] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] <... futex resumed>) = 0 [pid 366] <... futex resumed>) = 1 [pid 366] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 365] memfd_create("syzkaller", 0) = 5 [pid 365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 365] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 365] munmap(0x7f9b9c005000, 138412032) = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.095581][ T362] loop0: detected capacity change from 0 to 256 [ 25.103438][ T362] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 25.114114][ T362] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 25.124627][ T362] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 365] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 365] close(5) = 0 [pid 365] close(6) = 0 [pid 365] mkdir("./file0", 0777) = 0 [pid 365] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 365] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 365] chdir("./file0") = 0 [pid 365] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 365] ioctl(6, LOOP_CLR_FD) = 0 [pid 365] close(6) = 0 [pid 365] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 364] exit_group(0 [pid 366] <... futex resumed>) = ? [pid 364] <... exit_group resumed>) = ? [pid 366] +++ exited with 0 +++ [pid 365] <... futex resumed>) = ? [pid 365] +++ exited with 0 +++ [pid 364] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=364, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/bus") = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x5555720a9760, 24) = 0 [pid 367] chdir("./22") = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 367] write(1, "executing program\n", 18executing program ) = 18 [pid 367] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 367] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[368]}, 88) = 368 [pid 367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 367] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 367] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[369]}, 88) = 369 [pid 367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 367] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 369] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 368 attached NULL, 8) = 0 [pid 369] creat("./bus", 000 [pid 368] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 368] rt_sigprocmask(SIG_SETMASK, [], [pid 369] <... creat resumed>) = 3 [pid 368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 369] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 368] memfd_create("syzkaller", 0) = 4 [pid 367] <... futex resumed>) = 0 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 367] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] <... futex resumed>) = 0 [pid 369] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 369] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 369] <... futex resumed>) = 0 [pid 367] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 369] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 369] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 369] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 367] <... futex resumed>) = 0 [pid 369] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 368] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 368] munmap(0x7f9b9c005000, 138412032) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.161978][ T365] loop0: detected capacity change from 0 to 256 [ 25.169592][ T365] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 25.180164][ T365] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 25.191128][ T365] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 368] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 368] close(4) = 0 [pid 368] close(6) = 0 [pid 368] mkdir("./file0", 0777) = 0 [pid 368] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 368] chdir("./file0") = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 368] ioctl(6, LOOP_CLR_FD) = 0 [pid 368] close(6) = 0 [pid 368] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] exit_group(0) = ? [pid 368] <... futex resumed>) = ? [pid 368] +++ exited with 0 +++ [pid 369] <... futex resumed>) = ? [pid 369] +++ exited with 0 +++ [pid 367] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/bus") = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 370 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x5555720a9760, 24) = 0 [pid 370] chdir("./23") = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 370] write(1, "executing program\n", 18) = 18 [pid 370] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 370] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 370] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[371]}, 88) = 371 [pid 370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 370] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 370] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[372]}, 88) = 372 [pid 370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 370] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 372] creat("./bus", 000) = 3 [pid 372] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... futex resumed>) = 1 [pid 372] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 372] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... futex resumed>) = 1 [pid 372] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 372] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... futex resumed>) = 1 [pid 372] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 372] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = 0 [pid 372] <... futex resumed>) = 1 [pid 372] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 371] memfd_create("syzkaller", 0) = 5 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 371] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 371] munmap(0x7f9b9c005000, 138412032) = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.233780][ T368] loop0: detected capacity change from 0 to 256 [ 25.243024][ T368] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 25.253580][ T368] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 25.264055][ T368] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 371] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 371] close(5) = 0 [pid 371] close(6) = 0 [pid 371] mkdir("./file0", 0777) = 0 [pid 371] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 371] chdir("./file0") = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 371] ioctl(6, LOOP_CLR_FD) = 0 [pid 371] close(6) = 0 [pid 371] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] exit_group(0 [pid 372] <... futex resumed>) = ? [pid 370] <... exit_group resumed>) = ? [pid 372] +++ exited with 0 +++ [pid 371] <... futex resumed>) = ? [pid 371] +++ exited with 0 +++ [pid 370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/bus") = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 373 ./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x5555720a9760, 24) = 0 [pid 373] chdir("./24") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 373] setpgid(0, 0) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 373] write(1, "executing program\n", 18executing program ) = 18 [pid 373] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 373] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 374 attached => {parent_tid=[374]}, 88) = 374 [pid 373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 373] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 373] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] rt_sigprocmask(SIG_BLOCK, ~[], [pid 374] set_robust_list(0x7f9ba44469a0, 24 [pid 373] <... rt_sigprocmask resumed>[], 8) = 0 [pid 373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 375 attached [pid 374] <... set_robust_list resumed>) = 0 [pid 373] <... clone3 resumed> => {parent_tid=[375]}, 88) = 375 [pid 373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 373] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] set_robust_list(0x7f9ba44259a0, 24 [pid 374] rt_sigprocmask(SIG_SETMASK, [], [pid 375] <... set_robust_list resumed>) = 0 [pid 375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 375] creat("./bus", 000 [pid 374] memfd_create("syzkaller", 0 [pid 375] <... creat resumed>) = 3 [pid 374] <... memfd_create resumed>) = 4 [pid 375] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 375] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 374] <... mmap resumed>) = 0x7f9b9c005000 [pid 375] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 375] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 375] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 374] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 374] munmap(0x7f9b9c005000, 138412032) = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.300532][ T371] loop0: detected capacity change from 0 to 256 [ 25.308294][ T371] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 25.318848][ T371] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 25.328946][ T371] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 374] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 374] close(4) = 0 [pid 374] close(6) = 0 [pid 374] mkdir("./file0", 0777) = 0 [pid 374] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 374] chdir("./file0") = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 374] ioctl(6, LOOP_CLR_FD) = 0 [pid 374] close(6) = 0 [pid 374] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] exit_group(0 [pid 375] <... futex resumed>) = ? [pid 373] <... exit_group resumed>) = ? [pid 375] +++ exited with 0 +++ [pid 374] <... futex resumed>) = ? [pid 374] +++ exited with 0 +++ [pid 373] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/bus") = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 376 ./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x5555720a9760, 24) = 0 [pid 376] chdir("./25") = 0 [pid 376] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 376] setpgid(0, 0) = 0 [pid 376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 376] write(3, "1000", 4) = 4 [pid 376] close(3) = 0 [pid 376] symlink("/dev/binderfs", "./binderfs") = 0 [pid 376] write(1, "executing program\n", 18) = 18 [pid 376] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 376] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 376] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[377]}, 88) = 377 [pid 376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 376] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 376] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 376] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[378]}, 88) = 378 [pid 376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 376] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 378] creat("./bus", 000) = 3 [pid 378] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 1 [pid 378] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 378] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 1 [pid 378] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 378] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = 0 [pid 376] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 1 [pid 378] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 378] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = 0 [pid 378] <... futex resumed>) = 1 [pid 378] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 377] memfd_create("syzkaller", 0) = 5 [pid 377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 377] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 377] munmap(0x7f9b9c005000, 138412032) = 0 [pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.366395][ T374] loop0: detected capacity change from 0 to 256 [ 25.374888][ T374] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 25.385584][ T374] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 25.396096][ T374] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 377] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 377] close(5) = 0 [pid 377] close(6) = 0 [pid 377] mkdir("./file0", 0777) = 0 [pid 377] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 377] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 377] chdir("./file0") = 0 [pid 377] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 377] ioctl(6, LOOP_CLR_FD) = 0 [pid 377] close(6) = 0 [pid 377] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 376] exit_group(0 [pid 378] <... futex resumed>) = ? [pid 376] <... exit_group resumed>) = ? [pid 378] +++ exited with 0 +++ [pid 377] +++ exited with 0 +++ [pid 376] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=376, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/bus") = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 379 ./strace-static-x86_64: Process 379 attached [pid 379] set_robust_list(0x5555720a9760, 24) = 0 [pid 379] chdir("./26") = 0 [pid 379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 379] setpgid(0, 0) = 0 [pid 379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 379] write(3, "1000", 4) = 4 [pid 379] close(3) = 0 [pid 379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 379] write(1, "executing program\n", 18executing program ) = 18 [pid 379] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 379] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[380]}, 88) = 380 [pid 379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 379] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 379] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 380 attached ) = 0 [pid 379] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[381]}, 88) = 381 [pid 379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 379] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 381 attached [pid 380] set_robust_list(0x7f9ba44469a0, 24 [pid 381] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 381] creat("./bus", 000 [pid 380] <... set_robust_list resumed>) = 0 [pid 380] rt_sigprocmask(SIG_SETMASK, [], [pid 381] <... creat resumed>) = 3 [pid 381] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 381] <... mount resumed>) = 0 [pid 381] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 381] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 379] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 379] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 381] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 379] <... futex resumed>) = 0 [pid 381] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] memfd_create("syzkaller", 0) = 5 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 380] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 380] munmap(0x7f9b9c005000, 138412032) = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.437947][ T377] loop0: detected capacity change from 0 to 256 [ 25.445611][ T377] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 25.456510][ T377] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 25.467211][ T377] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 380] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 380] close(5) = 0 [pid 380] close(6) = 0 [pid 380] mkdir("./file0", 0777) = 0 [pid 380] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 380] chdir("./file0") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 380] ioctl(6, LOOP_CLR_FD) = 0 [pid 380] close(6) = 0 [pid 380] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 379] exit_group(0 [pid 381] <... futex resumed>) = ? [pid 381] +++ exited with 0 +++ [pid 379] <... exit_group resumed>) = ? [pid 380] <... futex resumed>) = ? [pid 380] +++ exited with 0 +++ [pid 379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=379, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/bus") = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 382 ./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x5555720a9760, 24) = 0 [pid 382] chdir("./27") = 0 [pid 382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 382] setpgid(0, 0) = 0 [pid 382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 382] write(3, "1000", 4) = 4 [pid 382] close(3) = 0 [pid 382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 382] write(1, "executing program\n", 18) = 18 [pid 382] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 382] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 382] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[383]}, 88) = 383 [pid 382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 382] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 382] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[384]}, 88) = 384 [pid 382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 382] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 384] creat("./bus", 000) = 3 [pid 384] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] <... futex resumed>) = 1 [pid 384] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 384] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] <... futex resumed>) = 1 [pid 384] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 384] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 382] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] <... futex resumed>) = 1 [pid 384] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 384] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = 0 [pid 384] <... futex resumed>) = 1 [pid 384] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 383 attached [pid 383] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 383] memfd_create("syzkaller", 0) = 5 [pid 383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 383] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 383] munmap(0x7f9b9c005000, 138412032) = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.509137][ T380] loop0: detected capacity change from 0 to 256 [ 25.517587][ T380] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 25.528300][ T380] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 25.538850][ T380] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 383] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 383] close(5) = 0 [pid 383] close(6) = 0 [pid 383] mkdir("./file0", 0777) = 0 [pid 383] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 383] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 383] chdir("./file0") = 0 [pid 383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 383] ioctl(6, LOOP_CLR_FD) = 0 [pid 383] close(6) = 0 [pid 383] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 383] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 382] exit_group(0) = ? [pid 383] <... futex resumed>) = ? [pid 383] +++ exited with 0 +++ [pid 384] <... futex resumed>) = ? [pid 384] +++ exited with 0 +++ [pid 382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=382, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/bus") = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 385 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x5555720a9760, 24) = 0 [pid 385] chdir("./28") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] write(1, "executing program\n", 18) = 18 [pid 385] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 385] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[386]}, 88) = 386 [pid 385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 385] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 385] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[387]}, 88) = 387 [pid 385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 385] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 387 attached [pid 387] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 387] creat("./bus", 000) = 3 [pid 387] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 387] <... futex resumed>) = 1 [pid 387] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 387] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 387] <... futex resumed>) = 1 [pid 387] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 387] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 387] <... futex resumed>) = 1 [pid 387] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 387] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 387] <... futex resumed>) = 1 [pid 387] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 386 attached [pid 386] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 386] memfd_create("syzkaller", 0) = 5 [pid 386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 386] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 386] munmap(0x7f9b9c005000, 138412032) = 0 [pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.573537][ T383] loop0: detected capacity change from 0 to 256 [ 25.581509][ T383] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 25.592130][ T383] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 25.602544][ T383] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 386] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 386] close(5) = 0 [pid 386] close(6) = 0 [pid 386] mkdir("./file0", 0777) = 0 [pid 386] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 386] chdir("./file0") = 0 [pid 386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 386] ioctl(6, LOOP_CLR_FD) = 0 [pid 386] close(6) = 0 [pid 386] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 386] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 385] exit_group(0 [pid 387] <... futex resumed>) = ? [pid 385] <... exit_group resumed>) = ? [pid 387] +++ exited with 0 +++ [pid 386] <... futex resumed>) = ? [pid 386] +++ exited with 0 +++ [pid 385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=385, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/bus") = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 388 ./strace-static-x86_64: Process 388 attached [pid 388] set_robust_list(0x5555720a9760, 24) = 0 [pid 388] chdir("./29") = 0 [pid 388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 388] setpgid(0, 0) = 0 [pid 388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 388] write(3, "1000", 4) = 4 [pid 388] close(3) = 0 [pid 388] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 388] write(1, "executing program\n", 18) = 18 [pid 388] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 388] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 388] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 388] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[389]}, 88) = 389 [pid 388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 388] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 388] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 388] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 388] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[390]}, 88) = 390 [pid 388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 388] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 390] creat("./bus", 000) = 3 [pid 390] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... futex resumed>) = 0 [pid 388] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = 1 [pid 390] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 390] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... futex resumed>) = 0 [pid 388] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = 1 [pid 390] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 390] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... futex resumed>) = 0 [pid 388] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] <... futex resumed>) = 1 [pid 390] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 390] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 388] <... futex resumed>) = 0 [pid 390] <... futex resumed>) = 1 [pid 390] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 389 attached [pid 389] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 389] memfd_create("syzkaller", 0) = 5 [pid 389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 389] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 389] munmap(0x7f9b9c005000, 138412032) = 0 [pid 389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.637095][ T386] loop0: detected capacity change from 0 to 256 [ 25.645617][ T386] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 25.656451][ T386] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 25.667205][ T386] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 389] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 389] close(5) = 0 [pid 389] close(6) = 0 [pid 389] mkdir("./file0", 0777) = 0 [pid 389] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 389] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 389] chdir("./file0") = 0 [pid 389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 389] ioctl(6, LOOP_CLR_FD) = 0 [pid 389] close(6) = 0 [pid 389] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 388] exit_group(0 [pid 390] <... futex resumed>) = ? [pid 388] <... exit_group resumed>) = ? [pid 390] +++ exited with 0 +++ [pid 389] <... futex resumed>) = ? [pid 389] +++ exited with 0 +++ [pid 388] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=388, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/bus") = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program ) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 391 ./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x5555720a9760, 24) = 0 [pid 391] chdir("./30") = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] write(1, "executing program\n", 18) = 18 [pid 391] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 391] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[392]}, 88) = 392 [pid 391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 391] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 391] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[393]}, 88) = 393 [pid 391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 391] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 393 attached [pid 393] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 393] creat("./bus", 000) = 3 [pid 393] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = 1 [pid 393] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 393] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = 1 [pid 393] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 393] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = 1 [pid 393] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 393] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 393] <... futex resumed>) = 1 [pid 393] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 392] memfd_create("syzkaller", 0) = 5 [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 392] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 392] munmap(0x7f9b9c005000, 138412032) = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.707609][ T389] loop0: detected capacity change from 0 to 256 [ 25.715958][ T389] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 25.726462][ T389] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 25.736929][ T389] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 392] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 392] close(5) = 0 [pid 392] close(6) = 0 [pid 392] mkdir("./file0", 0777) = 0 [pid 392] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 392] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 392] chdir("./file0") = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 392] ioctl(6, LOOP_CLR_FD) = 0 [pid 392] close(6) = 0 [pid 392] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] exit_group(0) = ? [pid 392] <... futex resumed>) = ? [pid 392] +++ exited with 0 +++ [pid 393] <... futex resumed>) = ? [pid 393] +++ exited with 0 +++ [pid 391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=391, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/bus") = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 395 ./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x5555720a9760, 24) = 0 [pid 395] chdir("./31") = 0 [pid 395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 395] setpgid(0, 0) = 0 [pid 395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 395] write(3, "1000", 4) = 4 [pid 395] close(3) = 0 [pid 395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 395] write(1, "executing program\n", 18executing program ) = 18 [pid 395] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 395] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 395] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 396 attached => {parent_tid=[396]}, 88) = 396 [pid 396] set_robust_list(0x7f9ba44469a0, 24 [pid 395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 395] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 395] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 396] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 397 attached [pid 396] rt_sigprocmask(SIG_SETMASK, [], [pid 397] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 395] <... clone3 resumed> => {parent_tid=[397]}, 88) = 397 [pid 396] memfd_create("syzkaller", 0) = 3 [pid 395] rt_sigprocmask(SIG_SETMASK, [], [pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 395] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 395] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] <... futex resumed>) = 0 [pid 397] creat("./bus", 000) = 4 [pid 397] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 397] <... futex resumed>) = 1 [pid 397] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 395] <... futex resumed>) = 0 [pid 395] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... write resumed>) = 131072 [pid 395] <... futex resumed>) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 396] munmap(0x7f9b9c005000, 138412032 [pid 397] <... mount resumed>) = 0 [pid 395] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 397] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 397] <... futex resumed>) = 0 [pid 396] <... munmap resumed>) = 0 [pid 395] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 397] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.774665][ T392] loop0: detected capacity change from 0 to 256 [ 25.782652][ T392] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 25.793237][ T392] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 25.804158][ T392] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 396] ioctl(6, LOOP_SET_FD, 3 [pid 397] <... futex resumed>) = 0 [pid 395] <... futex resumed>) = 1 [pid 397] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 395] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 395] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 397] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 395] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] <... ioctl resumed>) = 0 [pid 396] close(3) = 0 [pid 396] close(6) = 0 [pid 396] mkdir("./file0", 0777) = 0 [pid 396] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 396] chdir("./file0") = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 396] ioctl(6, LOOP_CLR_FD) = 0 [pid 396] close(6) = 0 [pid 396] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] exit_group(0 [pid 397] <... futex resumed>) = ? [pid 395] <... exit_group resumed>) = ? [pid 397] +++ exited with 0 +++ [pid 396] <... futex resumed>) = ? [pid 396] +++ exited with 0 +++ [pid 395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=395, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/bus") = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 398 ./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x5555720a9760, 24) = 0 [pid 398] chdir("./32") = 0 [pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 398] setpgid(0, 0) = 0 [pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 398] write(3, "1000", 4) = 4 [pid 398] close(3) = 0 [pid 398] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 398] write(1, "executing program\n", 18) = 18 [pid 398] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 398] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 398] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[399]}, 88) = 399 [pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 398] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 398] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[400]}, 88) = 400 [pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 398] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 400] creat("./bus", 000) = 3 [pid 400] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... futex resumed>) = 1 [pid 400] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 400] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... futex resumed>) = 1 [pid 400] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000./strace-static-x86_64: Process 399 attached ) = 4 [pid 400] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... futex resumed>) = 1 [pid 400] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 399] set_robust_list(0x7f9ba44469a0, 24 [pid 400] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 400] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 399] <... set_robust_list resumed>) = 0 [pid 400] <... futex resumed>) = 1 [pid 399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 400] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] memfd_create("syzkaller", 0) = 5 [pid 399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 399] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 399] munmap(0x7f9b9c005000, 138412032) = 0 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.847269][ T396] loop0: detected capacity change from 0 to 256 [ 25.855385][ T396] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 25.866536][ T396] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 25.877010][ T396] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 399] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 399] close(5) = 0 [pid 399] close(6) = 0 [pid 399] mkdir("./file0", 0777) = 0 [pid 399] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 399] chdir("./file0") = 0 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 399] ioctl(6, LOOP_CLR_FD) = 0 [pid 399] close(6) = 0 [pid 399] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] exit_group(0) = ? [pid 400] <... futex resumed>) = ? [pid 399] <... futex resumed>) = ? [pid 399] +++ exited with 0 +++ [pid 400] +++ exited with 0 +++ [pid 398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=398, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/bus") = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 401 ./strace-static-x86_64: Process 401 attached [pid 401] set_robust_list(0x5555720a9760, 24) = 0 [pid 401] chdir("./33") = 0 [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 401] setpgid(0, 0) = 0 executing program [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 401] write(3, "1000", 4) = 4 [pid 401] close(3) = 0 [pid 401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 401] write(1, "executing program\n", 18) = 18 [pid 401] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 401] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[402]}, 88) = 402 [pid 401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 401] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 401] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[403]}, 88) = 403 [pid 401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 401] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 403 attached [pid 403] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 403] creat("./bus", 000) = 3 [pid 403] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... futex resumed>) = 1 [pid 403] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 403] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... futex resumed>) = 1 [pid 403] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 403] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] <... futex resumed>) = 1 [pid 403] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 403] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 403] <... futex resumed>) = 1 [pid 403] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 402 attached [pid 402] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 402] memfd_create("syzkaller", 0) = 5 [pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 402] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 402] munmap(0x7f9b9c005000, 138412032) = 0 [pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 25.917890][ T399] loop0: detected capacity change from 0 to 256 [ 25.925812][ T399] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 25.936458][ T399] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 25.946291][ T399] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 402] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 402] close(5) = 0 [pid 402] close(6) = 0 [pid 402] mkdir("./file0", 0777) = 0 [pid 402] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 402] chdir("./file0") = 0 [pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 402] ioctl(6, LOOP_CLR_FD) = 0 [pid 402] close(6) = 0 [pid 402] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 401] exit_group(0 [pid 403] <... futex resumed>) = ? [pid 401] <... exit_group resumed>) = ? [pid 403] +++ exited with 0 +++ [pid 402] <... futex resumed>) = ? [pid 402] +++ exited with 0 +++ [pid 401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=401, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/bus") = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 404 ./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x5555720a9760, 24) = 0 [pid 404] chdir("./34") = 0 [pid 404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 404] setpgid(0, 0) = 0 [pid 404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 404] write(3, "1000", 4) = 4 [pid 404] close(3) = 0 [pid 404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 404] write(1, "executing program\n", 18) = 18 [pid 404] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 404] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 404] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[405]}, 88) = 405 [pid 404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 404] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 404] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[406]}, 88) = 406 [pid 404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 404] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 406 attached [pid 406] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 406] creat("./bus", 000) = 3 [pid 406] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 404] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 406] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 406] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 404] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 406] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 406] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 404] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 404] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 406] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 406] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = 0 [pid 406] <... futex resumed>) = 1 [pid 406] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 405] memfd_create("syzkaller", 0) = 5 [pid 405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 405] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 25.984567][ T402] loop0: detected capacity change from 0 to 256 [ 25.992165][ T402] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.002724][ T402] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 26.013540][ T402] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 405] munmap(0x7f9b9c005000, 138412032) = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 405] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 405] close(5) = 0 [pid 405] close(6) = 0 [pid 405] mkdir("./file0", 0777) = 0 [pid 405] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 405] chdir("./file0") = 0 [pid 405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 405] ioctl(6, LOOP_CLR_FD) = 0 [pid 405] close(6) = 0 [pid 405] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] exit_group(0 [pid 406] <... futex resumed>) = ? [pid 404] <... exit_group resumed>) = ? [pid 406] +++ exited with 0 +++ [pid 405] <... futex resumed>) = ? [pid 405] +++ exited with 0 +++ [pid 404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=404, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/bus") = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 407 ./strace-static-x86_64: Process 407 attached [pid 407] set_robust_list(0x5555720a9760, 24) = 0 executing program [pid 407] chdir("./35") = 0 [pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 407] setpgid(0, 0) = 0 [pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 407] write(3, "1000", 4) = 4 [pid 407] close(3) = 0 [pid 407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 407] write(1, "executing program\n", 18) = 18 [pid 407] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 407] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[408]}, 88) = 408 [pid 407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 407] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 407] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[409]}, 88) = 409 [pid 407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 407] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 409] creat("./bus", 000) = 3 [pid 409] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 409] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 409] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 409] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 409] <... futex resumed>) = 1 [pid 409] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 408] memfd_create("syzkaller", 0) = 5 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 408] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 408] munmap(0x7f9b9c005000, 138412032) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.053038][ T405] loop0: detected capacity change from 0 to 256 [ 26.060842][ T405] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.072014][ T405] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 26.082475][ T405] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 408] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 408] close(5) = 0 [pid 408] close(6) = 0 [pid 408] mkdir("./file0", 0777) = 0 [pid 408] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 408] chdir("./file0") = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 408] ioctl(6, LOOP_CLR_FD) = 0 [pid 408] close(6) = 0 [pid 408] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] exit_group(0) = ? [pid 408] <... futex resumed>) = ? [pid 408] +++ exited with 0 +++ [pid 409] <... futex resumed>) = ? [pid 409] +++ exited with 0 +++ [pid 407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=407, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/bus") = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 410 ./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x5555720a9760, 24) = 0 [pid 410] chdir("./36") = 0 [pid 410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 410] setpgid(0, 0) = 0 [pid 410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 410] write(3, "1000", 4) = 4 [pid 410] close(3) = 0 [pid 410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 410] write(1, "executing program\n", 18) = 18 [pid 410] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 410] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 410] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[411]}, 88) = 411 [pid 410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 410] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 411 attached [pid 411] set_robust_list(0x7f9ba44469a0, 24 [pid 410] <... futex resumed>) = 0 [pid 411] <... set_robust_list resumed>) = 0 [pid 410] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 410] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[412]}, 88) = 412 [pid 411] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 412 attached [pid 412] set_robust_list(0x7f9ba44259a0, 24 [pid 411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 410] rt_sigprocmask(SIG_SETMASK, [], [pid 412] <... set_robust_list resumed>) = 0 [pid 411] memfd_create("syzkaller", 0 [pid 410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 410] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 412] creat("./bus", 000 [pid 411] <... memfd_create resumed>) = 4 [pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 412] <... creat resumed>) = 3 [pid 411] <... mmap resumed>) = 0x7f9b9c005000 [pid 412] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 411] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 412] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 411] <... write resumed>) = 131072 [pid 410] <... futex resumed>) = 0 [pid 412] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 410] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] munmap(0x7f9b9c005000, 138412032 [pid 412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 412] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 411] <... munmap resumed>) = 0 [pid 412] <... open resumed>) = 5 [pid 412] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 412] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 411] ioctl(6, LOOP_SET_FD, 4 [pid 410] <... futex resumed>) = 0 [pid 410] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 26.118765][ T408] loop0: detected capacity change from 0 to 256 [ 26.126349][ T408] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.137146][ T408] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 26.147789][ T408] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 410] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 412] <... futex resumed>) = 0 [pid 412] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 412] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 410] <... futex resumed>) = 0 [pid 412] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] <... ioctl resumed>) = 0 [pid 411] close(4) = 0 [pid 411] close(6) = 0 [pid 411] mkdir("./file0", 0777) = 0 [pid 411] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 411] chdir("./file0") = 0 [pid 411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 411] ioctl(6, LOOP_CLR_FD) = 0 [pid 411] close(6) = 0 [pid 411] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 410] exit_group(0) = ? [pid 411] <... futex resumed>) = ? [pid 411] +++ exited with 0 +++ [pid 412] <... futex resumed>) = ? [pid 412] +++ exited with 0 +++ [pid 410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=410, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/bus") = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 413 ./strace-static-x86_64: Process 413 attached [pid 413] set_robust_list(0x5555720a9760, 24) = 0 [pid 413] chdir("./37") = 0 [pid 413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 413] setpgid(0, 0) = 0 [pid 413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 413] write(3, "1000", 4) = 4 [pid 413] close(3) = 0 [pid 413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 413] write(1, "executing program\n", 18executing program ) = 18 [pid 413] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 413] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 413] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 414] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 413] <... clone3 resumed> => {parent_tid=[414]}, 88) = 414 [pid 413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 413] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 413] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 413] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 414] <... futex resumed>) = 0 [pid 413] <... mprotect resumed>) = 0 [pid 413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[415]}, 88) = 415 [pid 413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 413] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 414] memfd_create("syzkaller", 0 [pid 415] rt_sigprocmask(SIG_SETMASK, [], [pid 414] <... memfd_create resumed>) = 3 [pid 415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 415] creat("./bus", 000 [pid 414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 415] <... creat resumed>) = 4 [pid 415] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 413] <... futex resumed>) = 0 [pid 415] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 413] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 413] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... mount resumed>) = 0 [pid 415] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 413] <... futex resumed>) = 0 [pid 415] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 413] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... open resumed>) = 5 [pid 415] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 413] <... futex resumed>) = 0 [pid 415] <... futex resumed>) = 0 [pid 413] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 413] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 413] <... futex resumed>) = 0 [pid 415] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 413] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... futex resumed>) = 0 [pid 413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] <... mmap resumed>) = 0x7f9b9c005000 [pid 414] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 414] munmap(0x7f9b9c005000, 138412032) = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.188746][ T411] loop0: detected capacity change from 0 to 256 [ 26.197384][ T411] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.208112][ T411] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 26.218395][ T411] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 414] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 414] close(3) = 0 [pid 414] close(6) = 0 [pid 414] mkdir("./file0", 0777) = 0 [pid 414] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 414] chdir("./file0") = 0 [pid 414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 414] ioctl(6, LOOP_CLR_FD) = 0 [pid 414] close(6) = 0 [pid 414] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 413] exit_group(0 [pid 415] <... futex resumed>) = ? [pid 413] <... exit_group resumed>) = ? [pid 415] +++ exited with 0 +++ [pid 414] <... futex resumed>) = ? [pid 414] +++ exited with 0 +++ [pid 413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=413, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/bus") = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 416 ./strace-static-x86_64: Process 416 attached [pid 416] set_robust_list(0x5555720a9760, 24) = 0 [pid 416] chdir("./38") = 0 [pid 416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 416] setpgid(0, 0) = 0 [pid 416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 416] write(3, "1000", 4) = 4 [pid 416] close(3) = 0 [pid 416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 416] write(1, "executing program\n", 18) = 18 [pid 416] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 416] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 416] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[417]}, 88) = 417 [pid 416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 416] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 416] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[418]}, 88) = 418 [pid 416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 416] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 418 attached [pid 418] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 418] creat("./bus", 000) = 3 [pid 418] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 418] <... futex resumed>) = 1 [pid 418] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 418] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 418] <... futex resumed>) = 1 [pid 418] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 418] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 416] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 418] <... futex resumed>) = 1 [pid 418] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 418] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] <... futex resumed>) = 0 [pid 418] <... futex resumed>) = 1 [pid 418] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 417 attached [pid 417] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 417] memfd_create("syzkaller", 0) = 5 [pid 417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 417] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 417] munmap(0x7f9b9c005000, 138412032) = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.258562][ T414] loop0: detected capacity change from 0 to 256 [ 26.265970][ T414] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.276620][ T414] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 26.286919][ T414] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 417] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 417] close(5) = 0 [pid 417] close(6) = 0 [pid 417] mkdir("./file0", 0777) = 0 [pid 417] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 417] chdir("./file0") = 0 [pid 417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 417] ioctl(6, LOOP_CLR_FD) = 0 [pid 417] close(6) = 0 [pid 417] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 417] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 416] exit_group(0) = ? [pid 417] <... futex resumed>) = ? [pid 417] +++ exited with 0 +++ [pid 418] <... futex resumed>) = ? [pid 418] +++ exited with 0 +++ [pid 416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=416, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/bus") = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 419 ./strace-static-x86_64: Process 419 attached [pid 419] set_robust_list(0x5555720a9760, 24) = 0 [pid 419] chdir("./39") = 0 [pid 419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 419] setpgid(0, 0) = 0 [pid 419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 419] write(3, "1000", 4) = 4 [pid 419] close(3) = 0 [pid 419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 419] write(1, "executing program\n", 18) = 18 [pid 419] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 419] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 419] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 419] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[420]}, 88) = 420 [pid 419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 419] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 419] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 419] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[421]}, 88) = 421 [pid 419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 419] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 419] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 421] creat("./bus", 000./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x7f9ba44469a0, 24 [pid 421] <... creat resumed>) = 3 [pid 421] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... futex resumed>) = 0 [pid 419] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 419] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 420] <... set_robust_list resumed>) = 0 [pid 421] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... futex resumed>) = 0 [pid 419] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 419] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 421] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... futex resumed>) = 0 [pid 419] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 419] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 420] rt_sigprocmask(SIG_SETMASK, [], [pid 421] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 421] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... futex resumed>) = 0 [pid 421] <... futex resumed>) = 1 [pid 420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 421] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] memfd_create("syzkaller", 0) = 5 [pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 420] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 420] munmap(0x7f9b9c005000, 138412032) = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.325868][ T417] loop0: detected capacity change from 0 to 256 [ 26.333750][ T417] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.344285][ T417] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 26.354374][ T417] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 420] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 420] close(5) = 0 [pid 420] close(6) = 0 [pid 420] mkdir("./file0", 0777) = 0 [pid 420] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 420] chdir("./file0") = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 420] ioctl(6, LOOP_CLR_FD) = 0 [pid 420] close(6) = 0 [pid 420] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 419] exit_group(0 [pid 421] <... futex resumed>) = ? [pid 419] <... exit_group resumed>) = ? [pid 421] +++ exited with 0 +++ [pid 420] <... futex resumed>) = ? [pid 420] +++ exited with 0 +++ [pid 419] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=419, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/bus") = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 422 ./strace-static-x86_64: Process 422 attached [pid 422] set_robust_list(0x5555720a9760, 24) = 0 [pid 422] chdir("./40") = 0 [pid 422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 422] setpgid(0, 0) = 0 [pid 422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 422] write(3, "1000", 4) = 4 [pid 422] close(3) = 0 [pid 422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 422] write(1, "executing program\n", 18executing program ) = 18 [pid 422] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 422] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 422] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[423]}, 88) = 423 [pid 422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 422] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 422] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[424]}, 88) = 424 [pid 422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 422] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 424] creat("./bus", 000) = 3 [pid 424] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] <... futex resumed>) = 1 [pid 424] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 424] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] <... futex resumed>) = 1 [pid 424] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 424] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] <... futex resumed>) = 1 [pid 424] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 424] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 424] <... futex resumed>) = 1 [pid 424] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 423] memfd_create("syzkaller", 0) = 5 [pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 423] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 423] munmap(0x7f9b9c005000, 138412032) = 0 [pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.390315][ T420] loop0: detected capacity change from 0 to 256 [ 26.397931][ T420] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.408642][ T420] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 26.418784][ T420] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 423] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 423] close(5) = 0 [pid 423] close(6) = 0 [pid 423] mkdir("./file0", 0777) = 0 [pid 423] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 423] chdir("./file0") = 0 [pid 423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 423] ioctl(6, LOOP_CLR_FD) = 0 [pid 423] close(6) = 0 [pid 423] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 422] exit_group(0 [pid 424] <... futex resumed>) = ? [pid 422] <... exit_group resumed>) = ? [pid 424] +++ exited with 0 +++ [pid 423] <... futex resumed>) = ? [pid 423] +++ exited with 0 +++ [pid 422] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=422, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/bus") = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 425 ./strace-static-x86_64: Process 425 attached [pid 425] set_robust_list(0x5555720a9760, 24) = 0 [pid 425] chdir("./41") = 0 [pid 425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 425] setpgid(0, 0) = 0 [pid 425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 425] write(3, "1000", 4) = 4 [pid 425] close(3) = 0 [pid 425] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 425] write(1, "executing program\n", 18) = 18 [pid 425] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 425] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[426]}, 88) = 426 [pid 425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 425] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 425] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 426 attached ) = 0 [pid 425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[427]}, 88) = 427 [pid 425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 425] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 427] creat("./bus", 000) = 3 [pid 427] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... futex resumed>) = 0 [pid 425] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... futex resumed>) = 1 [pid 427] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 427] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... futex resumed>) = 0 [pid 425] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... futex resumed>) = 1 [pid 427] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 427] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... futex resumed>) = 0 [pid 425] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... futex resumed>) = 1 [pid 427] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 427] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 1 [pid 426] set_robust_list(0x7f9ba44469a0, 24 [pid 427] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] <... set_robust_list resumed>) = 0 [pid 426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 426] memfd_create("syzkaller", 0) = 5 [pid 426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 426] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 426] munmap(0x7f9b9c005000, 138412032) = 0 [pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.457289][ T423] loop0: detected capacity change from 0 to 256 [ 26.465704][ T423] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.476573][ T423] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 26.486980][ T423] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 426] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 426] close(5) = 0 [pid 426] close(6) = 0 [pid 426] mkdir("./file0", 0777) = 0 [pid 426] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 426] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 426] chdir("./file0") = 0 [pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 426] ioctl(6, LOOP_CLR_FD) = 0 [pid 426] close(6) = 0 [pid 426] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] exit_group(0 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] <... futex resumed>) = ? [pid 425] <... exit_group resumed>) = ? [pid 427] +++ exited with 0 +++ [pid 426] <... futex resumed>) = ? [pid 426] +++ exited with 0 +++ [pid 425] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=425, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/bus") = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 428 ./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x5555720a9760, 24) = 0 [pid 428] chdir("./42") = 0 [pid 428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 428] setpgid(0, 0) = 0 executing program [pid 428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 428] write(3, "1000", 4) = 4 [pid 428] close(3) = 0 [pid 428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 428] write(1, "executing program\n", 18) = 18 [pid 428] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 428] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 428] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 428] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[429]}, 88) = 429 [pid 428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 428] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 428] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 428] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[430]}, 88) = 430 [pid 428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 428] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 430] creat("./bus", 000) = 3 [pid 430] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... futex resumed>) = 1 [pid 430] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 430] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... futex resumed>) = 1 [pid 430] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 430] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... futex resumed>) = 0 [pid 428] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] <... futex resumed>) = 1 [pid 430] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 430] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... futex resumed>) = 0 [pid 430] <... futex resumed>) = 1 [pid 430] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 429 attached [pid 429] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 429] memfd_create("syzkaller", 0) = 5 [pid 429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 26.528991][ T426] loop0: detected capacity change from 0 to 256 [ 26.538291][ T426] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.548804][ T426] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 26.559275][ T426] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 429] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 429] munmap(0x7f9b9c005000, 138412032) = 0 [pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 429] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 429] close(5) = 0 [pid 429] close(6) = 0 [pid 429] mkdir("./file0", 0777) = 0 [pid 429] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 429] chdir("./file0") = 0 [pid 429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 429] ioctl(6, LOOP_CLR_FD) = 0 [pid 429] close(6) = 0 [pid 429] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 429] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] exit_group(0 [pid 430] <... futex resumed>) = ? [pid 428] <... exit_group resumed>) = ? [pid 430] +++ exited with 0 +++ [pid 429] <... futex resumed>) = ? [pid 429] +++ exited with 0 +++ [pid 428] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=428, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/bus") = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 431 ./strace-static-x86_64: Process 431 attached [pid 431] set_robust_list(0x5555720a9760, 24) = 0 [pid 431] chdir("./43") = 0 [pid 431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 431] setpgid(0, 0) = 0 [pid 431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 431] write(3, "1000", 4) = 4 [pid 431] close(3) = 0 [pid 431] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 431] write(1, "executing program\n", 18) = 18 [pid 431] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 431] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 431] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[432]}, 88) = 432 [pid 431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 431] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 431] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 432 attached ) = 0 [pid 431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[433]}, 88) = 433 [pid 431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 431] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 432] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 432] memfd_create("syzkaller", 0) = 3 ./strace-static-x86_64: Process 433 attached [pid 432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 433] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 433] creat("./bus", 000 [pid 432] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 433] <... creat resumed>) = 4 [pid 433] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 431] <... futex resumed>) = 0 [pid 433] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] <... write resumed>) = 131072 [pid 431] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 433] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 433] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] munmap(0x7f9b9c005000, 138412032 [pid 431] <... futex resumed>) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] <... munmap resumed>) = 0 [pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 432] ioctl(5, LOOP_SET_FD, 3 [pid 431] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [ 26.612527][ T429] loop0: detected capacity change from 0 to 256 [ 26.620589][ T429] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.631413][ T429] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 26.642137][ T429] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 431] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 431] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] <... futex resumed>) = 0 [pid 433] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 433] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 431] <... futex resumed>) = 0 [pid 431] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 433] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 433] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 431] <... futex resumed>) = 0 [pid 433] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 432] <... ioctl resumed>) = 0 [pid 432] close(3) = 0 [pid 432] close(5) = 0 [pid 432] mkdir("./file0", 0777) = 0 [pid 432] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 432] chdir("./file0") = 0 [pid 432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 432] ioctl(5, LOOP_CLR_FD) = 0 [pid 432] close(5) = 0 [pid 432] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 432] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] exit_group(0 [pid 433] <... futex resumed>) = ? [pid 431] <... exit_group resumed>) = ? [pid 433] +++ exited with 0 +++ [pid 432] <... futex resumed>) = ? [pid 432] +++ exited with 0 +++ [pid 431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=431, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/bus") = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 434 ./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x5555720a9760, 24) = 0 [pid 434] chdir("./44"executing program ) = 0 [pid 434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 434] setpgid(0, 0) = 0 [pid 434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 434] write(3, "1000", 4) = 4 [pid 434] close(3) = 0 [pid 434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 434] write(1, "executing program\n", 18) = 18 [pid 434] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 434] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 434] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[435]}, 88) = 435 [pid 434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 434] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 434] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 434] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[436]}, 88) = 436 [pid 434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 434] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 436 attached [pid 436] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 436] creat("./bus", 000) = 3 ./strace-static-x86_64: Process 435 attached [pid 436] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 1 [pid 436] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 436] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 1 [pid 436] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 436] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 1 [pid 436] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 436] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 434] <... futex resumed>) = 0 [pid 436] <... futex resumed>) = 1 [pid 436] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 435] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 435] memfd_create("syzkaller", 0) = 5 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 435] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 435] munmap(0x7f9b9c005000, 138412032) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.678307][ T432] loop0: detected capacity change from 0 to 256 [ 26.685869][ T432] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.696591][ T432] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 26.706721][ T432] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 435] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 435] close(5) = 0 [pid 435] close(6) = 0 [pid 435] mkdir("./file0", 0777) = 0 [ 26.741292][ T435] loop0: detected capacity change from 0 to 256 [ 26.759260][ T435] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.769755][ T435] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [pid 435] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 435] chdir("./file0") = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 435] ioctl(6, LOOP_CLR_FD) = 0 [pid 435] close(6) = 0 [pid 435] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] exit_group(0 [pid 436] <... futex resumed>) = ? [pid 434] <... exit_group resumed>) = ? [pid 436] +++ exited with 0 +++ [pid 435] <... futex resumed>) = ? [pid 435] +++ exited with 0 +++ [pid 434] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=434, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/bus") = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 438 ./strace-static-x86_64: Process 438 attached [pid 438] set_robust_list(0x5555720a9760, 24) = 0 [pid 438] chdir("./45") = 0 [pid 438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 438] setpgid(0, 0) = 0 [pid 438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 438] write(3, "1000", 4) = 4 [pid 438] close(3) = 0 [pid 438] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 438] write(1, "executing program\n", 18) = 18 [pid 438] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 438] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 438] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[439]}, 88) = 439 [pid 438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 438] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 438] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[440]}, 88) = 440 [pid 438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 438] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 440] creat("./bus", 000) = 3 [pid 440] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... futex resumed>) = 0 [pid 438] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [pid 440] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 440] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... futex resumed>) = 0 [pid 438] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [pid 440] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 440] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... futex resumed>) = 0 [pid 438] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 438] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... futex resumed>) = 1 [pid 440] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 440] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... futex resumed>) = 0 [pid 440] <... futex resumed>) = 1 [pid 440] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 439] memfd_create("syzkaller", 0) = 5 [pid 439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 439] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 439] munmap(0x7f9b9c005000, 138412032) = 0 [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.780383][ T435] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 439] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 439] close(5) = 0 [pid 439] close(6) = 0 [pid 439] mkdir("./file0", 0777) = 0 [pid 439] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 439] chdir("./file0") = 0 [pid 439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 439] ioctl(6, LOOP_CLR_FD) = 0 [pid 439] close(6) = 0 [pid 439] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 438] exit_group(0) = ? [pid 439] <... futex resumed>) = ? [pid 439] +++ exited with 0 +++ [pid 440] <... futex resumed>) = ? [pid 440] +++ exited with 0 +++ [pid 438] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=438, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/bus") = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 441 ./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x5555720a9760, 24) = 0 [pid 441] chdir("./46") = 0 [pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 441] setpgid(0, 0) = 0 [pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 441] write(3, "1000", 4) = 4 [pid 441] close(3) = 0 [pid 441] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 441] write(1, "executing program\n", 18) = 18 [pid 441] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 441] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 441] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[442]}, 88) = 442 [pid 441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 441] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 441] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[443]}, 88) = 443 [pid 441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 441] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 443 attached [pid 443] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 443] creat("./bus", 000) = 3 [pid 443] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 443] <... futex resumed>) = 1 [pid 443] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 443] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 443] <... futex resumed>) = 1 [pid 443] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 443] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 443] <... futex resumed>) = 1 [pid 443] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 443] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 443] <... futex resumed>) = 1 [pid 443] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 442 attached [pid 442] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 442] memfd_create("syzkaller", 0) = 5 [pid 442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 442] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 442] munmap(0x7f9b9c005000, 138412032) = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.820995][ T439] loop0: detected capacity change from 0 to 256 [ 26.829332][ T439] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.840079][ T439] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 26.850756][ T439] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 442] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 442] close(5) = 0 [pid 442] close(6) = 0 [pid 442] mkdir("./file0", 0777) = 0 [pid 442] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 442] chdir("./file0") = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 442] ioctl(6, LOOP_CLR_FD) = 0 [pid 442] close(6) = 0 [pid 442] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 442] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 441] exit_group(0 [pid 443] <... futex resumed>) = ? [pid 441] <... exit_group resumed>) = ? [pid 443] +++ exited with 0 +++ [pid 442] <... futex resumed>) = ? [pid 442] +++ exited with 0 +++ [pid 441] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=441, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/bus") = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 444 ./strace-static-x86_64: Process 444 attached [pid 444] set_robust_list(0x5555720a9760, 24) = 0 [pid 444] chdir("./47") = 0 [pid 444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 444] setpgid(0, 0) = 0 [pid 444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 444] write(3, "1000", 4) = 4 [pid 444] close(3) = 0 [pid 444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 444] write(1, "executing program\n", 18) = 18 [pid 444] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 444] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[445]}, 88) = 445 [pid 444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 444] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 444] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[446]}, 88) = 446 [pid 444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 444] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 446] creat("./bus", 000) = 3 [pid 446] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 444] <... futex resumed>) = 0 [pid 444] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 446] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 444] <... futex resumed>) = 0 [pid 444] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 446] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 444] <... futex resumed>) = 0 [pid 444] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 444] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 446] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 444] <... futex resumed>) = 0 [pid 446] <... futex resumed>) = 1 [pid 446] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 445 attached [pid 445] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 445] memfd_create("syzkaller", 0) = 5 [pid 445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 445] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 445] munmap(0x7f9b9c005000, 138412032) = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 26.889284][ T442] loop0: detected capacity change from 0 to 256 [ 26.896790][ T442] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.907371][ T442] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 26.917806][ T442] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 445] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 445] close(5) = 0 [pid 445] close(6) = 0 [pid 445] mkdir("./file0", 0777) = 0 [pid 445] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 445] chdir("./file0") = 0 [pid 445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 445] ioctl(6, LOOP_CLR_FD) = 0 [pid 445] close(6) = 0 [pid 445] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 444] exit_group(0 [pid 446] <... futex resumed>) = ? [pid 444] <... exit_group resumed>) = ? [pid 446] +++ exited with 0 +++ [pid 445] <... futex resumed>) = ? [pid 445] +++ exited with 0 +++ [pid 444] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=444, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/bus") = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 447 ./strace-static-x86_64: Process 447 attached [pid 447] set_robust_list(0x5555720a9760, 24) = 0 [pid 447] chdir("./48") = 0 [pid 447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 447] setpgid(0, 0) = 0 [pid 447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 447] write(3, "1000", 4) = 4 [pid 447] close(3) = 0 [pid 447] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 447] write(1, "executing program\n", 18) = 18 [pid 447] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 447] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 447] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[448]}, 88) = 448 [pid 447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 447] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 447] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[449]}, 88) = 449 [pid 447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 447] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 448 attached [pid 448] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 448] memfd_create("syzkaller", 0) = 3 [pid 448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 ./strace-static-x86_64: Process 449 attached [pid 448] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 449] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 449] creat("./bus", 000) = 4 [pid 449] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 449] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 448] <... write resumed>) = 131072 [pid 449] <... mount resumed>) = 0 [pid 449] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 447] <... futex resumed>) = 0 [pid 448] munmap(0x7f9b9c005000, 138412032 [pid 449] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] <... munmap resumed>) = 0 [pid 447] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 447] <... futex resumed>) = 1 [pid 449] <... futex resumed>) = 0 [pid 448] ioctl(5, LOOP_SET_FD, 3 [pid 447] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 449] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 449] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 26.954569][ T445] loop0: detected capacity change from 0 to 256 [ 26.962135][ T445] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.972691][ T445] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 26.983073][ T445] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 447] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 449] <... futex resumed>) = 1 [pid 449] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 449] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 449] <... futex resumed>) = 1 [pid 449] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] <... ioctl resumed>) = 0 [pid 448] close(3) = 0 [pid 448] close(5) = 0 [pid 448] mkdir("./file0", 0777) = 0 [pid 448] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 448] chdir("./file0") = 0 [pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 448] ioctl(5, LOOP_CLR_FD) = 0 [pid 448] close(5) = 0 [pid 448] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 447] exit_group(0 [pid 449] <... futex resumed>) = ? [pid 447] <... exit_group resumed>) = ? [pid 449] +++ exited with 0 +++ [pid 448] <... futex resumed>) = ? [pid 448] +++ exited with 0 +++ [pid 447] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=447, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/bus") = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 450 ./strace-static-x86_64: Process 450 attached [pid 450] set_robust_list(0x5555720a9760, 24) = 0 [pid 450] chdir("./49") = 0 [pid 450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 450] setpgid(0, 0) = 0 [pid 450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 450] write(3, "1000", 4) = 4 [pid 450] close(3) = 0 [pid 450] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 450] write(1, "executing program\n", 18) = 18 [pid 450] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 450] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 450] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 450] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[451]}, 88) = 451 [pid 450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 450] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 450] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 450] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[452]}, 88) = 452 [pid 450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 450] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 450] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 452] creat("./bus", 000) = 3 [pid 452] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 450] <... futex resumed>) = 0 [pid 450] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 450] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... futex resumed>) = 1 [pid 452] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 452] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 450] <... futex resumed>) = 0 [pid 450] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 450] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... futex resumed>) = 1 [pid 452] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 452] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 450] <... futex resumed>) = 0 [pid 450] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 450] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... futex resumed>) = 1 [pid 452] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 452] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 450] <... futex resumed>) = 0 [pid 452] <... futex resumed>) = 1 [pid 452] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 451 attached [pid 451] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 451] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 451] memfd_create("syzkaller", 0) = 5 [pid 451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 451] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 451] munmap(0x7f9b9c005000, 138412032) = 0 [ 27.031818][ T448] loop0: detected capacity change from 0 to 256 [ 27.039987][ T448] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.050645][ T448] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 27.061266][ T448] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 451] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 451] close(5) = 0 [pid 451] close(6) = 0 [pid 451] mkdir("./file0", 0777) = 0 [pid 451] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 451] chdir("./file0") = 0 [pid 451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 451] ioctl(6, LOOP_CLR_FD) = 0 [pid 451] close(6) = 0 [pid 451] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 450] exit_group(0) = ? [pid 451] <... futex resumed>) = ? [pid 451] +++ exited with 0 +++ [pid 452] <... futex resumed>) = ? [pid 452] +++ exited with 0 +++ [pid 450] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=450, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/bus") = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 453 ./strace-static-x86_64: Process 453 attached [pid 453] set_robust_list(0x5555720a9760, 24) = 0 [pid 453] chdir("./50") = 0 [pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 453] setpgid(0, 0executing program ) = 0 [pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 453] write(3, "1000", 4) = 4 [pid 453] close(3) = 0 [pid 453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 453] write(1, "executing program\n", 18) = 18 [pid 453] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 453] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 453] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 454 attached => {parent_tid=[454]}, 88) = 454 [pid 453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 453] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 453] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 454] set_robust_list(0x7f9ba44469a0, 24 [pid 453] <... mprotect resumed>) = 0 [pid 453] rt_sigprocmask(SIG_BLOCK, ~[], [pid 454] <... set_robust_list resumed>) = 0 [pid 453] <... rt_sigprocmask resumed>[], 8) = 0 [pid 453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 454] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 455 attached [pid 453] <... clone3 resumed> => {parent_tid=[455]}, 88) = 455 [pid 453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 453] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 454] memfd_create("syzkaller", 0 [pid 455] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 454] <... memfd_create resumed>) = 3 [pid 454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 455] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 455] creat("./bus", 000) = 4 [pid 455] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 455] <... futex resumed>) = 1 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 455] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 454] <... write resumed>) = 131072 [pid 453] <... futex resumed>) = 0 [pid 454] munmap(0x7f9b9c005000, 138412032) = 0 [pid 453] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 454] ioctl(5, LOOP_SET_FD, 3 [pid 455] <... mount resumed>) = 0 [ 27.101227][ T451] loop0: detected capacity change from 0 to 256 [ 27.109655][ T451] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.120609][ T451] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 27.131342][ T451] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 455] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 455] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 455] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 455] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 454] <... ioctl resumed>) = 0 [pid 454] close(3) = 0 [pid 454] close(5) = 0 [pid 454] mkdir("./file0", 0777) = 0 [pid 454] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 454] chdir("./file0") = 0 [pid 454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 454] ioctl(5, LOOP_CLR_FD) = 0 [pid 454] close(5) = 0 [pid 454] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 454] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 453] exit_group(0) = ? [pid 454] <... futex resumed>) = ? [pid 454] +++ exited with 0 +++ [pid 455] <... futex resumed>) = ? [pid 455] +++ exited with 0 +++ [pid 453] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=453, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/bus") = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 456 ./strace-static-x86_64: Process 456 attached [pid 456] set_robust_list(0x5555720a9760, 24) = 0 [pid 456] chdir("./51") = 0 [pid 456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 456] setpgid(0, 0) = 0 [pid 456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 456] write(3, "1000", 4) = 4 [pid 456] close(3) = 0 [pid 456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 456] write(1, "executing program\n", 18) = 18 [pid 456] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 456] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 456] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 457 attached [pid 457] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 457] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 456] <... clone3 resumed> => {parent_tid=[457]}, 88) = 457 [pid 456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 456] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 456] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] memfd_create("syzkaller", 0) = 3 [pid 457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c026000 [pid 456] <... futex resumed>) = 0 [pid 456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9b9c005000 [pid 456] mprotect(0x7f9b9c006000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9b9c025990, parent_tid=0x7f9b9c025990, exit_signal=0, stack=0x7f9b9c005000, stack_size=0x20240, tls=0x7f9b9c0256c0} [pid 457] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 27.172316][ T454] loop0: detected capacity change from 0 to 256 [ 27.180419][ T454] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.191117][ T454] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 27.201727][ T454] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 457] munmap(0x7f9b9c026000, 138412032 [pid 456] <... clone3 resumed> => {parent_tid=[458]}, 88) = 458 [pid 457] <... munmap resumed>) = 0 [pid 457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 457] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 458 attached [pid 456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 456] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] set_robust_list(0x7f9b9c0259a0, 24) = 0 [pid 458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 458] creat("./bus", 000) = 5 [pid 458] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 458] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 458] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 458] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 458] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 457] <... ioctl resumed>) = 0 [pid 457] close(3) = 0 [pid 458] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 457] close(4 [pid 458] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 457] <... close resumed>) = 0 [pid 457] mkdir("./file0", 0777 [pid 458] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... mkdir resumed>) = 0 [pid 457] mount("/dev/loop0", "./file0", "exfat", 0, "" [pid 458] <... futex resumed>) = 1 [pid 456] <... futex resumed>) = 0 [pid 458] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] <... mount resumed>) = 0 [pid 457] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 457] chdir("./file0") = 0 [pid 457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 457] ioctl(4, LOOP_CLR_FD) = 0 [pid 457] close(4) = 0 [pid 457] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 456] exit_group(0) = ? [pid 457] <... futex resumed>) = ? [pid 457] +++ exited with 0 +++ [pid 458] <... futex resumed>) = ? [pid 458] +++ exited with 0 +++ [pid 456] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=456, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/bus") = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 459 ./strace-static-x86_64: Process 459 attached [pid 459] set_robust_list(0x5555720a9760, 24) = 0 [pid 459] chdir("./52") = 0 [pid 459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 459] setpgid(0, 0) = 0 [pid 459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 459] write(3, "1000", 4) = 4 [pid 459] close(3) = 0 [pid 459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 459] write(1, "executing program\n", 18) = 18 [pid 459] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 459] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[460]}, 88) = 460 [pid 459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 459] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 459] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[461]}, 88) = 461 [pid 459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 459] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 461 attached [pid 461] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 461] creat("./bus", 000) = 3 [pid 461] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] <... futex resumed>) = 1 [pid 461] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 461] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] <... futex resumed>) = 1 [pid 461] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 461] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] <... futex resumed>) = 1 [pid 461] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 461] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 461] <... futex resumed>) = 1 [pid 461] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 460 attached [pid 460] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 460] memfd_create("syzkaller", 0) = 5 [pid 460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 460] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 460] munmap(0x7f9b9c005000, 138412032) = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.237879][ T457] loop0: detected capacity change from 0 to 256 [ 27.246302][ T457] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.256894][ T457] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 27.267440][ T457] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 460] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 460] close(5) = 0 [pid 460] close(6) = 0 [pid 460] mkdir("./file0", 0777) = 0 [pid 460] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 460] chdir("./file0") = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 460] ioctl(6, LOOP_CLR_FD) = 0 [pid 460] close(6) = 0 [pid 460] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] exit_group(0) = ? [pid 460] +++ exited with 0 +++ [pid 461] <... futex resumed>) = ? [pid 461] +++ exited with 0 +++ [pid 459] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=459, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/bus") = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 462 ./strace-static-x86_64: Process 462 attached [pid 462] set_robust_list(0x5555720a9760, 24) = 0 [pid 462] chdir("./53") = 0 [pid 462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 462] setpgid(0, 0) = 0 [pid 462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 462] write(3, "1000", 4) = 4 [pid 462] close(3) = 0 [pid 462] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 462] write(1, "executing program\n", 18) = 18 [pid 462] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 462] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 462] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[463]}, 88) = 463 [pid 462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 462] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 462] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[464]}, 88) = 464 [pid 462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 462] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 464 attached [pid 464] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 464] creat("./bus", 000) = 3 [pid 464] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 462] <... futex resumed>) = 0 [pid 462] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... futex resumed>) = 1 [pid 464] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 464] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 462] <... futex resumed>) = 0 [pid 462] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... futex resumed>) = 1 [pid 464] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 464] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 462] <... futex resumed>) = 0 [pid 462] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... futex resumed>) = 1 [pid 464] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 464] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 462] <... futex resumed>) = 0 [pid 464] <... futex resumed>) = 1 [pid 464] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 463 attached [pid 463] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 463] memfd_create("syzkaller", 0) = 5 [pid 463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 463] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 463] munmap(0x7f9b9c005000, 138412032) = 0 [pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.305489][ T460] loop0: detected capacity change from 0 to 256 [ 27.313119][ T460] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.323726][ T460] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 27.334799][ T460] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 463] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 463] close(5) = 0 [pid 463] close(6) = 0 [pid 463] mkdir("./file0", 0777) = 0 [pid 463] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 463] chdir("./file0") = 0 [pid 463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 463] ioctl(6, LOOP_CLR_FD) = 0 [pid 463] close(6) = 0 [pid 463] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 463] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 462] exit_group(0 [pid 464] <... futex resumed>) = ? [pid 462] <... exit_group resumed>) = ? [pid 464] +++ exited with 0 +++ [pid 463] <... futex resumed>) = ? [pid 463] +++ exited with 0 +++ [pid 462] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=462, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/bus") = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 465 ./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x5555720a9760, 24) = 0 [pid 465] chdir("./54") = 0 [pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 465] setpgid(0, 0) = 0 [pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 465] write(3, "1000", 4) = 4 [pid 465] close(3) = 0 [pid 465] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 465] write(1, "executing program\n", 18) = 18 [pid 465] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 465] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 465] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 465] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[466]}, 88) = 466 [pid 465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 465] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 465] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 466 attached ) = 0 [pid 465] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[467]}, 88) = 467 [pid 465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 465] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 466] memfd_create("syzkaller", 0) = 3 [pid 466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 ./strace-static-x86_64: Process 467 attached [pid 467] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 467] creat("./bus", 000 [pid 466] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 467] <... creat resumed>) = 4 [pid 466] <... write resumed>) = 131072 [pid 466] munmap(0x7f9b9c005000, 138412032) = 0 [pid 466] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 467] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 466] <... openat resumed>) = 5 [pid 466] ioctl(5, LOOP_SET_FD, 3 [pid 467] <... futex resumed>) = 1 [pid 465] <... futex resumed>) = 0 [ 27.374876][ T463] loop0: detected capacity change from 0 to 256 [ 27.383849][ T463] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.394463][ T463] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 27.405679][ T463] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 465] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 467] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 467] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = 0 [pid 465] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 467] <... futex resumed>) = 1 [pid 467] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 467] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = 0 [pid 465] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 467] <... futex resumed>) = 1 [pid 467] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 467] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 465] <... futex resumed>) = 0 [pid 467] <... futex resumed>) = 1 [pid 467] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 466] <... ioctl resumed>) = 0 [pid 466] close(3) = 0 [pid 466] close(5) = 0 [pid 466] mkdir("./file0", 0777) = 0 [pid 466] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 466] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 466] chdir("./file0") = 0 [pid 466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 466] ioctl(5, LOOP_CLR_FD) = 0 [pid 466] close(5) = 0 [pid 466] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 465] exit_group(0 [pid 467] <... futex resumed>) = ? [pid 467] +++ exited with 0 +++ [pid 465] <... exit_group resumed>) = ? [pid 466] <... futex resumed>) = ? [pid 466] +++ exited with 0 +++ [pid 465] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=465, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/bus") = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 468 ./strace-static-x86_64: Process 468 attached [pid 468] set_robust_list(0x5555720a9760, 24) = 0 [pid 468] chdir("./55") = 0 [pid 468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 468] setpgid(0, 0) = 0 [pid 468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 468] write(3, "1000", 4) = 4 [pid 468] close(3) = 0 [pid 468] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 468] write(1, "executing program\n", 18) = 18 [pid 468] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 468] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[469]}, 88) = 469 [pid 468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 468] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 468] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[470]}, 88) = 470 [pid 468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 468] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 470 attached [pid 470] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 470] creat("./bus", 000) = 3 [pid 470] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = 0 [pid 468] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... futex resumed>) = 1 [pid 470] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 470] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = 0 [pid 468] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... futex resumed>) = 1 [pid 470] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 470] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = 0 [pid 468] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... futex resumed>) = 1 [pid 470] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 470] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = 0 [pid 470] <... futex resumed>) = 1 [pid 470] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 469 attached [pid 469] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 469] memfd_create("syzkaller", 0) = 5 [pid 469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 27.444561][ T466] loop0: detected capacity change from 0 to 256 [ 27.452960][ T466] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.463454][ T466] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 27.473954][ T466] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 469] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 469] munmap(0x7f9b9c005000, 138412032) = 0 [pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 469] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 469] close(5) = 0 [pid 469] close(6) = 0 [pid 469] mkdir("./file0", 0777) = 0 [pid 469] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 469] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 469] chdir("./file0") = 0 [pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 469] ioctl(6, LOOP_CLR_FD) = 0 [pid 469] close(6) = 0 [pid 469] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 468] exit_group(0 [pid 470] <... futex resumed>) = ? [pid 468] <... exit_group resumed>) = ? [pid 470] +++ exited with 0 +++ [pid 469] <... futex resumed>) = ? [pid 469] +++ exited with 0 +++ [pid 468] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=468, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/bus") = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 471 ./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x5555720a9760, 24) = 0 [pid 471] chdir("./56") = 0 [pid 471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 471] setpgid(0, 0) = 0 [pid 471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 471] write(3, "1000", 4) = 4 [pid 471] close(3) = 0 [pid 471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 471] write(1, "executing program\n", 18executing program ) = 18 [pid 471] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 471] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 472 attached [pid 472] set_robust_list(0x7f9ba44469a0, 24 [pid 471] <... clone3 resumed> => {parent_tid=[472]}, 88) = 472 [pid 471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 471] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 472] <... set_robust_list resumed>) = 0 [pid 471] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 472] rt_sigprocmask(SIG_SETMASK, [], [pid 471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[473]}, 88) = 473 ./strace-static-x86_64: Process 473 attached [pid 472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 471] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 472] memfd_create("syzkaller", 0 [pid 473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 473] creat("./bus", 000 [pid 472] <... memfd_create resumed>) = 4 [pid 472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 473] <... creat resumed>) = 3 [pid 472] <... mmap resumed>) = 0x7f9b9c005000 [pid 473] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = 0 [pid 471] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... futex resumed>) = 1 [pid 473] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 472] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 473] <... mount resumed>) = 0 [pid 473] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... write resumed>) = 131072 [pid 472] munmap(0x7f9b9c005000, 138412032) = 0 [pid 472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 471] <... futex resumed>) = 0 [pid 473] <... futex resumed>) = 1 [pid 471] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] ioctl(5, LOOP_SET_FD, 4 [pid 471] <... futex resumed>) = 0 [pid 473] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 471] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... open resumed>) = 6 [ 27.510766][ T469] loop0: detected capacity change from 0 to 256 [ 27.518280][ T469] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.528974][ T469] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 27.539331][ T469] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 473] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = 0 [pid 471] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... futex resumed>) = 1 [pid 473] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 473] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = 0 [pid 473] <... futex resumed>) = 1 [pid 473] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 472] <... ioctl resumed>) = 0 [pid 472] close(4) = 0 [pid 472] close(5) = 0 [pid 472] mkdir("./file0", 0777) = 0 [pid 472] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 472] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 472] chdir("./file0") = 0 [pid 472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 472] ioctl(5, LOOP_CLR_FD) = 0 [pid 472] close(5) = 0 [pid 472] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 471] exit_group(0 [pid 473] <... futex resumed>) = ? [pid 471] <... exit_group resumed>) = ? [pid 473] +++ exited with 0 +++ [pid 472] <... futex resumed>) = ? [pid 472] +++ exited with 0 +++ [pid 471] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=471, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/bus") = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 474 ./strace-static-x86_64: Process 474 attached [pid 474] set_robust_list(0x5555720a9760, 24) = 0 [pid 474] chdir("./57") = 0 [pid 474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 474] setpgid(0, 0) = 0 [pid 474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 474] write(3, "1000", 4) = 4 [pid 474] close(3) = 0 [pid 474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 474] write(1, "executing program\n", 18executing program ) = 18 [pid 474] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 474] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 474] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 475 attached [pid 475] set_robust_list(0x7f9ba44469a0, 24 [pid 474] <... clone3 resumed> => {parent_tid=[475]}, 88) = 475 [pid 474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 474] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 474] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 475] <... set_robust_list resumed>) = 0 [pid 474] <... mprotect resumed>) = 0 [pid 475] rt_sigprocmask(SIG_SETMASK, [], [pid 474] rt_sigprocmask(SIG_BLOCK, ~[], [pid 475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 474] <... rt_sigprocmask resumed>[], 8) = 0 [pid 474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 475] memfd_create("syzkaller", 0) = 3 [pid 475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 474] <... clone3 resumed> => {parent_tid=[476]}, 88) = 476 [pid 475] <... mmap resumed>) = 0x7f9b9c005000 [pid 474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 474] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 476 attached [pid 476] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 476] creat("./bus", 000 [pid 475] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 476] <... creat resumed>) = 4 [pid 476] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] <... write resumed>) = 131072 [pid 476] <... futex resumed>) = 1 [pid 475] munmap(0x7f9b9c005000, 138412032 [pid 474] <... futex resumed>) = 0 [pid 476] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 474] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 475] <... munmap resumed>) = 0 [pid 476] <... futex resumed>) = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 474] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 475] <... openat resumed>) = 5 [pid 476] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 474] <... futex resumed>) = 0 [pid 474] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... futex resumed>) = 1 [pid 476] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 475] ioctl(5, LOOP_SET_FD, 3 [pid 476] <... open resumed>) = 6 [pid 476] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 27.581417][ T472] loop0: detected capacity change from 0 to 256 [ 27.590187][ T472] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.600716][ T472] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 27.611456][ T472] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 476] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 474] <... futex resumed>) = 0 [pid 474] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 474] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... futex resumed>) = 0 [pid 476] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 476] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 474] <... futex resumed>) = 0 [pid 476] <... futex resumed>) = 1 [pid 476] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 475] <... ioctl resumed>) = 0 [pid 475] close(3) = 0 [pid 475] close(5) = 0 [pid 475] mkdir("./file0", 0777) = 0 [pid 475] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 475] chdir("./file0") = 0 [pid 475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 475] ioctl(5, LOOP_CLR_FD) = 0 [pid 475] close(5) = 0 [pid 475] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 474] exit_group(0 [pid 476] <... futex resumed>) = ? [pid 474] <... exit_group resumed>) = ? [pid 476] +++ exited with 0 +++ [pid 475] <... futex resumed>) = ? [pid 475] +++ exited with 0 +++ [pid 474] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=474, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/bus") = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 477 ./strace-static-x86_64: Process 477 attached [pid 477] set_robust_list(0x5555720a9760, 24) = 0 [pid 477] chdir("./58") = 0 [pid 477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 477] setpgid(0, 0) = 0 [pid 477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 477] write(3, "1000", 4) = 4 [pid 477] close(3) = 0 [pid 477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 477] write(1, "executing program\n", 18) = 18 [pid 477] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 477] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[478]}, 88) = 478 [pid 477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 477] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 477] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[479]}, 88) = 479 [pid 477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 477] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 479 attached [pid 479] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 479] creat("./bus", 000) = 3 [pid 479] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] <... futex resumed>) = 1 [pid 479] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 479] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] <... futex resumed>) = 1 [pid 479] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 479] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 479] <... futex resumed>) = 1 [pid 479] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 479] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 479] <... futex resumed>) = 1 [pid 479] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 478 attached [pid 478] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 478] memfd_create("syzkaller", 0) = 5 [pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 478] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 478] munmap(0x7f9b9c005000, 138412032) = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.652280][ T475] loop0: detected capacity change from 0 to 256 [ 27.660041][ T475] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.670729][ T475] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 27.681165][ T475] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 478] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 478] close(5) = 0 [pid 478] close(6) = 0 [pid 478] mkdir("./file0", 0777) = 0 [pid 478] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 478] chdir("./file0") = 0 [pid 478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 478] ioctl(6, LOOP_CLR_FD) = 0 [pid 478] close(6) = 0 [pid 478] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 478] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 477] exit_group(0) = ? [pid 478] <... futex resumed>) = ? [pid 478] +++ exited with 0 +++ [pid 479] <... futex resumed>) = ? [pid 479] +++ exited with 0 +++ [pid 477] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=477, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/bus") = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 480 ./strace-static-x86_64: Process 480 attached [pid 480] set_robust_list(0x5555720a9760, 24) = 0 [pid 480] chdir("./59") = 0 [pid 480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 480] setpgid(0, 0) = 0 [pid 480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 480] write(3, "1000", 4) = 4 [pid 480] close(3) = 0 [pid 480] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 480] write(1, "executing program\n", 18) = 18 [pid 480] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 480] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 480] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[481]}, 88) = 481 [pid 480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 480] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 480] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 480] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 481 attached [], 8) = 0 [pid 480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 481] set_robust_list(0x7f9ba44469a0, 24 [pid 480] <... clone3 resumed> => {parent_tid=[482]}, 88) = 482 [pid 480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 480] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 481] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 482] creat("./bus", 000 [pid 481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 482] <... creat resumed>) = 3 [pid 482] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... futex resumed>) = 0 [pid 480] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... futex resumed>) = 1 [pid 482] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 482] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... futex resumed>) = 0 [pid 480] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... futex resumed>) = 1 [pid 482] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 482] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... futex resumed>) = 0 [pid 480] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 482] <... futex resumed>) = 1 [pid 482] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 482] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... futex resumed>) = 0 [pid 482] <... futex resumed>) = 1 [pid 482] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 481] memfd_create("syzkaller", 0) = 5 [pid 481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 481] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 481] munmap(0x7f9b9c005000, 138412032) = 0 [ 27.716406][ T478] loop0: detected capacity change from 0 to 256 [ 27.724612][ T478] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.735186][ T478] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 27.745840][ T478] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 481] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 481] close(5) = 0 [pid 481] close(6) = 0 [pid 481] mkdir("./file0", 0777) = 0 [pid 481] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 481] chdir("./file0") = 0 [pid 481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 481] ioctl(6, LOOP_CLR_FD) = 0 [pid 481] close(6) = 0 [pid 481] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 480] exit_group(0 [pid 482] <... futex resumed>) = ? [pid 480] <... exit_group resumed>) = ? [pid 482] +++ exited with 0 +++ [pid 481] <... futex resumed>) = ? [pid 481] +++ exited with 0 +++ [pid 480] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=480, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/bus") = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 484 ./strace-static-x86_64: Process 484 attached [pid 484] set_robust_list(0x5555720a9760, 24) = 0 [pid 484] chdir("./60") = 0 [pid 484] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 484] setpgid(0, 0) = 0 [pid 484] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 484] write(3, "1000", 4) = 4 [pid 484] close(3) = 0 executing program [pid 484] symlink("/dev/binderfs", "./binderfs") = 0 [pid 484] write(1, "executing program\n", 18) = 18 [pid 484] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 484] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 484] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 484] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[485]}, 88) = 485 [pid 484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 484] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 484] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 484] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 484] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[486]}, 88) = 486 [pid 484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 484] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 486 attached [pid 486] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 486] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 486] creat("./bus", 000) = 3 [pid 486] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... futex resumed>) = 0 [pid 484] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 486] <... futex resumed>) = 1 [pid 486] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 486] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... futex resumed>) = 0 [pid 484] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 486] <... futex resumed>) = 1 [pid 486] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 486] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... futex resumed>) = 0 [pid 484] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 484] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 486] <... futex resumed>) = 1 [pid 486] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 486] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... futex resumed>) = 0 [pid 486] <... futex resumed>) = 1 [pid 486] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 485 attached [pid 485] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 485] memfd_create("syzkaller", 0) = 5 [pid 485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 485] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 485] munmap(0x7f9b9c005000, 138412032) = 0 [pid 485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.785875][ T481] loop0: detected capacity change from 0 to 256 [ 27.793970][ T481] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.804646][ T481] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 27.815227][ T481] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 485] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 485] close(5) = 0 [pid 485] close(6) = 0 [pid 485] mkdir("./file0", 0777) = 0 [pid 485] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 485] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 485] chdir("./file0") = 0 [pid 485] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 485] ioctl(6, LOOP_CLR_FD) = 0 [pid 485] close(6) = 0 [pid 485] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 484] exit_group(0 [pid 486] <... futex resumed>) = ? [pid 484] <... exit_group resumed>) = ? [pid 486] +++ exited with 0 +++ [pid 485] <... futex resumed>) = ? [pid 485] +++ exited with 0 +++ [pid 484] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=484, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/bus") = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 487 ./strace-static-x86_64: Process 487 attached [pid 487] set_robust_list(0x5555720a9760, 24) = 0 [pid 487] chdir("./61") = 0 [pid 487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 487] setpgid(0, 0) = 0 [pid 487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 487] write(3, "1000", 4) = 4 [pid 487] close(3) = 0 [pid 487] symlink("/dev/binderfs", "./binderfs") = 0 [pid 487] write(1, "executing program\n", 18executing program ) = 18 [pid 487] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 487] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 487] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[488]}, 88) = 488 [pid 487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 487] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 487] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 487] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 488 attached ./strace-static-x86_64: Process 489 attached [pid 489] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 489] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 488] memfd_create("syzkaller", 0 [pid 487] <... clone3 resumed> => {parent_tid=[489]}, 88) = 489 [pid 488] <... memfd_create resumed>) = 3 [pid 488] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 487] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] creat("./bus", 000 [pid 487] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] <... creat resumed>) = 4 [pid 489] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 487] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 487] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 488] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 487] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 489] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 487] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 489] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 488] <... write resumed>) = 131072 [pid 488] munmap(0x7f9b9c005000, 138412032) = 0 [pid 488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.853235][ T485] loop0: detected capacity change from 0 to 256 [ 27.860878][ T485] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.871355][ T485] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 27.882044][ T485] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 488] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 488] close(3) = 0 [pid 488] close(6) = 0 [pid 488] mkdir("./file0", 0777) = 0 [pid 488] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 488] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 488] chdir("./file0") = 0 [pid 488] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 488] ioctl(6, LOOP_CLR_FD) = 0 [pid 488] close(6) = 0 [pid 488] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] exit_group(0 [pid 489] <... futex resumed>) = ? [pid 487] <... exit_group resumed>) = ? [pid 489] +++ exited with 0 +++ [pid 488] <... futex resumed>) = ? [pid 488] +++ exited with 0 +++ [pid 487] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=487, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/bus") = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 490 ./strace-static-x86_64: Process 490 attached [pid 490] set_robust_list(0x5555720a9760, 24) = 0 [pid 490] chdir("./62") = 0 [pid 490] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 490] setpgid(0, 0) = 0 [pid 490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 490] write(3, "1000", 4) = 4 [pid 490] close(3) = 0 [pid 490] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 490] write(1, "executing program\n", 18) = 18 [pid 490] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 490] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 490] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 490] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 490] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[491]}, 88) = 491 [pid 490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 490] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 490] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 490] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 490] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[492]}, 88) = 492 [pid 490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 490] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 492 attached [pid 492] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 492] creat("./bus", 000) = 3 [pid 492] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 490] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] <... futex resumed>) = 1 [pid 492] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 492] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 490] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] <... futex resumed>) = 1 [pid 492] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 492] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 490] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] <... futex resumed>) = 1 [pid 492] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 492] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 492] <... futex resumed>) = 1 [pid 492] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 491 attached [pid 491] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 491] memfd_create("syzkaller", 0) = 5 [pid 491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 491] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 491] munmap(0x7f9b9c005000, 138412032) = 0 [pid 491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.923828][ T488] loop0: detected capacity change from 0 to 256 [ 27.932577][ T488] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.943134][ T488] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 27.953685][ T488] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 491] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 491] close(5) = 0 [pid 491] close(6) = 0 [pid 491] mkdir("./file0", 0777) = 0 [pid 491] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 491] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 491] chdir("./file0") = 0 [pid 491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 491] ioctl(6, LOOP_CLR_FD) = 0 [pid 491] close(6) = 0 [pid 491] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 491] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 490] exit_group(0) = ? [pid 491] <... futex resumed>) = ? [pid 491] +++ exited with 0 +++ [pid 492] <... futex resumed>) = ? [pid 492] +++ exited with 0 +++ [pid 490] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=490, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/bus") = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 493 ./strace-static-x86_64: Process 493 attached [pid 493] set_robust_list(0x5555720a9760, 24) = 0 [pid 493] chdir("./63") = 0 [pid 493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 493] setpgid(0, 0) = 0 [pid 493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 493] write(3, "1000", 4) = 4 [pid 493] close(3) = 0 [pid 493] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 493] write(1, "executing program\n", 18) = 18 [pid 493] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 493] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 493] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 493] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[494]}, 88) = 494 [pid 493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 493] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 493] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 493] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[495]}, 88) = 495 [pid 493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 493] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 495 attached [pid 495] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 495] creat("./bus", 000) = 3 [pid 495] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 1 [pid 495] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 494 attached ) = 0 [pid 494] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 494] memfd_create("syzkaller", 0 [pid 495] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] <... memfd_create resumed>) = 4 [pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 495] <... futex resumed>) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 495] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... futex resumed>) = 1 [pid 494] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 495] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 495] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... futex resumed>) = 0 [pid 495] <... futex resumed>) = 1 [pid 495] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 494] <... write resumed>) = 131072 [pid 494] munmap(0x7f9b9c005000, 138412032) = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 27.989924][ T491] loop0: detected capacity change from 0 to 256 [ 27.997783][ T491] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.008283][ T491] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.019311][ T491] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 494] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 494] close(4) = 0 [pid 494] close(6) = 0 [pid 494] mkdir("./file0", 0777) = 0 [pid 494] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 494] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 494] chdir("./file0") = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 494] ioctl(6, LOOP_CLR_FD) = 0 [pid 494] close(6) = 0 [pid 494] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 494] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 493] exit_group(0) = ? [pid 494] <... futex resumed>) = ? [pid 494] +++ exited with 0 +++ [pid 495] <... futex resumed>) = ? [pid 495] +++ exited with 0 +++ [pid 493] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=493, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/bus") = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 496 ./strace-static-x86_64: Process 496 attached [pid 496] set_robust_list(0x5555720a9760, 24) = 0 [pid 496] chdir("./64") = 0 [pid 496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 496] setpgid(0, 0) = 0 [pid 496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 496] write(3, "1000", 4) = 4 [pid 496] close(3) = 0 [pid 496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 496] write(1, "executing program\n", 18) = 18 [pid 496] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 496] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 496] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 496] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[497]}, 88) = 497 [pid 496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 496] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 496] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 496] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[498]}, 88) = 498 [pid 496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 496] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 498 attached [pid 498] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 498] creat("./bus", 000) = 3 [pid 498] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 498] <... futex resumed>) = 1 [pid 498] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 498] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 498] <... futex resumed>) = 1 [pid 498] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 498] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 498] <... futex resumed>) = 1 [pid 498] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 498] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 498] <... futex resumed>) = 1 [pid 498] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 497 attached [pid 497] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 497] memfd_create("syzkaller", 0) = 5 [pid 497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 497] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 497] munmap(0x7f9b9c005000, 138412032) = 0 [pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.055387][ T494] loop0: detected capacity change from 0 to 256 [ 28.064181][ T494] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.074715][ T494] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.084657][ T494] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 497] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 497] close(5) = 0 [pid 497] close(6) = 0 [pid 497] mkdir("./file0", 0777) = 0 [pid 497] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 497] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 497] chdir("./file0") = 0 [pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 497] ioctl(6, LOOP_CLR_FD) = 0 [pid 497] close(6) = 0 [pid 497] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 497] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 496] exit_group(0) = ? [pid 497] <... futex resumed>) = ? [pid 497] +++ exited with 0 +++ [pid 498] <... futex resumed>) = ? [pid 498] +++ exited with 0 +++ [pid 496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=496, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/bus") = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 499 ./strace-static-x86_64: Process 499 attached [pid 499] set_robust_list(0x5555720a9760, 24) = 0 [pid 499] chdir("./65") = 0 [pid 499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 499] setpgid(0, 0) = 0 [pid 499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 499] write(3, "1000", 4) = 4 [pid 499] close(3) = 0 [pid 499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 499] write(1, "executing program\n", 18executing program ) = 18 [pid 499] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 499] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 500 attached => {parent_tid=[500]}, 88) = 500 [pid 499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 499] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 499] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 500] set_robust_list(0x7f9ba44469a0, 24 [pid 499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[501]}, 88) = 501 [pid 500] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 501 attached [pid 499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 499] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 500] memfd_create("syzkaller", 0 [pid 501] set_robust_list(0x7f9ba44259a0, 24 [pid 500] <... memfd_create resumed>) = 3 [pid 500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 501] <... set_robust_list resumed>) = 0 [pid 501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 501] creat("./bus", 000) = 4 [pid 500] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 501] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... futex resumed>) = 0 [pid 500] <... write resumed>) = 131072 [pid 500] munmap(0x7f9b9c005000, 138412032 [pid 501] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 500] <... munmap resumed>) = 0 [pid 501] <... mount resumed>) = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 500] ioctl(5, LOOP_SET_FD, 3 [pid 501] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] <... futex resumed>) = 0 [ 28.124035][ T497] loop0: detected capacity change from 0 to 256 [ 28.133128][ T497] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.143636][ T497] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.153856][ T497] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 499] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... futex resumed>) = 0 [pid 501] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 501] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 499] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 501] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] <... futex resumed>) = 0 [pid 501] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 500] <... ioctl resumed>) = 0 [pid 500] close(3) = 0 [pid 500] close(5) = 0 [pid 500] mkdir("./file0", 0777) = 0 [pid 500] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 500] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 500] chdir("./file0") = 0 [pid 500] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 500] ioctl(5, LOOP_CLR_FD) = 0 [pid 500] close(5) = 0 [pid 500] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] exit_group(0 [pid 501] <... futex resumed>) = ? [pid 501] +++ exited with 0 +++ [pid 499] <... exit_group resumed>) = ? [pid 500] <... futex resumed>) = ? [pid 500] +++ exited with 0 +++ [pid 499] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=499, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/bus") = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 502 ./strace-static-x86_64: Process 502 attached [pid 502] set_robust_list(0x5555720a9760, 24) = 0 [pid 502] chdir("./66") = 0 [pid 502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 502] setpgid(0, 0) = 0 [pid 502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 502] write(3, "1000", 4) = 4 [pid 502] close(3) = 0 [pid 502] symlink("/dev/binderfs", "./binderfs") = 0 [pid 502] write(1, "executing program\n", 18executing program ) = 18 [pid 502] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 502] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 502] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 502] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[503]}, 88) = 503 [pid 502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 502] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 502] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 502] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[504]}, 88) = 504 [pid 502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 502] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 504 attached [pid 504] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 504] creat("./bus", 000) = 3 [pid 504] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... futex resumed>) = 1 [pid 504] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 504] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... futex resumed>) = 1 [pid 504] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 504] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... futex resumed>) = 1 [pid 504] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 504] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] <... futex resumed>) = 0 [pid 504] <... futex resumed>) = 1 [pid 504] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 503 attached [pid 503] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 503] memfd_create("syzkaller", 0) = 5 [pid 503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 28.192682][ T500] loop0: detected capacity change from 0 to 256 [ 28.201301][ T500] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.211873][ T500] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.223070][ T500] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 503] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 503] munmap(0x7f9b9c005000, 138412032) = 0 [pid 503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 503] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 503] close(5) = 0 [pid 503] close(6) = 0 [pid 503] mkdir("./file0", 0777) = 0 [pid 503] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 503] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 503] chdir("./file0") = 0 [pid 503] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 503] ioctl(6, LOOP_CLR_FD) = 0 [pid 503] close(6) = 0 [pid 503] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 502] exit_group(0 [pid 504] <... futex resumed>) = ? [pid 502] <... exit_group resumed>) = ? [pid 504] +++ exited with 0 +++ [pid 503] <... futex resumed>) = ? [pid 503] +++ exited with 0 +++ [pid 502] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=502, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/bus") = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 505 ./strace-static-x86_64: Process 505 attached [pid 505] set_robust_list(0x5555720a9760, 24) = 0 [pid 505] chdir("./67") = 0 [pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 505] setpgid(0, 0) = 0 [pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 505] write(3, "1000", 4) = 4 [pid 505] close(3) = 0 [pid 505] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 505] write(1, "executing program\n", 18) = 18 [pid 505] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 505] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 505] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 505] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[506]}, 88) = 506 [pid 505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 505] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 505] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 505] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[507]}, 88) = 507 [pid 505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 505] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 507 attached [pid 507] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 507] creat("./bus", 000./strace-static-x86_64: Process 506 attached ) = 3 [pid 506] set_robust_list(0x7f9ba44469a0, 24 [pid 507] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 507] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 507] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 1 [pid 507] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 506] <... set_robust_list resumed>) = 0 [pid 507] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 507] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... futex resumed>) = 0 [pid 507] <... futex resumed>) = 1 [pid 507] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 506] memfd_create("syzkaller", 0) = 5 [pid 506] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 506] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 506] munmap(0x7f9b9c005000, 138412032) = 0 [pid 506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.261169][ T503] loop0: detected capacity change from 0 to 256 [ 28.268972][ T503] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.279687][ T503] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.290831][ T503] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 506] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 506] close(5) = 0 [pid 506] close(6) = 0 [pid 506] mkdir("./file0", 0777) = 0 [pid 506] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 506] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 506] chdir("./file0") = 0 [pid 506] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 506] ioctl(6, LOOP_CLR_FD) = 0 [pid 506] close(6) = 0 [pid 506] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 505] exit_group(0 [pid 507] <... futex resumed>) = ? [pid 505] <... exit_group resumed>) = ? [pid 507] +++ exited with 0 +++ [pid 506] <... futex resumed>) = ? [pid 506] +++ exited with 0 +++ [pid 505] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=505, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/bus") = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 508 ./strace-static-x86_64: Process 508 attached [pid 508] set_robust_list(0x5555720a9760, 24) = 0 executing program [pid 508] chdir("./68") = 0 [pid 508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 508] setpgid(0, 0) = 0 [pid 508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 508] write(3, "1000", 4) = 4 [pid 508] close(3) = 0 [pid 508] symlink("/dev/binderfs", "./binderfs") = 0 [pid 508] write(1, "executing program\n", 18) = 18 [pid 508] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 508] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 508] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 509 attached => {parent_tid=[509]}, 88) = 509 [pid 509] set_robust_list(0x7f9ba44469a0, 24 [pid 508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 508] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 508] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 509] <... set_robust_list resumed>) = 0 [pid 508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 509] rt_sigprocmask(SIG_SETMASK, [], [pid 508] <... clone3 resumed> => {parent_tid=[510]}, 88) = 510 [pid 508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 508] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 510 attached [pid 510] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 510] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 510] creat("./bus", 000 [pid 509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 510] <... creat resumed>) = 3 [pid 510] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 510] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 510] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 510] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 510] <... futex resumed>) = 1 [pid 510] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 509] memfd_create("syzkaller", 0) = 5 [pid 509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 509] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 509] munmap(0x7f9b9c005000, 138412032) = 0 [pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.335638][ T506] loop0: detected capacity change from 0 to 256 [ 28.344192][ T506] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.354673][ T506] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.365138][ T506] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 509] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 509] close(5) = 0 [pid 509] close(6) = 0 [pid 509] mkdir("./file0", 0777) = 0 [pid 509] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 509] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 509] chdir("./file0") = 0 [pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 509] ioctl(6, LOOP_CLR_FD) = 0 [pid 509] close(6) = 0 [pid 509] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 508] exit_group(0 [pid 510] <... futex resumed>) = ? [pid 508] <... exit_group resumed>) = ? [pid 510] +++ exited with 0 +++ [pid 509] <... futex resumed>) = ? [pid 509] +++ exited with 0 +++ [pid 508] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=508, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/bus") = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 511 ./strace-static-x86_64: Process 511 attached [pid 511] set_robust_list(0x5555720a9760, 24) = 0 [pid 511] chdir("./69") = 0 [pid 511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 511] setpgid(0, 0) = 0 [pid 511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 511] write(3, "1000", 4) = 4 [pid 511] close(3) = 0 [pid 511] symlink("/dev/binderfs", "./binderfs") = 0 [pid 511] write(1, "executing program\n", 18) = 18 [pid 511] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 511] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 511] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 511] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[512]}, 88) = 512 [pid 511] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 511] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 511] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 511] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[513]}, 88) = 513 [pid 511] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 511] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 513 attached [pid 513] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 513] creat("./bus", 000) = 3 [pid 513] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... futex resumed>) = 1 [pid 513] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 513] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... futex resumed>) = 1 [pid 513] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 513] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... futex resumed>) = 1 [pid 513] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 513] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = 0 [pid 513] <... futex resumed>) = 1 [pid 513] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 512 attached [pid 512] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 512] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 512] memfd_create("syzkaller", 0) = 5 [pid 512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 512] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 512] munmap(0x7f9b9c005000, 138412032) = 0 [pid 512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.406905][ T509] loop0: detected capacity change from 0 to 256 [ 28.414499][ T509] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.425040][ T509] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.435544][ T509] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 512] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 512] close(5) = 0 [pid 512] close(6) = 0 [pid 512] mkdir("./file0", 0777) = 0 [pid 512] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 512] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 512] chdir("./file0") = 0 [pid 512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 512] ioctl(6, LOOP_CLR_FD) = 0 [pid 512] close(6) = 0 [pid 512] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] exit_group(0 [pid 513] <... futex resumed>) = ? [pid 511] <... exit_group resumed>) = ? [pid 513] +++ exited with 0 +++ [pid 512] <... futex resumed>) = ? [pid 512] +++ exited with 0 +++ [pid 511] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=511, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/bus") = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 514 ./strace-static-x86_64: Process 514 attached [pid 514] set_robust_list(0x5555720a9760, 24) = 0 [pid 514] chdir("./70") = 0 [pid 514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 514] setpgid(0, 0) = 0 executing program [pid 514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 514] write(3, "1000", 4) = 4 [pid 514] close(3) = 0 [pid 514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 514] write(1, "executing program\n", 18) = 18 [pid 514] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 514] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 514] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[515]}, 88) = 515 [pid 514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 514] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 514] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[516]}, 88) = 516 [pid 514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 514] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 516 attached [pid 516] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 516] creat("./bus", 000) = 3 [pid 516] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 516] <... futex resumed>) = 1 [pid 516] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 516] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 516] <... futex resumed>) = 1 [pid 516] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 516] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 516] <... futex resumed>) = 1 [pid 516] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 516] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... futex resumed>) = 0 [pid 516] <... futex resumed>) = 1 [pid 516] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 515 attached [pid 515] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 515] memfd_create("syzkaller", 0) = 5 [pid 515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 515] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 515] munmap(0x7f9b9c005000, 138412032) = 0 [pid 515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.470355][ T512] loop0: detected capacity change from 0 to 256 [ 28.478198][ T512] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.488789][ T512] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.499691][ T512] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 515] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 515] close(5) = 0 [pid 515] close(6) = 0 [pid 515] mkdir("./file0", 0777) = 0 [pid 515] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 515] chdir("./file0") = 0 [pid 515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 515] ioctl(6, LOOP_CLR_FD) = 0 [pid 515] close(6) = 0 [pid 515] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 514] exit_group(0) = ? [pid 515] <... futex resumed>) = ? [pid 515] +++ exited with 0 +++ [pid 516] <... futex resumed>) = ? [pid 516] +++ exited with 0 +++ [pid 514] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=514, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/bus") = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 517 ./strace-static-x86_64: Process 517 attached [pid 517] set_robust_list(0x5555720a9760, 24) = 0 [pid 517] chdir("./71") = 0 [pid 517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 517] setpgid(0, 0) = 0 [pid 517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 517] write(3, "1000", 4) = 4 [pid 517] close(3) = 0 [pid 517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 517] write(1, "executing program\n", 18) = 18 [pid 517] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 517] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 517] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[518]}, 88) = 518 [pid 517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 517] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 517] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[519]}, 88) = 519 [pid 517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 517] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 519 attached [pid 519] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 519] creat("./bus", 000) = 3 [pid 519] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] <... futex resumed>) = 1 [pid 519] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 519] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] <... futex resumed>) = 1 [pid 519] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 519] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] <... futex resumed>) = 1 [pid 519] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 519] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 519] <... futex resumed>) = 1 [pid 519] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 518 attached [pid 518] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 518] memfd_create("syzkaller", 0) = 5 [pid 518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 518] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 518] munmap(0x7f9b9c005000, 138412032) = 0 [pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.547899][ T515] loop0: detected capacity change from 0 to 256 [ 28.556404][ T515] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.567259][ T515] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.577676][ T515] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 518] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 518] close(5) = 0 [pid 518] close(6) = 0 [pid 518] mkdir("./file0", 0777) = 0 [pid 518] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 518] chdir("./file0") = 0 [pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 518] ioctl(6, LOOP_CLR_FD) = 0 [pid 518] close(6) = 0 [pid 518] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] exit_group(0 [pid 519] <... futex resumed>) = ? [pid 517] <... exit_group resumed>) = ? [pid 519] +++ exited with 0 +++ [pid 518] <... futex resumed>) = ? [pid 518] +++ exited with 0 +++ [pid 517] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=517, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/bus") = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 520 ./strace-static-x86_64: Process 520 attached [pid 520] set_robust_list(0x5555720a9760, 24) = 0 [pid 520] chdir("./72") = 0 [pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 520] setpgid(0, 0) = 0 [pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 520] write(3, "1000", 4) = 4 [pid 520] close(3) = 0 [pid 520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 520] write(1, "executing program\n", 18executing program ) = 18 [pid 520] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 520] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 520] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 520] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 520] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[521]}, 88) = 521 [pid 520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 520] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 520] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 520] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 520] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[522]}, 88) = 522 [pid 520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 520] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 521 attached [pid 521] set_robust_list(0x7f9ba44469a0, 24) = 0 ./strace-static-x86_64: Process 522 attached [pid 521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 522] set_robust_list(0x7f9ba44259a0, 24 [pid 521] memfd_create("syzkaller", 0 [pid 522] <... set_robust_list resumed>) = 0 [pid 522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 522] creat("./bus", 000 [pid 521] <... memfd_create resumed>) = 4 [pid 522] <... creat resumed>) = 3 [pid 521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 522] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 522] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] <... futex resumed>) = 0 [pid 521] <... mmap resumed>) = 0x7f9b9c005000 [pid 520] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... futex resumed>) = 0 [pid 520] <... futex resumed>) = 1 [pid 522] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 520] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... mount resumed>) = 0 [pid 522] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... futex resumed>) = 1 [pid 522] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 521] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 522] <... open resumed>) = 5 [pid 522] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... write resumed>) = 131072 [pid 522] <... futex resumed>) = 1 [pid 521] munmap(0x7f9b9c005000, 138412032 [pid 522] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 522] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 522] <... futex resumed>) = 1 [pid 522] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 521] <... munmap resumed>) = 0 [pid 521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.614626][ T518] loop0: detected capacity change from 0 to 256 [ 28.622636][ T518] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.633236][ T518] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.643715][ T518] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 521] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 521] close(4) = 0 [pid 521] close(6) = 0 [pid 521] mkdir("./file0", 0777) = 0 [pid 521] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 521] chdir("./file0") = 0 [pid 521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 521] ioctl(6, LOOP_CLR_FD) = 0 [pid 521] close(6) = 0 [pid 521] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] exit_group(0 [pid 522] <... futex resumed>) = ? [pid 520] <... exit_group resumed>) = ? [pid 522] +++ exited with 0 +++ [pid 521] <... futex resumed>) = ? [pid 521] +++ exited with 0 +++ [pid 520] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=520, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/bus") = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 523 ./strace-static-x86_64: Process 523 attached [pid 523] set_robust_list(0x5555720a9760, 24) = 0 [pid 523] chdir("./73") = 0 [pid 523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 523] setpgid(0, 0) = 0 [pid 523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 523] write(3, "1000", 4) = 4 [pid 523] close(3) = 0 [pid 523] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 523] write(1, "executing program\n", 18) = 18 [pid 523] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 523] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 523] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 523] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[524]}, 88) = 524 [pid 523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 523] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 523] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 523] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[525]}, 88) = 525 [pid 523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 523] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 525 attached [pid 525] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 525] creat("./bus", 000./strace-static-x86_64: Process 524 attached ) = 3 [pid 524] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 525] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] memfd_create("syzkaller", 0 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 525] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... memfd_create resumed>) = 4 [pid 525] <... futex resumed>) = 1 [pid 523] <... futex resumed>) = 0 [pid 524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 525] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 0 [pid 525] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 525] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 525] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... futex resumed>) = 0 [pid 525] <... futex resumed>) = 1 [pid 525] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 524] <... mmap resumed>) = 0x7f9b9c005000 [pid 524] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 524] munmap(0x7f9b9c005000, 138412032) = 0 [pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.686717][ T521] loop0: detected capacity change from 0 to 256 [ 28.695123][ T521] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.705724][ T521] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.716296][ T521] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 524] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 524] close(4) = 0 [pid 524] close(6) = 0 [pid 524] mkdir("./file0", 0777) = 0 [pid 524] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 524] chdir("./file0") = 0 [pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 524] ioctl(6, LOOP_CLR_FD) = 0 [pid 524] close(6) = 0 [pid 524] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] exit_group(0) = ? [pid 524] <... futex resumed>) = ? [pid 524] +++ exited with 0 +++ [pid 525] <... futex resumed>) = ? [pid 525] +++ exited with 0 +++ [pid 523] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=523, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/bus") = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 527 ./strace-static-x86_64: Process 527 attached [pid 527] set_robust_list(0x5555720a9760, 24) = 0 [pid 527] chdir("./74") = 0 [pid 527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 527] setpgid(0, 0) = 0 [pid 527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 527] write(3, "1000", 4) = 4 [pid 527] close(3) = 0 [pid 527] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 527] write(1, "executing program\n", 18) = 18 [pid 527] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 527] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 527] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 527] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 527] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[528]}, 88) = 528 [pid 527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 527] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 527] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 527] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 527] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[529]}, 88) = 529 [pid 527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 527] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 527] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 529 attached [pid 529] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 529] creat("./bus", 000) = 3 [pid 529] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... futex resumed>) = 0 [pid 527] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 527] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] <... futex resumed>) = 1 [pid 529] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 529] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... futex resumed>) = 0 [pid 527] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 527] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] <... futex resumed>) = 1 [pid 529] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 529] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... futex resumed>) = 0 [pid 527] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 527] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] <... futex resumed>) = 1 [pid 529] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 529] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... futex resumed>) = 0 [pid 529] <... futex resumed>) = 1 [pid 529] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 528 attached [pid 528] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 528] memfd_create("syzkaller", 0) = 5 [pid 528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 528] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 528] munmap(0x7f9b9c005000, 138412032) = 0 [pid 528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.755543][ T524] loop0: detected capacity change from 0 to 256 [ 28.764302][ T524] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.774955][ T524] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.785303][ T524] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 528] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 528] close(5) = 0 [pid 528] close(6) = 0 [pid 528] mkdir("./file0", 0777) = 0 [pid 528] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 528] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 528] chdir("./file0") = 0 [pid 528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 528] ioctl(6, LOOP_CLR_FD) = 0 [pid 528] close(6) = 0 [pid 528] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 528] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 527] exit_group(0 [pid 529] <... futex resumed>) = ? [pid 527] <... exit_group resumed>) = ? [pid 529] +++ exited with 0 +++ [pid 528] <... futex resumed>) = ? [pid 528] +++ exited with 0 +++ [pid 527] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=527, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/bus") = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program ) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 530 ./strace-static-x86_64: Process 530 attached [pid 530] set_robust_list(0x5555720a9760, 24) = 0 [pid 530] chdir("./75") = 0 [pid 530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 530] setpgid(0, 0) = 0 [pid 530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 530] write(3, "1000", 4) = 4 [pid 530] close(3) = 0 [pid 530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 530] write(1, "executing program\n", 18) = 18 [pid 530] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 530] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 530] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 530] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 530] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[531]}, 88) = 531 [pid 530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 530] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 530] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 530] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 530] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[532]}, 88) = 532 [pid 530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 530] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 532 attached [pid 532] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 532] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 532] creat("./bus", 000) = 3 [pid 532] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 530] <... futex resumed>) = 0 [pid 530] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... futex resumed>) = 1 [pid 532] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 532] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 530] <... futex resumed>) = 0 [pid 530] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... futex resumed>) = 1 [pid 532] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 532] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 530] <... futex resumed>) = 0 [pid 530] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... futex resumed>) = 1 [pid 532] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 532] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 530] <... futex resumed>) = 0 [pid 532] <... futex resumed>) = 1 [pid 532] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 531 attached [pid 531] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 531] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 531] memfd_create("syzkaller", 0) = 5 [pid 531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 531] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 531] munmap(0x7f9b9c005000, 138412032) = 0 [pid 531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.823428][ T528] loop0: detected capacity change from 0 to 256 [ 28.831495][ T528] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.842554][ T528] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.852832][ T528] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 531] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 531] close(5) = 0 [pid 531] close(6) = 0 [pid 531] mkdir("./file0", 0777) = 0 [pid 531] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 531] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 531] chdir("./file0") = 0 [pid 531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 531] ioctl(6, LOOP_CLR_FD) = 0 [pid 531] close(6) = 0 [pid 531] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 530] exit_group(0) = ? [pid 531] <... futex resumed>) = ? [pid 531] +++ exited with 0 +++ [pid 532] <... futex resumed>) = ? [pid 532] +++ exited with 0 +++ [pid 530] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=530, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/bus") = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 533 ./strace-static-x86_64: Process 533 attached [pid 533] set_robust_list(0x5555720a9760, 24) = 0 [pid 533] chdir("./76") = 0 [pid 533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 533] setpgid(0, 0) = 0 [pid 533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 533] write(3, "1000", 4) = 4 [pid 533] close(3) = 0 [pid 533] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 533] write(1, "executing program\n", 18) = 18 [pid 533] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 533] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 533] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 533] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[534]}, 88) = 534 [pid 533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 533] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 533] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 533] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[535]}, 88) = 535 [pid 533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 533] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 535 attached [pid 535] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 535] creat("./bus", 000) = 3 [pid 535] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 533] <... futex resumed>) = 0 [pid 533] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 535] <... futex resumed>) = 1 [pid 535] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 535] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 533] <... futex resumed>) = 0 [pid 533] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 535] <... futex resumed>) = 1 [pid 535] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 535] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 533] <... futex resumed>) = 0 [pid 533] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 535] <... futex resumed>) = 1 [pid 535] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 535] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 533] <... futex resumed>) = 0 [pid 535] <... futex resumed>) = 1 [pid 535] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 534 attached [pid 534] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 534] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 534] memfd_create("syzkaller", 0) = 5 [pid 534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 534] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 534] munmap(0x7f9b9c005000, 138412032) = 0 [pid 534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.891171][ T531] loop0: detected capacity change from 0 to 256 [ 28.898800][ T531] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.909554][ T531] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.919911][ T531] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 534] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 534] close(5) = 0 [pid 534] close(6) = 0 [pid 534] mkdir("./file0", 0777) = 0 [pid 534] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 534] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 534] chdir("./file0") = 0 [pid 534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 534] ioctl(6, LOOP_CLR_FD) = 0 [pid 534] close(6) = 0 [pid 534] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 534] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 533] exit_group(0) = ? [pid 534] <... futex resumed>) = ? [pid 534] +++ exited with 0 +++ [pid 535] <... futex resumed>) = ? [pid 535] +++ exited with 0 +++ [pid 533] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=533, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/bus") = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 536 ./strace-static-x86_64: Process 536 attached [pid 536] set_robust_list(0x5555720a9760, 24) = 0 [pid 536] chdir("./77") = 0 [pid 536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 536] setpgid(0, 0) = 0 [pid 536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 536] write(3, "1000", 4) = 4 [pid 536] close(3) = 0 [pid 536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 536] write(1, "executing program\n", 18executing program ) = 18 [pid 536] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 536] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 536] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[537]}, 88) = 537 [pid 536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 536] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 536] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[538]}, 88) = 538 ./strace-static-x86_64: Process 538 attached ./strace-static-x86_64: Process 537 attached [pid 536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 536] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 538] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 538] creat("./bus", 000 [pid 537] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 538] <... creat resumed>) = 3 [pid 537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 537] memfd_create("syzkaller", 0 [pid 538] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] <... memfd_create resumed>) = 4 [pid 538] <... futex resumed>) = 1 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 538] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 538] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 538] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 538] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 538] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 537] <... mmap resumed>) = 0x7f9b9c005000 [pid 537] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 537] munmap(0x7f9b9c005000, 138412032) = 0 [pid 537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 28.958322][ T534] loop0: detected capacity change from 0 to 256 [ 28.965903][ T534] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.976776][ T534] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.987023][ T534] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 537] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 537] close(4) = 0 [pid 537] close(6) = 0 [pid 537] mkdir("./file0", 0777) = 0 [pid 537] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 537] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 537] chdir("./file0") = 0 [pid 537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 537] ioctl(6, LOOP_CLR_FD) = 0 [pid 537] close(6) = 0 [pid 537] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 537] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 536] exit_group(0 [pid 538] <... futex resumed>) = ? [pid 536] <... exit_group resumed>) = ? [pid 538] +++ exited with 0 +++ [pid 537] <... futex resumed>) = ? [pid 537] +++ exited with 0 +++ [pid 536] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=536, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/bus") = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 539 ./strace-static-x86_64: Process 539 attached executing program [pid 539] set_robust_list(0x5555720a9760, 24) = 0 [pid 539] chdir("./78") = 0 [pid 539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 539] setpgid(0, 0) = 0 [pid 539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 539] write(3, "1000", 4) = 4 [pid 539] close(3) = 0 [pid 539] symlink("/dev/binderfs", "./binderfs") = 0 [pid 539] write(1, "executing program\n", 18) = 18 [pid 539] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 539] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 539] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 539] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 539] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 539] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 540 attached => {parent_tid=[540]}, 88) = 540 [pid 539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 539] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 539] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 539] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 539] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 539] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[541]}, 88) = 541 [pid 539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 539] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 539] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 540] set_robust_list(0x7f9ba44469a0, 24./strace-static-x86_64: Process 541 attached [pid 541] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 541] creat("./bus", 000 [pid 540] <... set_robust_list resumed>) = 0 [pid 541] <... creat resumed>) = 3 [pid 540] rt_sigprocmask(SIG_SETMASK, [], [pid 541] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 539] <... futex resumed>) = 0 [pid 539] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 539] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 541] <... futex resumed>) = 1 [pid 541] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 541] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 539] <... futex resumed>) = 0 [pid 539] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 539] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 541] <... futex resumed>) = 1 [pid 541] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 541] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 539] <... futex resumed>) = 0 [pid 539] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 539] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 541] <... futex resumed>) = 1 [pid 541] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 541] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 539] <... futex resumed>) = 0 [pid 541] <... futex resumed>) = 1 [pid 541] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 540] memfd_create("syzkaller", 0) = 5 [pid 540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 540] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 540] munmap(0x7f9b9c005000, 138412032) = 0 [pid 540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.030045][ T537] loop0: detected capacity change from 0 to 256 [ 29.038659][ T537] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.049215][ T537] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.059710][ T537] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 540] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 540] close(5) = 0 [pid 540] close(6) = 0 [pid 540] mkdir("./file0", 0777) = 0 [pid 540] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 540] chdir("./file0") = 0 [pid 540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 540] ioctl(6, LOOP_CLR_FD) = 0 [pid 540] close(6) = 0 [pid 540] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 540] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 539] exit_group(0 [pid 541] <... futex resumed>) = ? [pid 539] <... exit_group resumed>) = ? [pid 541] +++ exited with 0 +++ [pid 540] <... futex resumed>) = ? [pid 540] +++ exited with 0 +++ [pid 539] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=539, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/bus") = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 542 ./strace-static-x86_64: Process 542 attached [pid 542] set_robust_list(0x5555720a9760, 24) = 0 [pid 542] chdir("./79") = 0 [pid 542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 542] setpgid(0, 0) = 0 [pid 542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 542] write(3, "1000", 4) = 4 [pid 542] close(3) = 0 [pid 542] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 542] write(1, "executing program\n", 18) = 18 [pid 542] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 542] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 542] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[543]}, 88) = 543 [pid 542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 542] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 542] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[544]}, 88) = 544 [pid 542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 542] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 544 attached [pid 544] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 544] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 544] creat("./bus", 000) = 3 [pid 544] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... futex resumed>) = 1 [pid 544] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 544] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... futex resumed>) = 1 [pid 544] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 544] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... futex resumed>) = 1 [pid 544] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 544] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 544] <... futex resumed>) = 1 [pid 544] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 543 attached [pid 543] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 543] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 543] memfd_create("syzkaller", 0) = 5 [pid 543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 543] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 543] munmap(0x7f9b9c005000, 138412032) = 0 [pid 543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.101293][ T540] loop0: detected capacity change from 0 to 256 [ 29.109071][ T540] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.119770][ T540] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.130494][ T540] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 543] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 543] close(5) = 0 [pid 543] close(6) = 0 [pid 543] mkdir("./file0", 0777) = 0 [pid 543] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 543] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 543] chdir("./file0") = 0 [pid 543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 543] ioctl(6, LOOP_CLR_FD) = 0 [pid 543] close(6) = 0 [pid 543] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 543] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 542] exit_group(0 [pid 544] <... futex resumed>) = ? [pid 542] <... exit_group resumed>) = ? [pid 544] +++ exited with 0 +++ [pid 543] <... futex resumed>) = ? [pid 543] +++ exited with 0 +++ [pid 542] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=542, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/bus") = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 545 ./strace-static-x86_64: Process 545 attached [pid 545] set_robust_list(0x5555720a9760, 24) = 0 [pid 545] chdir("./80") = 0 [pid 545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 545] setpgid(0, 0) = 0 [pid 545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 545] write(3, "1000", 4) = 4 [pid 545] close(3) = 0 [pid 545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 545] write(1, "executing program\n", 18executing program ) = 18 [pid 545] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 545] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 545] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[546]}, 88) = 546 [pid 545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 545] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 545] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[547]}, 88) = 547 [pid 545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 545] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 547 attached [pid 547] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 547] creat("./bus", 000) = 3 [pid 547] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] <... futex resumed>) = 1 [pid 547] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 547] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] <... futex resumed>) = 1 [pid 547] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 547] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] <... futex resumed>) = 1 [pid 547] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 547] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 547] <... futex resumed>) = 1 ./strace-static-x86_64: Process 546 attached [pid 547] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 546] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 546] memfd_create("syzkaller", 0) = 5 [pid 546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 546] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 546] munmap(0x7f9b9c005000, 138412032) = 0 [pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.170877][ T543] loop0: detected capacity change from 0 to 256 [ 29.178667][ T543] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.189214][ T543] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.200239][ T543] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 546] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 546] close(5) = 0 [pid 546] close(6) = 0 [pid 546] mkdir("./file0", 0777) = 0 [pid 546] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 546] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 546] chdir("./file0") = 0 [pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 546] ioctl(6, LOOP_CLR_FD) = 0 [pid 546] close(6) = 0 [pid 546] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 545] exit_group(0 [pid 547] <... futex resumed>) = ? [pid 545] <... exit_group resumed>) = ? [pid 547] +++ exited with 0 +++ [pid 546] <... futex resumed>) = ? [pid 546] +++ exited with 0 +++ [pid 545] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=545, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/bus") = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 548 ./strace-static-x86_64: Process 548 attached [pid 548] set_robust_list(0x5555720a9760, 24) = 0 [pid 548] chdir("./81") = 0 [pid 548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 548] setpgid(0, 0) = 0 [pid 548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 548] write(3, "1000", 4) = 4 [pid 548] close(3) = 0 [pid 548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 548] write(1, "executing program\n", 18executing program ) = 18 [pid 548] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 548] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 548] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[549]}, 88) = 549 [pid 548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 548] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 ./strace-static-x86_64: Process 549 attached [pid 548] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 549] set_robust_list(0x7f9ba44469a0, 24 [pid 548] <... clone3 resumed> => {parent_tid=[550]}, 88) = 550 ./strace-static-x86_64: Process 550 attached [pid 548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 548] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 549] <... set_robust_list resumed>) = 0 [pid 550] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 550] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 550] creat("./bus", 000 [pid 549] rt_sigprocmask(SIG_SETMASK, [], [pid 550] <... creat resumed>) = 3 [pid 549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 550] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 550] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 549] memfd_create("syzkaller", 0 [pid 548] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 550] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 550] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 550] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 549] <... memfd_create resumed>) = 5 [pid 549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 549] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 549] munmap(0x7f9b9c005000, 138412032) = 0 [pid 549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.239452][ T546] loop0: detected capacity change from 0 to 256 [ 29.247201][ T546] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.257783][ T546] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.269035][ T546] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 549] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 549] close(5) = 0 [pid 549] close(6) = 0 [pid 549] mkdir("./file0", 0777) = 0 [pid 549] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 549] chdir("./file0") = 0 [pid 549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 549] ioctl(6, LOOP_CLR_FD) = 0 [pid 549] close(6) = 0 [pid 549] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 548] exit_group(0 [pid 550] <... futex resumed>) = ? [pid 549] <... futex resumed>) = ? [pid 548] <... exit_group resumed>) = ? [pid 550] +++ exited with 0 +++ [pid 549] +++ exited with 0 +++ [pid 548] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=548, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/bus") = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 551 ./strace-static-x86_64: Process 551 attached [pid 551] set_robust_list(0x5555720a9760, 24) = 0 [pid 551] chdir("./82") = 0 [pid 551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 551] setpgid(0, 0) = 0 [pid 551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 551] write(3, "1000", 4) = 4 [pid 551] close(3) = 0 [pid 551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 551] write(1, "executing program\n", 18) = 18 [pid 551] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 551] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 551] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 551] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 551] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[552]}, 88) = 552 [pid 551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 551] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 551] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 551] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 551] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[553]}, 88) = 553 [pid 551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 551] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 553 attached [pid 553] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 553] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 553] creat("./bus", 000) = 3 [pid 553] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 553] <... futex resumed>) = 1 [pid 553] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 553] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 553] <... futex resumed>) = 1 [pid 553] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 553] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 553] <... futex resumed>) = 1 [pid 553] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 553] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... futex resumed>) = 0 [pid 553] <... futex resumed>) = 1 [pid 553] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 552 attached [pid 552] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 552] memfd_create("syzkaller", 0) = 5 [pid 552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 552] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 552] munmap(0x7f9b9c005000, 138412032) = 0 [pid 552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.306920][ T549] loop0: detected capacity change from 0 to 256 [ 29.314947][ T549] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.325468][ T549] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.335799][ T549] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 552] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 552] close(5) = 0 [pid 552] close(6) = 0 [pid 552] mkdir("./file0", 0777) = 0 [pid 552] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 552] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 552] chdir("./file0") = 0 [pid 552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 552] ioctl(6, LOOP_CLR_FD) = 0 [pid 552] close(6) = 0 [pid 552] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 551] exit_group(0) = ? [pid 552] <... futex resumed>) = ? [pid 552] +++ exited with 0 +++ [pid 553] <... futex resumed>) = ? [pid 553] +++ exited with 0 +++ [pid 551] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=551, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/bus") = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 554 ./strace-static-x86_64: Process 554 attached [pid 554] set_robust_list(0x5555720a9760, 24) = 0 [pid 554] chdir("./83") = 0 [pid 554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 554] setpgid(0, 0) = 0 [pid 554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 554] write(3, "1000", 4) = 4 [pid 554] close(3executing program ) = 0 [pid 554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 554] write(1, "executing program\n", 18) = 18 [pid 554] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 554] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 554] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 554] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[555]}, 88) = 555 [pid 554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 554] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 554] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 554] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[556]}, 88) = 556 [pid 554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 554] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 556 attached [pid 556] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 556] creat("./bus", 000) = 3 [pid 556] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] <... futex resumed>) = 0 [pid 554] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] <... futex resumed>) = 1 [pid 556] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 556] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] <... futex resumed>) = 0 [pid 554] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] <... futex resumed>) = 1 [pid 556] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 556] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] <... futex resumed>) = 0 [pid 554] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] <... futex resumed>) = 1 [pid 556] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 556] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] <... futex resumed>) = 0 [pid 556] <... futex resumed>) = 1 [pid 556] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 555 attached [pid 555] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 555] memfd_create("syzkaller", 0) = 5 [pid 555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 555] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 555] munmap(0x7f9b9c005000, 138412032) = 0 [pid 555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.377350][ T552] loop0: detected capacity change from 0 to 256 [ 29.385059][ T552] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.395628][ T552] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.406206][ T552] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 555] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 555] close(5) = 0 [pid 555] close(6) = 0 [pid 555] mkdir("./file0", 0777) = 0 [pid 555] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 555] chdir("./file0") = 0 [pid 555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 555] ioctl(6, LOOP_CLR_FD) = 0 [pid 555] close(6) = 0 [pid 555] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 554] exit_group(0 [pid 556] <... futex resumed>) = ? [pid 554] <... exit_group resumed>) = ? [pid 556] +++ exited with 0 +++ [pid 555] <... futex resumed>) = ? [pid 555] +++ exited with 0 +++ [pid 554] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=554, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/bus") = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 557 ./strace-static-x86_64: Process 557 attached [pid 557] set_robust_list(0x5555720a9760, 24) = 0 [pid 557] chdir("./84") = 0 [pid 557] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 557] setpgid(0, 0) = 0 [pid 557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 557] write(3, "1000", 4) = 4 [pid 557] close(3) = 0 [pid 557] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 557] write(1, "executing program\n", 18) = 18 [pid 557] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 557] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 557] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[558]}, 88) = 558 [pid 557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 557] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 557] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 558 attached ./strace-static-x86_64: Process 559 attached [pid 558] set_robust_list(0x7f9ba44469a0, 24 [pid 557] <... clone3 resumed> => {parent_tid=[559]}, 88) = 559 [pid 558] <... set_robust_list resumed>) = 0 [pid 558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 558] memfd_create("syzkaller", 0 [pid 559] set_robust_list(0x7f9ba44259a0, 24 [pid 557] rt_sigprocmask(SIG_SETMASK, [], [pid 558] <... memfd_create resumed>) = 3 [pid 559] <... set_robust_list resumed>) = 0 [pid 557] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 559] rt_sigprocmask(SIG_SETMASK, [], [pid 557] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 559] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 559] creat("./bus", 000) = 4 [pid 559] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 559] <... futex resumed>) = 1 [pid 558] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 559] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 559] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] <... write resumed>) = 131072 [pid 558] munmap(0x7f9b9c005000, 138412032 [pid 559] <... futex resumed>) = 1 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 559] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 558] <... munmap resumed>) = 0 [pid 558] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 559] <... open resumed>) = 5 [pid 558] <... openat resumed>) = 6 [pid 559] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 558] ioctl(6, LOOP_SET_FD, 3 [pid 559] <... futex resumed>) = 1 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 559] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [ 29.442193][ T555] loop0: detected capacity change from 0 to 256 [ 29.449908][ T555] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.460557][ T555] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.471121][ T555] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 559] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 559] <... futex resumed>) = 1 [pid 559] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 558] <... ioctl resumed>) = 0 [pid 558] close(3) = 0 [pid 558] close(6) = 0 [pid 558] mkdir("./file0", 0777) = 0 [pid 558] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 558] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 558] chdir("./file0") = 0 [pid 558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 558] ioctl(6, LOOP_CLR_FD) = 0 [pid 558] close(6) = 0 [pid 558] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 558] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] exit_group(0) = ? [pid 558] <... futex resumed>) = ? [pid 558] +++ exited with 0 +++ [pid 559] <... futex resumed>) = ? [pid 559] +++ exited with 0 +++ [pid 557] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=557, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/bus") = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 560 ./strace-static-x86_64: Process 560 attached [pid 560] set_robust_list(0x5555720a9760, 24) = 0 [pid 560] chdir("./85") = 0 [pid 560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 560] setpgid(0, 0) = 0 [pid 560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 560] write(3, "1000", 4) = 4 [pid 560] close(3) = 0 [pid 560] symlink("/dev/binderfs", "./binderfs") = 0 [pid 560] write(1, "executing program\n", 18executing program ) = 18 [pid 560] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 560] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 560] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 560] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 560] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[561]}, 88) = 561 ./strace-static-x86_64: Process 561 attached [pid 560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 560] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 560] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 560] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 560] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[562]}, 88) = 562 [pid 561] set_robust_list(0x7f9ba44469a0, 24 [pid 560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 560] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 562 attached [pid 562] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 562] creat("./bus", 000 [pid 561] <... set_robust_list resumed>) = 0 [pid 562] <... creat resumed>) = 3 [pid 562] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 562] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 562] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 562] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] <... futex resumed>) = 0 [pid 562] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 561] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 561] memfd_create("syzkaller", 0) = 5 [pid 561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 561] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 561] munmap(0x7f9b9c005000, 138412032) = 0 [pid 561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.520357][ T558] loop0: detected capacity change from 0 to 256 [ 29.528083][ T558] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.538681][ T558] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.549453][ T558] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 561] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 561] close(5) = 0 [pid 561] close(6) = 0 [pid 561] mkdir("./file0", 0777) = 0 [pid 561] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 561] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 561] chdir("./file0") = 0 [pid 561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 561] ioctl(6, LOOP_CLR_FD) = 0 [pid 561] close(6) = 0 [pid 561] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 560] exit_group(0 [pid 562] <... futex resumed>) = ? [pid 560] <... exit_group resumed>) = ? [pid 562] +++ exited with 0 +++ [pid 561] <... futex resumed>) = ? [pid 561] +++ exited with 0 +++ [pid 560] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=560, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/bus") = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 563 ./strace-static-x86_64: Process 563 attached [pid 563] set_robust_list(0x5555720a9760, 24) = 0 executing program [pid 563] chdir("./86") = 0 [pid 563] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 563] setpgid(0, 0) = 0 [pid 563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 563] write(3, "1000", 4) = 4 [pid 563] close(3) = 0 [pid 563] symlink("/dev/binderfs", "./binderfs") = 0 [pid 563] write(1, "executing program\n", 18) = 18 [pid 563] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 563] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 563] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 563] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 563] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[564]}, 88) = 564 [pid 563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 563] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 563] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 563] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 563] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[565]}, 88) = 565 [pid 563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 563] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 565 attached [pid 565] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 565] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 565] creat("./bus", 000) = 3 [pid 565] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 565] <... futex resumed>) = 1 [pid 565] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 565] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 565] <... futex resumed>) = 1 [pid 565] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 565] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 565] <... futex resumed>) = 1 [pid 565] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 565] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 563] <... futex resumed>) = 0 [pid 565] <... futex resumed>) = 1 [pid 565] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 564 attached [pid 564] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 564] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 564] memfd_create("syzkaller", 0) = 5 [pid 564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 564] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 564] munmap(0x7f9b9c005000, 138412032) = 0 [ 29.588366][ T561] loop0: detected capacity change from 0 to 256 [ 29.596592][ T561] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.607477][ T561] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.617571][ T561] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 564] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 564] close(5) = 0 [pid 564] close(6) = 0 [pid 564] mkdir("./file0", 0777) = 0 [pid 564] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 564] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 564] chdir("./file0") = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 564] ioctl(6, LOOP_CLR_FD) = 0 [pid 564] close(6) = 0 [pid 564] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 564] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 563] exit_group(0 [pid 565] <... futex resumed>) = ? [pid 563] <... exit_group resumed>) = ? [pid 565] +++ exited with 0 +++ [pid 564] <... futex resumed>) = ? [pid 564] +++ exited with 0 +++ [pid 563] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=563, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/bus") = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 566 ./strace-static-x86_64: Process 566 attached [pid 566] set_robust_list(0x5555720a9760, 24) = 0 [pid 566] chdir("./87") = 0 [pid 566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 566] setpgid(0, 0) = 0 [pid 566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 566] write(3, "1000", 4) = 4 [pid 566] close(3) = 0 [pid 566] symlink("/dev/binderfs", "./binderfs") = 0 [pid 566] write(1, "executing program\n", 18executing program ) = 18 [pid 566] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 566] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 566] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 566] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 567 attached => {parent_tid=[567]}, 88) = 567 [pid 566] rt_sigprocmask(SIG_SETMASK, [], [pid 567] set_robust_list(0x7f9ba44469a0, 24 [pid 566] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 567] <... set_robust_list resumed>) = 0 [pid 566] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] rt_sigprocmask(SIG_SETMASK, [], [pid 566] <... futex resumed>) = 0 [pid 567] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 566] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 567] memfd_create("syzkaller", 0 [pid 566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 566] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 567] <... memfd_create resumed>) = 3 [ 29.656378][ T564] loop0: detected capacity change from 0 to 256 [ 29.664382][ T564] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.675082][ T564] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.687663][ T564] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 566] rt_sigprocmask(SIG_BLOCK, ~[], [pid 567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 566] <... rt_sigprocmask resumed>[], 8) = 0 [pid 566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 567] <... mmap resumed>) = 0x7f9b9c005000 [pid 566] <... clone3 resumed> => {parent_tid=[568]}, 88) = 568 [pid 566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 566] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 568 attached [pid 568] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 568] creat("./bus", 000 [pid 567] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 568] <... creat resumed>) = 4 [pid 568] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 568] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 567] <... write resumed>) = 131072 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] munmap(0x7f9b9c005000, 138412032 [pid 568] <... mount resumed>) = 0 [pid 568] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] <... futex resumed>) = 1 [pid 568] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 567] <... munmap resumed>) = 0 [pid 568] <... open resumed>) = 5 [pid 567] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 568] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] <... openat resumed>) = 6 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] <... futex resumed>) = 1 [pid 568] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 567] ioctl(6, LOOP_SET_FD, 3 [pid 568] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 568] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 567] <... ioctl resumed>) = 0 [pid 567] close(3) = 0 [pid 567] close(6) = 0 [pid 567] mkdir("./file0", 0777) = 0 [pid 567] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 567] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 567] chdir("./file0") = 0 [pid 567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 567] ioctl(6, LOOP_CLR_FD) = 0 [pid 567] close(6) = 0 [pid 567] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 567] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] exit_group(0) = ? [pid 567] <... futex resumed>) = ? [pid 567] +++ exited with 0 +++ [pid 568] <... futex resumed>) = ? [pid 568] +++ exited with 0 +++ [pid 566] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=566, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/bus") = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 569 ./strace-static-x86_64: Process 569 attached [pid 569] set_robust_list(0x5555720a9760, 24) = 0 [pid 569] chdir("./88") = 0 [pid 569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 569] setpgid(0, 0) = 0 [pid 569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 569] write(3, "1000", 4) = 4 [pid 569] close(3) = 0 [pid 569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 569] write(1, "executing program\n", 18) = 18 [pid 569] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 569] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 569] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[570]}, 88) = 570 [pid 569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 569] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 569] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[571]}, 88) = 571 [pid 569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 569] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 571 attached [pid 571] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 571] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 571] creat("./bus", 000) = 3 [pid 571] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] <... futex resumed>) = 1 [pid 571] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 571] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] <... futex resumed>) = 1 [pid 571] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 571] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] <... futex resumed>) = 1 [pid 571] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 571] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 569] <... futex resumed>) = 0 [pid 571] <... futex resumed>) = 1 [pid 571] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 570 attached [pid 570] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 570] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 570] memfd_create("syzkaller", 0) = 5 [pid 570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 570] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 570] munmap(0x7f9b9c005000, 138412032) = 0 [ 29.741712][ T567] loop0: detected capacity change from 0 to 256 [ 29.749942][ T567] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.760530][ T567] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.770607][ T567] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 570] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 570] close(5) = 0 [pid 570] close(6) = 0 [pid 570] mkdir("./file0", 0777) = 0 [pid 570] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 570] chdir("./file0") = 0 [pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 570] ioctl(6, LOOP_CLR_FD) = 0 [pid 570] close(6) = 0 [pid 570] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 570] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 569] exit_group(0) = ? [pid 571] <... futex resumed>) = ? [pid 570] <... futex resumed>) = ? [pid 570] +++ exited with 0 +++ [pid 571] +++ exited with 0 +++ [pid 569] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=569, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/bus") = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 573 ./strace-static-x86_64: Process 573 attached [pid 573] set_robust_list(0x5555720a9760, 24) = 0 [pid 573] chdir("./89") = 0 [pid 573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 573] setpgid(0, 0) = 0 [pid 573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 573] write(3, "1000", 4) = 4 [pid 573] close(3) = 0 [pid 573] symlink("/dev/binderfs", "./binderfs") = 0 [pid 573] write(1, "executing program\n", 18) = 18 [pid 573] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 573] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 573] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 573] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[574]}, 88) = 574 [pid 573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 573] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 573] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 573] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[575]}, 88) = 575 [pid 573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 573] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 575 attached [pid 575] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 575] creat("./bus", 000) = 3 [pid 575] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 575] <... futex resumed>) = 1 [pid 575] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 575] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 575] <... futex resumed>) = 1 [pid 575] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 575] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 575] <... futex resumed>) = 1 [pid 575] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 575] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 575] <... futex resumed>) = 1 [pid 575] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 574 attached [pid 574] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 574] memfd_create("syzkaller", 0) = 5 [pid 574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 574] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 574] munmap(0x7f9b9c005000, 138412032) = 0 [pid 574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 574] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 574] close(5) = 0 [pid 574] close(6) = 0 [pid 574] mkdir("./file0", 0777) = 0 [ 29.807235][ T570] loop0: detected capacity change from 0 to 256 [ 29.814879][ T570] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.825857][ T570] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.836607][ T570] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 574] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 574] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 574] chdir("./file0") = 0 [pid 574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 574] ioctl(6, LOOP_CLR_FD) = 0 [pid 574] close(6) = 0 [pid 574] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 574] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] exit_group(0) = ? [pid 574] <... futex resumed>) = ? [pid 574] +++ exited with 0 +++ [pid 575] <... futex resumed>) = ? [pid 575] +++ exited with 0 +++ [pid 573] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=573, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/bus") = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 576 ./strace-static-x86_64: Process 576 attached [pid 576] set_robust_list(0x5555720a9760, 24) = 0 [pid 576] chdir("./90") = 0 [pid 576] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 576] setpgid(0, 0) = 0 [pid 576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 576] write(3, "1000", 4) = 4 [pid 576] close(3) = 0 [pid 576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 576] write(1, "executing program\n", 18) = 18 [pid 576] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 576] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[577]}, 88) = 577 [pid 576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 576] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 576] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[578]}, 88) = 578 [pid 576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 576] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 578 attached [pid 578] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 578] creat("./bus", 000) = 3 [pid 578] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] <... futex resumed>) = 1 [pid 578] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 578] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] <... futex resumed>) = 1 [pid 578] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 578] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 576] <... futex resumed>) = 0 [pid 576] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 578] <... futex resumed>) = 1 [pid 578] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 578] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 576] <... futex resumed>) = 0 [pid 578] <... futex resumed>) = 1 [pid 578] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 577 attached [pid 577] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 577] memfd_create("syzkaller", 0) = 5 [pid 577] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 29.875479][ T574] loop0: detected capacity change from 0 to 256 [ 29.884037][ T574] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.894592][ T574] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.904619][ T574] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 577] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 577] munmap(0x7f9b9c005000, 138412032) = 0 [pid 577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 577] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 577] close(5) = 0 [pid 577] close(6) = 0 [pid 577] mkdir("./file0", 0777) = 0 [pid 577] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 577] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 577] chdir("./file0") = 0 [pid 577] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 577] ioctl(6, LOOP_CLR_FD) = 0 [pid 577] close(6) = 0 [pid 577] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 577] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 576] exit_group(0 [pid 578] <... futex resumed>) = ? [pid 576] <... exit_group resumed>) = ? [pid 578] +++ exited with 0 +++ [pid 577] <... futex resumed>) = ? [pid 577] +++ exited with 0 +++ [pid 576] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=576, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/bus") = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 579 ./strace-static-x86_64: Process 579 attached [pid 579] set_robust_list(0x5555720a9760, 24) = 0 [pid 579] chdir("./91") = 0 [pid 579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 579] setpgid(0, 0) = 0 executing program [pid 579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 579] write(3, "1000", 4) = 4 [pid 579] close(3) = 0 [pid 579] symlink("/dev/binderfs", "./binderfs") = 0 [pid 579] write(1, "executing program\n", 18) = 18 [pid 579] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 579] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 579] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 579] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 579] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[580]}, 88) = 580 [pid 579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 579] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 579] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 579] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 579] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[581]}, 88) = 581 [pid 579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 579] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 580 attached [pid 580] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 580] memfd_create("syzkaller", 0) = 3 [pid 580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 ./strace-static-x86_64: Process 581 attached [pid 581] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 581] creat("./bus", 000) = 4 [pid 581] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 579] <... futex resumed>) = 0 [pid 579] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 581] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 581] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 580] <... write resumed>) = 131072 [pid 579] <... futex resumed>) = 0 [pid 579] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 581] <... futex resumed>) = 1 [pid 581] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 581] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] <... futex resumed>) = 0 [pid 579] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 581] <... futex resumed>) = 1 [pid 581] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 581] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 579] <... futex resumed>) = 0 [pid 581] <... futex resumed>) = 1 [pid 581] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 580] munmap(0x7f9b9c005000, 138412032) = 0 [pid 580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 29.942400][ T577] loop0: detected capacity change from 0 to 256 [ 29.950172][ T577] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.960694][ T577] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.970894][ T577] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 580] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 580] close(3) = 0 [pid 580] close(6) = 0 [pid 580] mkdir("./file0", 0777) = 0 [pid 580] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 580] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 580] chdir("./file0") = 0 [pid 580] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 580] ioctl(6, LOOP_CLR_FD) = 0 [pid 580] close(6) = 0 [pid 580] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 580] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 579] exit_group(0) = ? [pid 580] <... futex resumed>) = ? [pid 580] +++ exited with 0 +++ [pid 581] <... futex resumed>) = ? [pid 581] +++ exited with 0 +++ [pid 579] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=579, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/bus") = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 582 ./strace-static-x86_64: Process 582 attached [pid 582] set_robust_list(0x5555720a9760, 24) = 0 [pid 582] chdir("./92") = 0 [pid 582] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 582] setpgid(0, 0) = 0 [pid 582] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 582] write(3, "1000", 4) = 4 [pid 582] close(3) = 0 [pid 582] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 582] write(1, "executing program\n", 18) = 18 [pid 582] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 582] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 582] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 582] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 582] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[583]}, 88) = 583 [pid 582] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 582] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 582] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 582] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 582] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[584]}, 88) = 584 [pid 582] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 582] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 584 attached [pid 584] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 584] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 584] creat("./bus", 000) = 3 [pid 584] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 582] <... futex resumed>) = 0 [pid 582] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] <... futex resumed>) = 1 [pid 584] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 584] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 582] <... futex resumed>) = 0 [pid 582] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] <... futex resumed>) = 1 [pid 584] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 584] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 582] <... futex resumed>) = 0 [pid 582] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 584] <... futex resumed>) = 1 [pid 584] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 584] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 582] <... futex resumed>) = 0 [pid 584] <... futex resumed>) = 1 [pid 584] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 583 attached [pid 583] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 583] memfd_create("syzkaller", 0) = 5 [pid 583] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 30.011420][ T580] loop0: detected capacity change from 0 to 256 [ 30.020632][ T580] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.031323][ T580] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 30.042063][ T580] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 583] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 583] munmap(0x7f9b9c005000, 138412032) = 0 [pid 583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 583] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 583] close(5) = 0 [pid 583] close(6) = 0 [pid 583] mkdir("./file0", 0777) = 0 [pid 583] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 583] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 583] chdir("./file0") = 0 [pid 583] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 583] ioctl(6, LOOP_CLR_FD) = 0 [pid 583] close(6) = 0 [pid 583] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 582] exit_group(0 [pid 584] <... futex resumed>) = ? [pid 582] <... exit_group resumed>) = ? [pid 584] +++ exited with 0 +++ [pid 583] <... futex resumed>) = ? [pid 583] +++ exited with 0 +++ [pid 582] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=582, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/bus") = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 585 ./strace-static-x86_64: Process 585 attached [pid 585] set_robust_list(0x5555720a9760, 24) = 0 [pid 585] chdir("./93") = 0 [pid 585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 585] setpgid(0, 0) = 0 [pid 585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 585] write(3, "1000", 4) = 4 [pid 585] close(3) = 0 [pid 585] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 585] write(1, "executing program\n", 18) = 18 [pid 585] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 585] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 585] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[586]}, 88) = 586 [pid 585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 585] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 585] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[587]}, 88) = 587 [pid 585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 585] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 587 attached [pid 587] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 587] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 587] creat("./bus", 000) = 3 [pid 587] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 587] <... futex resumed>) = 1 [pid 587] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 587] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 587] <... futex resumed>) = 1 [pid 587] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 587] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 587] <... futex resumed>) = 1 [pid 587] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 587] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] <... futex resumed>) = 0 [pid 587] <... futex resumed>) = 1 [pid 587] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 586 attached [pid 586] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 586] memfd_create("syzkaller", 0) = 5 [pid 586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 586] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 586] munmap(0x7f9b9c005000, 138412032) = 0 [pid 586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 30.082620][ T583] loop0: detected capacity change from 0 to 256 [ 30.091010][ T583] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.101612][ T583] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 30.112360][ T583] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 586] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 586] close(5) = 0 [pid 586] close(6) = 0 [pid 586] mkdir("./file0", 0777) = 0 [pid 586] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 586] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 586] chdir("./file0") = 0 [pid 586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 586] ioctl(6, LOOP_CLR_FD) = 0 [pid 586] close(6) = 0 [pid 586] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 586] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 585] exit_group(0 [pid 587] <... futex resumed>) = ? [pid 585] <... exit_group resumed>) = ? [pid 587] +++ exited with 0 +++ [pid 586] <... futex resumed>) = ? [pid 586] +++ exited with 0 +++ [pid 585] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=585, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/bus") = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 588 ./strace-static-x86_64: Process 588 attached [pid 588] set_robust_list(0x5555720a9760, 24) = 0 [pid 588] chdir("./94") = 0 [pid 588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 588] setpgid(0, 0) = 0 [pid 588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 588] write(3, "1000", 4) = 4 [pid 588] close(3) = 0 [pid 588] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 588] write(1, "executing program\n", 18) = 18 [pid 588] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 588] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 588] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[589]}, 88) = 589 [pid 588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 588] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 588] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[590]}, 88) = 590 [pid 588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 588] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 590 attached [pid 590] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 590] creat("./bus", 000) = 3 [pid 590] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 588] <... futex resumed>) = 0 [pid 588] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] <... futex resumed>) = 1 [pid 590] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 590] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 588] <... futex resumed>) = 0 [pid 588] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] <... futex resumed>) = 1 [pid 590] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 590] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 588] <... futex resumed>) = 0 [pid 588] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] <... futex resumed>) = 1 [pid 590] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 590] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 588] <... futex resumed>) = 0 [pid 590] <... futex resumed>) = 1 [pid 590] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 589 attached [pid 589] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 589] memfd_create("syzkaller", 0) = 5 [pid 589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 30.150728][ T586] loop0: detected capacity change from 0 to 256 [ 30.158299][ T586] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.169039][ T586] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 30.179412][ T586] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 589] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 589] munmap(0x7f9b9c005000, 138412032) = 0 [pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 589] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 589] close(5) = 0 [pid 589] close(6) = 0 [pid 589] mkdir("./file0", 0777) = 0 [pid 589] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 589] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 589] chdir("./file0") = 0 [pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 589] ioctl(6, LOOP_CLR_FD) = 0 [pid 589] close(6) = 0 [pid 589] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 588] exit_group(0 [pid 590] <... futex resumed>) = ? [pid 588] <... exit_group resumed>) = ? [pid 590] +++ exited with 0 +++ [pid 589] <... futex resumed>) = ? [pid 589] +++ exited with 0 +++ [pid 588] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=588, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/bus") = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 591 ./strace-static-x86_64: Process 591 attached [pid 591] set_robust_list(0x5555720a9760, 24) = 0 [pid 591] chdir("./95") = 0 [pid 591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 591] setpgid(0, 0) = 0 [pid 591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 591] write(3, "1000", 4) = 4 [pid 591] close(3) = 0 [pid 591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 591] write(1, "executing program\n", 18) = 18 [pid 591] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 591] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 591] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[592]}, 88) = 592 [pid 591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 591] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 591] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[593]}, 88) = 593 [pid 591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 591] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 593 attached [pid 593] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 593] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 593] creat("./bus", 000) = 3 [pid 593] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 593] <... futex resumed>) = 1 [pid 593] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 593] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 593] <... futex resumed>) = 1 [pid 593] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 593] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 593] <... futex resumed>) = 1 [pid 593] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 593] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 593] <... futex resumed>) = 1 [pid 593] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 592 attached [pid 592] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 592] memfd_create("syzkaller", 0) = 5 [pid 592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 592] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 592] munmap(0x7f9b9c005000, 138412032) = 0 [pid 592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 30.218224][ T589] loop0: detected capacity change from 0 to 256 [ 30.226753][ T589] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.237435][ T589] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 30.248088][ T589] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 592] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 592] close(5) = 0 [pid 592] close(6) = 0 [pid 592] mkdir("./file0", 0777) = 0 [pid 592] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 592] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 592] chdir("./file0") = 0 [pid 592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 592] ioctl(6, LOOP_CLR_FD) = 0 [pid 592] close(6) = 0 [pid 592] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 592] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 591] exit_group(0 [pid 593] <... futex resumed>) = ? [pid 591] <... exit_group resumed>) = ? [pid 593] +++ exited with 0 +++ [pid 592] <... futex resumed>) = ? [pid 592] +++ exited with 0 +++ [pid 591] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=591, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/bus") = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 594 ./strace-static-x86_64: Process 594 attached [pid 594] set_robust_list(0x5555720a9760, 24) = 0 [pid 594] chdir("./96") = 0 [pid 594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 594] setpgid(0, 0) = 0 executing program [pid 594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 594] write(3, "1000", 4) = 4 [pid 594] close(3) = 0 [pid 594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 594] write(1, "executing program\n", 18) = 18 [pid 594] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 594] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 594] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[595]}, 88) = 595 [pid 594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 594] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 594] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[596]}, 88) = 596 [pid 594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 594] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 596 attached [pid 596] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 596] creat("./bus", 000) = 3 [pid 596] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 1 [pid 596] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 596] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 1 [pid 596] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 596] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 1 [pid 596] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 596] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] <... futex resumed>) = 0 [pid 596] <... futex resumed>) = 1 [pid 596] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 595 attached [pid 595] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 595] memfd_create("syzkaller", 0) = 5 [pid 595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 595] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 595] munmap(0x7f9b9c005000, 138412032) = 0 [pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 30.285456][ T592] loop0: detected capacity change from 0 to 256 [ 30.293077][ T592] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.303660][ T592] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 30.314423][ T592] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 595] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 595] close(5) = 0 [pid 595] close(6) = 0 [pid 595] mkdir("./file0", 0777) = 0 [pid 595] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 595] chdir("./file0") = 0 [pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 595] ioctl(6, LOOP_CLR_FD) = 0 [pid 595] close(6) = 0 [pid 595] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 594] exit_group(0) = ? [pid 595] <... futex resumed>) = ? [pid 595] +++ exited with 0 +++ [pid 596] <... futex resumed>) = ? [pid 596] +++ exited with 0 +++ [pid 594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=594, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/bus") = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 597 executing program ./strace-static-x86_64: Process 597 attached [pid 597] set_robust_list(0x5555720a9760, 24) = 0 [pid 597] chdir("./97") = 0 [pid 597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 597] setpgid(0, 0) = 0 [pid 597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 597] write(3, "1000", 4) = 4 [pid 597] close(3) = 0 [pid 597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 597] write(1, "executing program\n", 18) = 18 [pid 597] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 597] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 597] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[598]}, 88) = 598 [pid 597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 597] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 597] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[599]}, 88) = 599 [pid 597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 597] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 599 attached [pid 599] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 599] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 599] creat("./bus", 000) = 3 [pid 599] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 597] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 599] <... futex resumed>) = 1 [pid 599] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 599] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 597] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 599] <... futex resumed>) = 1 [pid 599] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 599] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 597] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 599] <... futex resumed>) = 1 [pid 599] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 599] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] <... futex resumed>) = 0 [pid 599] <... futex resumed>) = 1 [pid 599] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 598 attached [pid 598] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 598] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 598] memfd_create("syzkaller", 0) = 5 [pid 598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 598] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 598] munmap(0x7f9b9c005000, 138412032) = 0 [pid 598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 30.352973][ T595] loop0: detected capacity change from 0 to 256 [ 30.360587][ T595] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.371159][ T595] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 30.382223][ T595] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 598] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 598] close(5) = 0 [pid 598] close(6) = 0 [pid 598] mkdir("./file0", 0777) = 0 [pid 598] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 598] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 598] chdir("./file0") = 0 [pid 598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 598] ioctl(6, LOOP_CLR_FD) = 0 [pid 598] close(6) = 0 [pid 598] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 598] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 597] exit_group(0) = ? [pid 598] <... futex resumed>) = ? [pid 598] +++ exited with 0 +++ [pid 599] <... futex resumed>) = ? [pid 599] +++ exited with 0 +++ [pid 597] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=597, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/bus") = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 600 ./strace-static-x86_64: Process 600 attached [pid 600] set_robust_list(0x5555720a9760, 24) = 0 [pid 600] chdir("./98") = 0 [pid 600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 600] setpgid(0, 0executing program ) = 0 [pid 600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 600] write(3, "1000", 4) = 4 [pid 600] close(3) = 0 [pid 600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 600] write(1, "executing program\n", 18) = 18 [pid 600] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 600] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 600] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[601]}, 88) = 601 ./strace-static-x86_64: Process 601 attached [pid 600] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 600] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 600] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 600] rt_sigprocmask(SIG_BLOCK, ~[], [pid 601] set_robust_list(0x7f9ba44469a0, 24 [pid 600] <... rt_sigprocmask resumed>[], 8) = 0 [pid 600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 601] <... set_robust_list resumed>) = 0 [pid 600] <... clone3 resumed> => {parent_tid=[602]}, 88) = 602 [pid 601] rt_sigprocmask(SIG_SETMASK, [], [pid 600] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 600] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 602 attached [pid 602] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 602] rt_sigprocmask(SIG_SETMASK, [], [pid 601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 602] creat("./bus", 000 [pid 601] memfd_create("syzkaller", 0 [pid 602] <... creat resumed>) = 3 [pid 601] <... memfd_create resumed>) = 4 [pid 602] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] <... futex resumed>) = 0 [pid 600] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 602] <... futex resumed>) = 1 [pid 602] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 601] <... mmap resumed>) = 0x7f9b9c005000 [pid 602] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] <... futex resumed>) = 0 [pid 600] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = 1 [pid 602] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 602] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] <... futex resumed>) = 0 [pid 600] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = 1 [pid 602] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 602] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 600] <... futex resumed>) = 0 [pid 602] <... futex resumed>) = 1 [pid 602] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 601] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 601] munmap(0x7f9b9c005000, 138412032) = 0 [pid 601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 30.420703][ T598] loop0: detected capacity change from 0 to 256 [ 30.429501][ T598] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.440313][ T598] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 30.451259][ T598] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 601] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 601] close(4) = 0 [pid 601] close(6) = 0 [pid 601] mkdir("./file0", 0777) = 0 [pid 601] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 601] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 601] chdir("./file0") = 0 [pid 601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 601] ioctl(6, LOOP_CLR_FD) = 0 [pid 601] close(6) = 0 [pid 601] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 600] exit_group(0 [pid 602] <... futex resumed>) = ? [pid 600] <... exit_group resumed>) = ? [pid 602] +++ exited with 0 +++ [pid 601] <... futex resumed>) = ? [pid 601] +++ exited with 0 +++ [pid 600] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=600, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/bus") = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 603 ./strace-static-x86_64: Process 603 attached [pid 603] set_robust_list(0x5555720a9760, 24) = 0 [pid 603] chdir("./99") = 0 [pid 603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 603] setpgid(0, 0) = 0 [pid 603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 603] write(3, "1000", 4) = 4 [pid 603] close(3) = 0 [pid 603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 603] write(1, "executing program\n", 18executing program ) = 18 [pid 603] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 603] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 603] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 603] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 604 attached => {parent_tid=[604]}, 88) = 604 [pid 604] set_robust_list(0x7f9ba44469a0, 24 [pid 603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 603] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 603] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 603] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 605 attached => {parent_tid=[605]}, 88) = 605 [pid 603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 603] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 604] <... set_robust_list resumed>) = 0 [pid 604] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 604] memfd_create("syzkaller", 0 [pid 605] set_robust_list(0x7f9ba44259a0, 24 [pid 604] <... memfd_create resumed>) = 3 [pid 604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 605] <... set_robust_list resumed>) = 0 [pid 605] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 605] creat("./bus", 000) = 4 [pid 605] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 604] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 605] <... futex resumed>) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 605] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 605] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 604] <... write resumed>) = 131072 [pid 604] munmap(0x7f9b9c005000, 138412032 [pid 605] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 603] <... futex resumed>) = 0 [pid 604] <... munmap resumed>) = 0 [pid 603] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 603] <... futex resumed>) = 1 [pid 605] <... futex resumed>) = 0 [pid 603] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 605] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 604] ioctl(5, LOOP_SET_FD, 3 [pid 605] <... open resumed>) = 6 [pid 605] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 30.495331][ T601] loop0: detected capacity change from 0 to 256 [ 30.504039][ T601] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.515057][ T601] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 30.525901][ T601] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 605] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 605] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 603] <... futex resumed>) = 0 [pid 605] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 604] <... ioctl resumed>) = 0 [pid 604] close(3) = 0 [pid 604] close(5) = 0 [pid 604] mkdir("./file0", 0777) = 0 [pid 604] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 604] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 604] chdir("./file0") = 0 [pid 604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 604] ioctl(5, LOOP_CLR_FD) = 0 [pid 604] close(5) = 0 [pid 604] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 604] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 603] exit_group(0) = ? [pid 604] <... futex resumed>) = ? [pid 605] <... futex resumed>) = ? [pid 604] +++ exited with 0 +++ [pid 605] +++ exited with 0 +++ [pid 603] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=603, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/bus") = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 606 ./strace-static-x86_64: Process 606 attached [pid 606] set_robust_list(0x5555720a9760, 24) = 0 [pid 606] chdir("./100") = 0 [pid 606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 606] setpgid(0, 0) = 0 executing program [pid 606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 606] write(3, "1000", 4) = 4 [pid 606] close(3) = 0 [pid 606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 606] write(1, "executing program\n", 18) = 18 [pid 606] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 606] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 606] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[607]}, 88) = 607 [pid 606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 606] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 606] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[608]}, 88) = 608 [pid 606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 606] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 608 attached [pid 608] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 608] creat("./bus", 000) = 3 [pid 608] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... futex resumed>) = 1 [pid 608] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 608] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... futex resumed>) = 1 [pid 608] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 608] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... futex resumed>) = 1 [pid 608] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 608] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 606] <... futex resumed>) = 0 ./strace-static-x86_64: Process 607 attached [pid 608] <... futex resumed>) = 1 [pid 608] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 607] memfd_create("syzkaller", 0) = 5 [pid 607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 30.572662][ T604] loop0: detected capacity change from 0 to 256 [ 30.581021][ T604] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.592060][ T604] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 30.602637][ T604] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 607] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 607] munmap(0x7f9b9c005000, 138412032) = 0 [pid 607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 607] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 607] close(5) = 0 [pid 607] close(6) = 0 [pid 607] mkdir("./file0", 0777) = 0 [pid 607] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 607] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 607] chdir("./file0") = 0 [pid 607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 607] ioctl(6, LOOP_CLR_FD) = 0 [pid 607] close(6) = 0 [pid 607] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 606] exit_group(0 [pid 608] <... futex resumed>) = ? [pid 606] <... exit_group resumed>) = ? [pid 608] +++ exited with 0 +++ [pid 607] <... futex resumed>) = ? [pid 607] +++ exited with 0 +++ [pid 606] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=606, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./100/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/bus") = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 609 ./strace-static-x86_64: Process 609 attached [pid 609] set_robust_list(0x5555720a9760, 24) = 0 [pid 609] chdir("./101") = 0 [pid 609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 609] setpgid(0, 0) = 0 [pid 609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 609] write(3, "1000", 4) = 4 [pid 609] close(3) = 0 [pid 609] symlink("/dev/binderfs", "./binderfs") = 0 [pid 609] write(1, "executing program\n", 18) = 18 [pid 609] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 609] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 609] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[610]}, 88) = 610 [pid 609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 609] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 609] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 610 attached [pid 610] set_robust_list(0x7f9ba44469a0, 24 [pid 609] <... mprotect resumed>) = 0 [pid 610] <... set_robust_list resumed>) = 0 [pid 609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 610] rt_sigprocmask(SIG_SETMASK, [], [pid 609] <... clone3 resumed> => {parent_tid=[611]}, 88) = 611 ./strace-static-x86_64: Process 611 attached [pid 609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 609] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 610] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 611] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 610] memfd_create("syzkaller", 0 [pid 611] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 611] creat("./bus", 000 [pid 610] <... memfd_create resumed>) = 4 [pid 611] <... creat resumed>) = 3 [pid 610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 611] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 611] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 610] <... mmap resumed>) = 0x7f9b9c005000 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 611] <... futex resumed>) = 0 [pid 611] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 610] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 611] <... mount resumed>) = 0 [pid 611] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 610] <... write resumed>) = 131072 [pid 611] <... futex resumed>) = 1 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 611] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 611] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 611] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 610] munmap(0x7f9b9c005000, 138412032 [pid 611] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] <... futex resumed>) = 0 [pid 610] <... munmap resumed>) = 0 [pid 611] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 30.655861][ T607] loop0: detected capacity change from 0 to 256 [ 30.664489][ T607] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.675202][ T607] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 30.685765][ T607] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 610] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 610] close(4) = 0 [pid 610] close(6) = 0 [pid 610] mkdir("./file0", 0777) = 0 [pid 610] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 610] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 610] chdir("./file0") = 0 [pid 610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 610] ioctl(6, LOOP_CLR_FD) = 0 [pid 610] close(6) = 0 [pid 610] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 610] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 609] exit_group(0 [pid 611] <... futex resumed>) = ? [pid 609] <... exit_group resumed>) = ? [pid 611] +++ exited with 0 +++ [pid 610] <... futex resumed>) = ? [pid 610] +++ exited with 0 +++ [pid 609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=609, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 umount2("./101/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/bus") = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 612 ./strace-static-x86_64: Process 612 attached [pid 612] set_robust_list(0x5555720a9760, 24) = 0 [pid 612] chdir("./102") = 0 [pid 612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 612] setpgid(0, 0) = 0 [pid 612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 612] write(3, "1000", 4) = 4 [pid 612] close(3) = 0 [pid 612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 612] write(1, "executing program\n", 18) = 18 [pid 612] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 612] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 613 attached => {parent_tid=[613]}, 88) = 613 [pid 612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 612] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 613] set_robust_list(0x7f9ba44469a0, 24 [pid 612] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 613] <... set_robust_list resumed>) = 0 [pid 613] rt_sigprocmask(SIG_SETMASK, [], [pid 612] <... mprotect resumed>) = 0 [pid 612] rt_sigprocmask(SIG_BLOCK, ~[], [pid 613] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 612] <... rt_sigprocmask resumed>[], 8) = 0 [pid 612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[614]}, 88) = 614 [pid 612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 612] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 614 attached [pid 614] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 614] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 614] creat("./bus", 000 [pid 613] memfd_create("syzkaller", 0 [pid 614] <... creat resumed>) = 3 [pid 614] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 614] <... futex resumed>) = 1 [pid 613] <... memfd_create resumed>) = 4 [pid 612] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 614] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] <... futex resumed>) = 1 [pid 614] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 614] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] <... futex resumed>) = 1 [pid 614] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 614] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 612] <... futex resumed>) = 0 [pid 614] <... futex resumed>) = 1 [pid 613] <... mmap resumed>) = 0x7f9b9c005000 [pid 614] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 613] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 613] munmap(0x7f9b9c005000, 138412032) = 0 [pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 30.727956][ T610] loop0: detected capacity change from 0 to 256 [ 30.735824][ T610] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.746404][ T610] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 30.756932][ T610] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 613] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 613] close(4) = 0 [pid 613] close(6) = 0 [pid 613] mkdir("./file0", 0777) = 0 [pid 613] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 613] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 613] chdir("./file0") = 0 [pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 613] ioctl(6, LOOP_CLR_FD) = 0 [pid 613] close(6) = 0 [pid 613] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 612] exit_group(0) = ? [pid 613] <... futex resumed>) = ? [pid 613] +++ exited with 0 +++ [pid 614] <... futex resumed>) = ? [pid 614] +++ exited with 0 +++ [pid 612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=612, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 umount2("./102/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./102/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/bus") = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 616 ./strace-static-x86_64: Process 616 attached [pid 616] set_robust_list(0x5555720a9760, 24) = 0 [pid 616] chdir("./103") = 0 [pid 616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 616] setpgid(0, 0) = 0 [pid 616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 616] write(3, "1000", 4) = 4 [pid 616] close(3) = 0 [pid 616] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 616] write(1, "executing program\n", 18) = 18 [pid 616] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 616] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 616] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 616] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 616] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 616] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 617 attached => {parent_tid=[617]}, 88) = 617 [pid 616] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 616] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 617] set_robust_list(0x7f9ba44469a0, 24 [pid 616] <... futex resumed>) = 0 [pid 616] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 617] <... set_robust_list resumed>) = 0 [pid 616] <... futex resumed>) = 0 [pid 616] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 616] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 617] rt_sigprocmask(SIG_SETMASK, [], [pid 616] <... mprotect resumed>) = 0 [pid 617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 617] memfd_create("syzkaller", 0 [pid 616] rt_sigprocmask(SIG_BLOCK, ~[], [pid 617] <... memfd_create resumed>) = 3 [pid 617] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 616] <... rt_sigprocmask resumed>[], 8) = 0 [pid 616] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 618 attached [pid 618] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 618] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 618] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 616] <... clone3 resumed> => {parent_tid=[618]}, 88) = 618 [pid 616] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 616] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 617] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 618] <... futex resumed>) = 0 [pid 616] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 618] creat("./bus", 000) = 4 [pid 617] <... write resumed>) = 131072 [pid 618] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 617] munmap(0x7f9b9c005000, 138412032 [pid 618] <... futex resumed>) = 1 [pid 616] <... futex resumed>) = 0 [pid 618] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 617] <... munmap resumed>) = 0 [pid 616] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 617] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 616] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 618] <... mount resumed>) = 0 [pid 618] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 617] <... openat resumed>) = 5 [ 30.799768][ T613] loop0: detected capacity change from 0 to 256 [ 30.807990][ T613] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.818760][ T613] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 30.829006][ T613] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 617] ioctl(5, LOOP_SET_FD, 3 [pid 616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 616] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 617] <... ioctl resumed>) = 0 [pid 618] <... futex resumed>) = 0 [pid 616] <... futex resumed>) = 1 [pid 618] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 616] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 618] <... open resumed>) = 6 [pid 618] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 616] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 616] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 618] <... futex resumed>) = 0 [pid 616] <... futex resumed>) = 1 [pid 616] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 618] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 618] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 617] close(3 [pid 618] <... futex resumed>) = 1 [pid 618] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 616] <... futex resumed>) = 0 [pid 617] <... close resumed>) = 0 [pid 617] close(5) = 0 [pid 617] mkdir("./file0", 0777) = 0 [pid 617] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 617] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 617] chdir("./file0") = 0 [pid 617] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 617] ioctl(5, LOOP_CLR_FD) = 0 [pid 617] close(5) = 0 [pid 617] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 617] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 616] exit_group(0 [pid 618] <... futex resumed>) = ? [pid 616] <... exit_group resumed>) = ? [pid 618] +++ exited with 0 +++ [pid 617] <... futex resumed>) = ? [pid 617] +++ exited with 0 +++ [pid 616] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=616, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 umount2("./103/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./103/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/bus") = 0 umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 619 ./strace-static-x86_64: Process 619 attached [pid 619] set_robust_list(0x5555720a9760, 24) = 0 [pid 619] chdir("./104") = 0 [pid 619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 619] setpgid(0, 0) = 0 [pid 619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 619] write(3, "1000", 4) = 4 [pid 619] close(3) = 0 [pid 619] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 619] write(1, "executing program\n", 18) = 18 [pid 619] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 619] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 619] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 619] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 619] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 620 attached => {parent_tid=[620]}, 88) = 620 [pid 619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 619] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 620] set_robust_list(0x7f9ba44469a0, 24 [pid 619] <... mmap resumed>) = 0x7f9ba4405000 [pid 620] <... set_robust_list resumed>) = 0 [pid 620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 620] memfd_create("syzkaller", 0 [pid 619] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 620] <... memfd_create resumed>) = 3 [pid 620] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 619] <... mprotect resumed>) = 0 [pid 619] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 619] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 621 attached [pid 620] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 619] <... clone3 resumed> => {parent_tid=[621]}, 88) = 621 [pid 621] set_robust_list(0x7f9ba44259a0, 24 [pid 619] rt_sigprocmask(SIG_SETMASK, [], [pid 621] <... set_robust_list resumed>) = 0 [pid 619] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 621] rt_sigprocmask(SIG_SETMASK, [], [pid 620] <... write resumed>) = 131072 [pid 620] munmap(0x7f9b9c005000, 138412032 [pid 619] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 620] <... munmap resumed>) = 0 [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] creat("./bus", 000 [pid 620] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 621] <... creat resumed>) = 4 [ 30.871431][ T617] loop0: detected capacity change from 0 to 256 [ 30.880671][ T617] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.891266][ T617] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 30.901478][ T617] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 620] ioctl(5, LOOP_SET_FD, 3 [pid 621] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] <... futex resumed>) = 1 [pid 621] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 621] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] <... futex resumed>) = 1 [pid 621] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 621] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] <... futex resumed>) = 0 [pid 619] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 621] <... futex resumed>) = 1 [pid 621] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 621] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 619] <... futex resumed>) = 0 [pid 621] <... futex resumed>) = 1 [pid 621] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 620] <... ioctl resumed>) = 0 [pid 620] close(3) = 0 [pid 620] close(5) = 0 [pid 620] mkdir("./file0", 0777) = 0 [pid 620] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 620] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 620] chdir("./file0") = 0 [pid 620] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 620] ioctl(5, LOOP_CLR_FD) = 0 [pid 620] close(5) = 0 [pid 620] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 620] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] exit_group(0 [pid 621] <... futex resumed>) = ? [pid 619] <... exit_group resumed>) = ? [pid 621] +++ exited with 0 +++ [pid 620] <... futex resumed>) = ? [pid 620] +++ exited with 0 +++ [pid 619] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=619, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 umount2("./104/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./104/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/bus") = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 622 ./strace-static-x86_64: Process 622 attached [pid 622] set_robust_list(0x5555720a9760, 24) = 0 [pid 622] chdir("./105") = 0 [pid 622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 622] setpgid(0, 0) = 0 [pid 622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 622] write(3, "1000", 4) = 4 [pid 622] close(3) = 0 [pid 622] symlink("/dev/binderfs", "./binderfs") = 0 [pid 622] write(1, "executing program\n", 18executing program ) = 18 [pid 622] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 622] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 622] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 622] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 622] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[623]}, 88) = 623 [pid 622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 622] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 622] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 622] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 622] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[624]}, 88) = 624 [pid 622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 622] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 622] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 623 attached [pid 623] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 623] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 623] memfd_create("syzkaller", 0) = 3 [pid 623] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 623] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072./strace-static-x86_64: Process 624 attached [pid 624] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 624] rt_sigprocmask(SIG_SETMASK, [], [pid 623] <... write resumed>) = 131072 [pid 624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 623] munmap(0x7f9b9c005000, 138412032 [pid 624] creat("./bus", 000 [pid 623] <... munmap resumed>) = 0 [pid 623] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 624] <... creat resumed>) = 4 [pid 623] <... openat resumed>) = 5 [pid 623] ioctl(5, LOOP_SET_FD, 3 [pid 624] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 30.939787][ T620] loop0: detected capacity change from 0 to 256 [ 30.947329][ T620] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 30.958019][ T620] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 30.968698][ T620] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 624] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 622] <... futex resumed>) = 0 [pid 622] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 622] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 624] <... futex resumed>) = 0 [pid 624] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 624] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 622] <... futex resumed>) = 0 [pid 622] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 622] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 624] <... futex resumed>) = 1 [pid 624] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 624] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 622] <... futex resumed>) = 0 [pid 622] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 622] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 624] <... futex resumed>) = 1 [pid 624] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 624] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 622] <... futex resumed>) = 0 [pid 624] <... futex resumed>) = 1 [pid 624] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 623] <... ioctl resumed>) = 0 [pid 623] close(3) = 0 [pid 623] close(5) = 0 [pid 623] mkdir("./file0", 0777) = 0 [pid 623] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 623] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 623] chdir("./file0") = 0 [pid 623] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 623] ioctl(5, LOOP_CLR_FD) = 0 [pid 623] close(5) = 0 [pid 623] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 623] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 622] exit_group(0 [pid 624] <... futex resumed>) = ? [pid 622] <... exit_group resumed>) = ? [pid 624] +++ exited with 0 +++ [pid 623] <... futex resumed>) = ? [pid 623] +++ exited with 0 +++ [pid 622] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=622, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./105/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/bus") = 0 umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0"executing program ) = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 625 ./strace-static-x86_64: Process 625 attached [pid 625] set_robust_list(0x5555720a9760, 24) = 0 [pid 625] chdir("./106") = 0 [pid 625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 625] setpgid(0, 0) = 0 [pid 625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 625] write(3, "1000", 4) = 4 [pid 625] close(3) = 0 [pid 625] symlink("/dev/binderfs", "./binderfs") = 0 [pid 625] write(1, "executing program\n", 18) = 18 [pid 625] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 625] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 625] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 625] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 625] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[626]}, 88) = 626 [pid 625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 625] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 625] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 625] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 625] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[627]}, 88) = 627 [pid 625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 625] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 627 attached [pid 627] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 627] creat("./bus", 000) = 3 [pid 627] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] <... futex resumed>) = 1 [pid 627] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 627] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] <... futex resumed>) = 1 [pid 627] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 627] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = 0 [pid 625] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 625] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 627] <... futex resumed>) = 1 [pid 627] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 627] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 625] <... futex resumed>) = 0 [pid 627] <... futex resumed>) = 1 [pid 627] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 626 attached [pid 626] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 626] memfd_create("syzkaller", 0) = 5 [pid 626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 626] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 626] munmap(0x7f9b9c005000, 138412032) = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.013678][ T623] loop0: detected capacity change from 0 to 256 [ 31.022418][ T623] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.032888][ T623] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 31.043276][ T623] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 626] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 626] close(5) = 0 [pid 626] close(6) = 0 [pid 626] mkdir("./file0", 0777) = 0 [pid 626] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 626] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 626] chdir("./file0") = 0 [pid 626] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 626] ioctl(6, LOOP_CLR_FD) = 0 [pid 626] close(6) = 0 [pid 626] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 626] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 625] exit_group(0) = ? [pid 626] <... futex resumed>) = ? [pid 626] +++ exited with 0 +++ [pid 627] <... futex resumed>) = ? [pid 627] +++ exited with 0 +++ [pid 625] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=625, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 umount2("./106/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./106/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/bus") = 0 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 628 ./strace-static-x86_64: Process 628 attached [pid 628] set_robust_list(0x5555720a9760, 24) = 0 [pid 628] chdir("./107") = 0 [pid 628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 628] setpgid(0, 0) = 0 [pid 628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 628] write(3, "1000", 4) = 4 [pid 628] close(3) = 0 [pid 628] symlink("/dev/binderfs", "./binderfs") = 0 [pid 628] write(1, "executing program\n", 18executing program ) = 18 [pid 628] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 628] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 628] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 629 attached => {parent_tid=[629]}, 88) = 629 [pid 628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 628] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 628] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 628] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 628] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[630]}, 88) = 630 ./strace-static-x86_64: Process 630 attached [pid 629] set_robust_list(0x7f9ba44469a0, 24 [pid 628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 628] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 630] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 630] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 630] creat("./bus", 000 [pid 629] <... set_robust_list resumed>) = 0 [pid 630] <... creat resumed>) = 3 [pid 629] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 629] memfd_create("syzkaller", 0) = 4 [pid 629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 630] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 630] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 628] <... futex resumed>) = 0 [pid 628] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 629] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 628] <... futex resumed>) = 1 [pid 630] <... futex resumed>) = 0 [pid 630] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 628] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 629] <... write resumed>) = 131072 [pid 630] <... mount resumed>) = 0 [pid 629] munmap(0x7f9b9c005000, 138412032 [pid 630] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 629] <... munmap resumed>) = 0 [pid 628] <... futex resumed>) = 0 [pid 629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 629] ioctl(5, LOOP_SET_FD, 4 [pid 630] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 628] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 31.086005][ T626] loop0: detected capacity change from 0 to 256 [ 31.093835][ T626] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.104492][ T626] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 31.115561][ T626] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 628] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 630] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 630] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 630] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 628] <... futex resumed>) = 0 [pid 628] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 630] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 630] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 628] <... futex resumed>) = 0 [pid 630] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 629] <... ioctl resumed>) = 0 [pid 629] close(4) = 0 [pid 629] close(5) = 0 [pid 629] mkdir("./file0", 0777) = 0 [pid 629] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 629] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 629] chdir("./file0") = 0 [pid 629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 629] ioctl(5, LOOP_CLR_FD) = 0 [pid 629] close(5) = 0 [pid 629] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 629] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 628] exit_group(0 [pid 630] <... futex resumed>) = ? [pid 628] <... exit_group resumed>) = ? [pid 630] +++ exited with 0 +++ [pid 629] <... futex resumed>) = ? [pid 629] +++ exited with 0 +++ [pid 628] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=628, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 umount2("./107/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./107/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/bus") = 0 umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 631 ./strace-static-x86_64: Process 631 attached [pid 631] set_robust_list(0x5555720a9760, 24) = 0 [pid 631] chdir("./108") = 0 [pid 631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 631] setpgid(0, 0) = 0 [pid 631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 631] write(3, "1000", 4) = 4 [pid 631] close(3) = 0 [pid 631] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 631] write(1, "executing program\n", 18) = 18 [pid 631] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 631] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 631] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 631] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 631] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[632]}, 88) = 632 [pid 631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 631] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 631] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 631] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 631] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[633]}, 88) = 633 [pid 631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 631] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 633 attached [pid 633] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 633] creat("./bus", 000) = 3 [pid 633] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] <... futex resumed>) = 1 [pid 633] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 633] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] <... futex resumed>) = 1 [pid 633] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 633] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] <... futex resumed>) = 1 [pid 633] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 633] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 633] <... futex resumed>) = 1 [pid 633] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 632 attached [pid 632] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 632] memfd_create("syzkaller", 0) = 5 [pid 632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 632] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 632] munmap(0x7f9b9c005000, 138412032) = 0 [pid 632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.152767][ T629] loop0: detected capacity change from 0 to 256 [ 31.160345][ T629] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.170944][ T629] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 31.181597][ T629] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 632] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 632] close(5) = 0 [pid 632] close(6) = 0 [pid 632] mkdir("./file0", 0777) = 0 [pid 632] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 632] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 632] chdir("./file0") = 0 [pid 632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 632] ioctl(6, LOOP_CLR_FD) = 0 [pid 632] close(6) = 0 [pid 632] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 631] exit_group(0) = ? [pid 632] <... futex resumed>) = ? [pid 632] +++ exited with 0 +++ [pid 633] <... futex resumed>) = ? [pid 633] +++ exited with 0 +++ [pid 631] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=631, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 umount2("./108/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./108/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/bus") = 0 umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 634 ./strace-static-x86_64: Process 634 attached [pid 634] set_robust_list(0x5555720a9760, 24) = 0 [pid 634] chdir("./109") = 0 [pid 634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 634] setpgid(0, 0) = 0 [pid 634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 634] write(3, "1000", 4) = 4 [pid 634] close(3) = 0 [pid 634] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 634] write(1, "executing program\n", 18) = 18 [pid 634] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 634] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 634] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[635]}, 88) = 635 [pid 634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 634] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 634] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[636]}, 88) = 636 [pid 634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 634] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 636 attached [pid 636] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 636] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 636] creat("./bus", 000) = 3 [pid 636] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 634] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 636] <... futex resumed>) = 1 [pid 636] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 636] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 634] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 636] <... futex resumed>) = 1 [pid 636] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 636] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 634] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 636] <... futex resumed>) = 1 [pid 636] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 636] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 636] <... futex resumed>) = 1 [pid 636] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 635 attached [pid 635] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 635] memfd_create("syzkaller", 0) = 5 [pid 635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 635] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 635] munmap(0x7f9b9c005000, 138412032) = 0 [pid 635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.219897][ T632] loop0: detected capacity change from 0 to 256 [ 31.227467][ T632] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.238174][ T632] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 31.248804][ T632] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 635] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 635] close(5) = 0 [pid 635] close(6) = 0 [pid 635] mkdir("./file0", 0777) = 0 [pid 635] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 635] chdir("./file0") = 0 [pid 635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 635] ioctl(6, LOOP_CLR_FD) = 0 [pid 635] close(6) = 0 [pid 635] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 635] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 634] exit_group(0) = ? [pid 635] <... futex resumed>) = ? [pid 635] +++ exited with 0 +++ [pid 636] <... futex resumed>) = ? [pid 636] +++ exited with 0 +++ [pid 634] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=634, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 umount2("./109/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./109/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/bus") = 0 umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 637 ./strace-static-x86_64: Process 637 attached [pid 637] set_robust_list(0x5555720a9760, 24) = 0 [pid 637] chdir("./110") = 0 [pid 637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 637] setpgid(0, 0) = 0 executing program [pid 637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 637] write(3, "1000", 4) = 4 [pid 637] close(3) = 0 [pid 637] symlink("/dev/binderfs", "./binderfs") = 0 [pid 637] write(1, "executing program\n", 18) = 18 [pid 637] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 637] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[638]}, 88) = 638 [pid 637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 637] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 637] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[639]}, 88) = 639 [pid 637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 637] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 639 attached [pid 639] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 639] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 639] creat("./bus", 000./strace-static-x86_64: Process 638 attached [pid 638] set_robust_list(0x7f9ba44469a0, 24 [pid 639] <... creat resumed>) = 3 [pid 638] <... set_robust_list resumed>) = 0 [pid 638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 638] memfd_create("syzkaller", 0) = 4 [pid 638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 639] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 638] <... mmap resumed>) = 0x7f9b9c005000 [pid 639] <... futex resumed>) = 1 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 639] <... mount resumed>) = 0 [pid 639] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 638] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 637] <... futex resumed>) = 0 [pid 639] <... futex resumed>) = 1 [pid 639] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 637] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 639] <... open resumed>) = 5 [pid 637] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 639] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 638] <... write resumed>) = 131072 [pid 639] <... futex resumed>) = 1 [pid 639] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 638] munmap(0x7f9b9c005000, 138412032 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 639] <... futex resumed>) = 0 [pid 637] <... futex resumed>) = 1 [pid 639] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 638] <... munmap resumed>) = 0 [pid 637] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 639] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 639] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 637] <... futex resumed>) = 0 [pid 639] <... futex resumed>) = 1 [pid 638] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 639] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 638] <... openat resumed>) = 6 [ 31.285943][ T635] loop0: detected capacity change from 0 to 256 [ 31.294160][ T635] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.304920][ T635] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 31.315440][ T635] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 638] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 638] close(4) = 0 [pid 638] close(6) = 0 [pid 638] mkdir("./file0", 0777) = 0 [pid 638] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 638] chdir("./file0") = 0 [pid 638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 638] ioctl(6, LOOP_CLR_FD) = 0 [pid 638] close(6) = 0 [pid 638] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] exit_group(0 [pid 639] <... futex resumed>) = ? [pid 637] <... exit_group resumed>) = ? [pid 639] +++ exited with 0 +++ [pid 638] <... futex resumed>) = ? [pid 638] +++ exited with 0 +++ [pid 637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=637, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 umount2("./110/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./110/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/bus") = 0 umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 640 ./strace-static-x86_64: Process 640 attached executing program [pid 640] set_robust_list(0x5555720a9760, 24) = 0 [pid 640] chdir("./111") = 0 [pid 640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 640] setpgid(0, 0) = 0 [pid 640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 640] write(3, "1000", 4) = 4 [pid 640] close(3) = 0 [pid 640] symlink("/dev/binderfs", "./binderfs") = 0 [pid 640] write(1, "executing program\n", 18) = 18 [pid 640] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 640] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 640] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 640] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 640] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 641 attached => {parent_tid=[641]}, 88) = 641 [pid 641] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 641] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 641] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 640] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 641] <... futex resumed>) = 0 [pid 640] <... futex resumed>) = 1 [pid 640] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 640] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 641] memfd_create("syzkaller", 0 [pid 640] <... mprotect resumed>) = 0 [pid 640] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 640] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 641] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 642 attached [pid 642] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 642] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 640] <... clone3 resumed> => {parent_tid=[642]}, 88) = 642 [pid 641] <... mmap resumed>) = 0x7f9b9c005000 [pid 640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 640] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 642] <... futex resumed>) = 0 [pid 642] creat("./bus", 000) = 4 [pid 640] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 642] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 640] <... futex resumed>) = 0 [pid 640] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 642] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 642] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 640] <... futex resumed>) = 0 [pid 640] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 642] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 642] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 640] <... futex resumed>) = 0 [pid 640] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 642] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 642] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 640] <... futex resumed>) = 0 [pid 642] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 641] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 641] munmap(0x7f9b9c005000, 138412032) = 0 [pid 641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.356999][ T638] loop0: detected capacity change from 0 to 256 [ 31.365531][ T638] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.376086][ T638] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 31.386891][ T638] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 641] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 641] close(3) = 0 [pid 641] close(6) = 0 [pid 641] mkdir("./file0", 0777) = 0 [pid 641] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 641] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 641] chdir("./file0") = 0 [pid 641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 641] ioctl(6, LOOP_CLR_FD) = 0 [pid 641] close(6) = 0 [pid 641] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 641] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 640] exit_group(0 [pid 642] <... futex resumed>) = ? [pid 640] <... exit_group resumed>) = ? [pid 642] +++ exited with 0 +++ [pid 641] <... futex resumed>) = ? [pid 641] +++ exited with 0 +++ [pid 640] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=640, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 umount2("./111/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./111/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/bus") = 0 umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 643 ./strace-static-x86_64: Process 643 attached [pid 643] set_robust_list(0x5555720a9760, 24) = 0 [pid 643] chdir("./112") = 0 [pid 643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 643] setpgid(0, 0) = 0 [pid 643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 643] write(3, "1000", 4) = 4 [pid 643] close(3) = 0 [pid 643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 643] write(1, "executing program\n", 18) = 18 [pid 643] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 643] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[644]}, 88) = 644 [pid 643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 643] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 ./strace-static-x86_64: Process 644 attached [pid 644] set_robust_list(0x7f9ba44469a0, 24 [pid 643] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 644] <... set_robust_list resumed>) = 0 [pid 643] rt_sigprocmask(SIG_BLOCK, ~[], [pid 644] rt_sigprocmask(SIG_SETMASK, [], [pid 643] <... rt_sigprocmask resumed>[], 8) = 0 [pid 643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 645 attached [pid 644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 645] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 644] memfd_create("syzkaller", 0 [pid 643] <... clone3 resumed> => {parent_tid=[645]}, 88) = 645 [pid 645] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 645] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 644] <... memfd_create resumed>) = 3 [pid 644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 643] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 645] <... futex resumed>) = 0 [pid 645] creat("./bus", 000 [pid 644] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 645] <... creat resumed>) = 4 [pid 644] <... write resumed>) = 131072 [pid 645] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 645] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 644] munmap(0x7f9b9c005000, 138412032 [pid 645] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 645] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 645] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 644] <... munmap resumed>) = 0 [pid 643] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 645] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 644] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 645] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 645] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 643] <... futex resumed>) = 0 [pid 645] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 644] <... openat resumed>) = 6 [ 31.427591][ T641] loop0: detected capacity change from 0 to 256 [ 31.436066][ T641] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.446559][ T641] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 31.456865][ T641] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 644] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 644] close(3) = 0 [pid 644] close(6) = 0 [pid 644] mkdir("./file0", 0777) = 0 [pid 644] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 644] chdir("./file0") = 0 [pid 644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 644] ioctl(6, LOOP_CLR_FD) = 0 [pid 644] close(6) = 0 [pid 644] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] exit_group(0 [pid 645] <... futex resumed>) = ? [pid 643] <... exit_group resumed>) = ? [pid 645] +++ exited with 0 +++ [pid 644] +++ exited with 0 +++ [pid 643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=643, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 umount2("./112/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./112/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/bus") = 0 umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 646 ./strace-static-x86_64: Process 646 attached [pid 646] set_robust_list(0x5555720a9760, 24) = 0 [pid 646] chdir("./113") = 0 [pid 646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 646] setpgid(0, 0) = 0 [pid 646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 646] write(3, "1000", 4) = 4 [pid 646] close(3) = 0 [pid 646] symlink("/dev/binderfs", "./binderfs") = 0 [pid 646] write(1, "executing program\n", 18executing program ) = 18 [pid 646] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 646] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 646] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 646] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 646] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[647]}, 88) = 647 [pid 646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 646] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 646] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 646] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 646] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 647 attached ./strace-static-x86_64: Process 648 attached [pid 648] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 648] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 646] <... clone3 resumed> => {parent_tid=[648]}, 88) = 648 [pid 646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 646] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 648] <... futex resumed>) = 0 [pid 648] creat("./bus", 000 [pid 647] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 646] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 648] <... creat resumed>) = 3 [pid 648] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 648] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 647] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 647] memfd_create("syzkaller", 0) = 4 [pid 647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 646] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 646] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 648] <... futex resumed>) = 0 [pid 648] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 646] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 648] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 647] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 646] <... futex resumed>) = 0 [pid 648] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 646] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 646] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 648] <... futex resumed>) = 0 [pid 648] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 647] <... write resumed>) = 131072 [pid 647] munmap(0x7f9b9c005000, 138412032 [pid 648] <... open resumed>) = 5 [pid 647] <... munmap resumed>) = 0 [pid 648] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 648] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 647] ioctl(6, LOOP_SET_FD, 4 [pid 646] <... futex resumed>) = 0 [pid 646] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 31.499109][ T644] loop0: detected capacity change from 0 to 256 [ 31.507065][ T644] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.517632][ T644] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 31.527900][ T644] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 646] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 648] <... futex resumed>) = 0 [pid 648] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 648] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 648] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 646] <... futex resumed>) = 0 [pid 647] <... ioctl resumed>) = 0 [pid 647] close(4) = 0 [pid 647] close(6) = 0 [pid 647] mkdir("./file0", 0777) = 0 [pid 647] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 647] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 647] chdir("./file0") = 0 [pid 647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 647] ioctl(6, LOOP_CLR_FD) = 0 [pid 647] close(6) = 0 [pid 647] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 647] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 646] exit_group(0 [pid 648] <... futex resumed>) = ? [pid 648] +++ exited with 0 +++ [pid 646] <... exit_group resumed>) = ? [pid 647] <... futex resumed>) = ? [pid 647] +++ exited with 0 +++ [pid 646] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=646, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 umount2("./113/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./113/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/bus") = 0 umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 649 ./strace-static-x86_64: Process 649 attached [pid 649] set_robust_list(0x5555720a9760, 24) = 0 [pid 649] chdir("./114") = 0 [pid 649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 649] setpgid(0, 0) = 0 [pid 649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 649] write(3, "1000", 4) = 4 [pid 649] close(3) = 0 [pid 649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 649] write(1, "executing program\n", 18) = 18 [pid 649] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 649] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 649] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[650]}, 88) = 650 [pid 649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 649] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 649] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[651]}, 88) = 651 [pid 649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 649] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 651 attached [pid 651] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 651] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 651] creat("./bus", 000) = 3 [pid 651] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 651] <... futex resumed>) = 1 [pid 651] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 651] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 651] <... futex resumed>) = 1 [pid 651] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 651] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 651] <... futex resumed>) = 1 [pid 651] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 651] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 649] <... futex resumed>) = 0 [pid 651] <... futex resumed>) = 1 [pid 651] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 650 attached [pid 650] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 650] memfd_create("syzkaller", 0) = 5 [pid 650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 650] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 650] munmap(0x7f9b9c005000, 138412032) = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.566888][ T647] loop0: detected capacity change from 0 to 256 [ 31.575566][ T647] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.586051][ T647] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 31.596037][ T647] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 650] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 650] close(5) = 0 [pid 650] close(6) = 0 [pid 650] mkdir("./file0", 0777) = 0 [pid 650] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 650] chdir("./file0") = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 650] ioctl(6, LOOP_CLR_FD) = 0 [pid 650] close(6) = 0 [pid 650] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 650] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 649] exit_group(0 [pid 651] <... futex resumed>) = ? [pid 649] <... exit_group resumed>) = ? [pid 651] +++ exited with 0 +++ [pid 650] <... futex resumed>) = ? [pid 650] +++ exited with 0 +++ [pid 649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=649, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 umount2("./114/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./114/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/bus") = 0 umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 652 ./strace-static-x86_64: Process 652 attached [pid 652] set_robust_list(0x5555720a9760, 24) = 0 [pid 652] chdir("./115") = 0 [pid 652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 652] setpgid(0, 0) = 0 [pid 652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 652] write(3, "1000", 4) = 4 [pid 652] close(3) = 0 [pid 652] symlink("/dev/binderfs", "./binderfs") = 0 [pid 652] write(1, "executing program\n", 18executing program ) = 18 [pid 652] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 652] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 652] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 652] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 652] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 653 attached [pid 653] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 653] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 653] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 652] <... clone3 resumed> => {parent_tid=[653]}, 88) = 653 [pid 652] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 652] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 653] <... futex resumed>) = 0 [pid 653] memfd_create("syzkaller", 0) = 3 [pid 653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c026000 [pid 652] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9b9c005000 [pid 652] mprotect(0x7f9b9c006000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 653] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 652] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9b9c025990, parent_tid=0x7f9b9c025990, exit_signal=0, stack=0x7f9b9c005000, stack_size=0x20240, tls=0x7f9b9c0256c0}./strace-static-x86_64: Process 654 attached [pid 654] set_robust_list(0x7f9b9c0259a0, 24) = 0 [pid 654] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 654] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 652] <... clone3 resumed> => {parent_tid=[654]}, 88) = 654 [pid 653] <... write resumed>) = 131072 [pid 653] munmap(0x7f9b9c026000, 138412032) = 0 [pid 652] rt_sigprocmask(SIG_SETMASK, [], [pid 653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 653] ioctl(4, LOOP_SET_FD, 3 [pid 652] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 652] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 652] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 654] <... futex resumed>) = 0 [pid 654] creat("./bus", 000) = 5 [ 31.634079][ T650] loop0: detected capacity change from 0 to 256 [ 31.641853][ T650] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.652329][ T650] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 31.662898][ T650] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 654] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 654] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 652] <... futex resumed>) = 0 [pid 652] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 654] <... futex resumed>) = 0 [pid 654] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 654] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 654] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 652] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 652] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 654] <... futex resumed>) = 0 [pid 654] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 654] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 653] <... ioctl resumed>) = 0 [pid 652] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 654] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 653] close(3 [pid 652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 653] <... close resumed>) = 0 [pid 652] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 653] close(4 [pid 654] <... futex resumed>) = 0 [pid 652] <... futex resumed>) = 1 [pid 653] <... close resumed>) = 0 [pid 654] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 653] mkdir("./file0", 0777 [pid 652] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 654] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 654] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 654] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 653] <... mkdir resumed>) = 0 [pid 653] mount("/dev/loop0", "./file0", "exfat", 0, "" [pid 652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 653] <... mount resumed>) = 0 [pid 653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 653] chdir("./file0") = 0 [pid 653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 653] ioctl(4, LOOP_CLR_FD) = 0 [pid 653] close(4) = 0 [pid 653] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 653] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 652] exit_group(0) = ? [pid 653] <... futex resumed>) = ? [pid 653] +++ exited with 0 +++ [pid 654] <... futex resumed>) = ? [pid 654] +++ exited with 0 +++ [pid 652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=652, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 umount2("./115/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./115/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/bus") = 0 umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 655 ./strace-static-x86_64: Process 655 attached [pid 655] set_robust_list(0x5555720a9760, 24) = 0 [pid 655] chdir("./116") = 0 [pid 655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 655] setpgid(0, 0) = 0 [pid 655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 655] write(3, "1000", 4) = 4 [pid 655] close(3) = 0 [pid 655] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 655] write(1, "executing program\n", 18) = 18 [pid 655] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 655] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 655] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 655] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[656]}, 88) = 656 [pid 655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 655] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 655] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 655] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[657]}, 88) = 657 [pid 655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 655] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 656 attached [pid 656] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 656] memfd_create("syzkaller", 0) = 3 [pid 656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 ./strace-static-x86_64: Process 657 attached [pid 657] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 657] rt_sigprocmask(SIG_SETMASK, [], [pid 656] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 657] creat("./bus", 000) = 4 [pid 657] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] <... futex resumed>) = 1 [pid 657] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 657] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] <... futex resumed>) = 1 [pid 657] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 657] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] <... futex resumed>) = 1 [pid 657] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 657] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 655] <... futex resumed>) = 0 [pid 657] <... futex resumed>) = 1 [pid 657] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 656] <... write resumed>) = 131072 [pid 656] munmap(0x7f9b9c005000, 138412032) = 0 [pid 656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.697584][ T653] loop0: detected capacity change from 0 to 256 [ 31.709148][ T653] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.719678][ T653] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 31.730590][ T653] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 656] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 656] close(3) = 0 [pid 656] close(6) = 0 [pid 656] mkdir("./file0", 0777) = 0 [pid 656] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 656] chdir("./file0") = 0 [pid 656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 656] ioctl(6, LOOP_CLR_FD) = 0 [pid 656] close(6) = 0 [pid 656] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 656] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 655] exit_group(0 [pid 657] <... futex resumed>) = ? [pid 655] <... exit_group resumed>) = ? [pid 657] +++ exited with 0 +++ [pid 656] <... futex resumed>) = ? [pid 656] +++ exited with 0 +++ [pid 655] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=655, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 umount2("./116/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./116/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/bus") = 0 umount2("./116/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 659 ./strace-static-x86_64: Process 659 attached [pid 659] set_robust_list(0x5555720a9760, 24) = 0 [pid 659] chdir("./117") = 0 [pid 659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 659] setpgid(0, 0) = 0 [pid 659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 659] write(3, "1000", 4) = 4 [pid 659] close(3) = 0 [pid 659] symlink("/dev/binderfs", "./binderfs") = 0 [pid 659] write(1, "executing program\n", 18) = 18 [pid 659] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 659] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 659] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 659] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 659] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[660]}, 88) = 660 [pid 659] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 659] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 659] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 659] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 659] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[661]}, 88) = 661 [pid 659] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 659] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 659] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 661 attached [pid 661] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 661] creat("./bus", 000) = 3 [pid 661] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 659] <... futex resumed>) = 0 [pid 659] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 659] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 661] <... futex resumed>) = 1 [pid 661] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 661] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 659] <... futex resumed>) = 0 [pid 659] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 659] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 661] <... futex resumed>) = 1 [pid 661] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 661] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 659] <... futex resumed>) = 0 [pid 659] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 659] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 661] <... futex resumed>) = 1 [pid 661] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 661] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 659] <... futex resumed>) = 0 [pid 661] <... futex resumed>) = 1 [pid 661] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 660 attached [pid 660] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 660] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 660] memfd_create("syzkaller", 0) = 5 [pid 660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 660] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 660] munmap(0x7f9b9c005000, 138412032) = 0 [pid 660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.773735][ T656] loop0: detected capacity change from 0 to 256 [ 31.782496][ T656] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.793202][ T656] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 31.803649][ T656] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 660] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 660] close(5) = 0 [pid 660] close(6) = 0 [pid 660] mkdir("./file0", 0777) = 0 [pid 660] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 660] chdir("./file0") = 0 [pid 660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 660] ioctl(6, LOOP_CLR_FD) = 0 [pid 660] close(6) = 0 [pid 660] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 660] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 659] exit_group(0 [pid 661] <... futex resumed>) = ? [pid 659] <... exit_group resumed>) = ? [pid 661] +++ exited with 0 +++ [pid 660] <... futex resumed>) = ? [pid 660] +++ exited with 0 +++ [pid 659] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=659, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 umount2("./117/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./117/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/bus") = 0 umount2("./117/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 662 ./strace-static-x86_64: Process 662 attached [pid 662] set_robust_list(0x5555720a9760, 24) = 0 executing program [pid 662] chdir("./118") = 0 [pid 662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 662] setpgid(0, 0) = 0 [pid 662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 662] write(3, "1000", 4) = 4 [pid 662] close(3) = 0 [pid 662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 662] write(1, "executing program\n", 18) = 18 [pid 662] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 662] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 662] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[663]}, 88) = 663 [pid 662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 662] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 662] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[664]}, 88) = 664 [pid 662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 662] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 664 attached [pid 664] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 664] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 664] creat("./bus", 000./strace-static-x86_64: Process 663 attached ) = 3 [pid 664] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] <... futex resumed>) = 0 [pid 662] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 664] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] <... futex resumed>) = 0 [pid 662] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 664] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] <... futex resumed>) = 0 [pid 662] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 664] <... futex resumed>) = 1 [pid 664] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 664] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] <... futex resumed>) = 0 [pid 664] <... futex resumed>) = 1 [pid 663] set_robust_list(0x7f9ba44469a0, 24 [pid 664] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 663] <... set_robust_list resumed>) = 0 [pid 663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 663] memfd_create("syzkaller", 0) = 5 [pid 663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 663] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 663] munmap(0x7f9b9c005000, 138412032) = 0 [pid 663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.840704][ T660] loop0: detected capacity change from 0 to 256 [ 31.849007][ T660] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.859619][ T660] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 31.870280][ T660] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 663] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 663] close(5) = 0 [pid 663] close(6) = 0 [pid 663] mkdir("./file0", 0777) = 0 [pid 663] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 663] chdir("./file0") = 0 [pid 663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 663] ioctl(6, LOOP_CLR_FD) = 0 [pid 663] close(6) = 0 [pid 663] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 663] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 662] exit_group(0) = ? [pid 663] <... futex resumed>) = ? [pid 663] +++ exited with 0 +++ [pid 664] <... futex resumed>) = ? [pid 664] +++ exited with 0 +++ [pid 662] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=662, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 umount2("./118/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./118/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/bus") = 0 umount2("./118/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 665 ./strace-static-x86_64: Process 665 attached [pid 665] set_robust_list(0x5555720a9760, 24) = 0 [pid 665] chdir("./119") = 0 [pid 665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 665] setpgid(0, 0) = 0 [pid 665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 665] write(3, "1000", 4) = 4 [pid 665] close(3) = 0 [pid 665] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 665] write(1, "executing program\n", 18) = 18 [pid 665] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 665] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 665] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 665] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 665] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[666]}, 88) = 666 [pid 665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 665] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 665] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 665] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 665] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[667]}, 88) = 667 [pid 665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 665] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 665] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 667 attached [pid 667] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 667] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 667] creat("./bus", 000) = 3 [pid 667] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 665] <... futex resumed>) = 0 [pid 665] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 665] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 667] <... futex resumed>) = 1 [pid 667] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 667] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 665] <... futex resumed>) = 0 [pid 665] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 665] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 667] <... futex resumed>) = 1 [pid 667] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 667] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 665] <... futex resumed>) = 0 [pid 665] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 665] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 667] <... futex resumed>) = 1 [pid 667] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 667] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 665] <... futex resumed>) = 0 [pid 667] <... futex resumed>) = 1 [pid 667] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 666 attached [pid 666] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 666] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 666] memfd_create("syzkaller", 0) = 5 [pid 666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 666] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 666] munmap(0x7f9b9c005000, 138412032) = 0 [pid 666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.919126][ T663] loop0: detected capacity change from 0 to 256 [ 31.926789][ T663] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 31.937399][ T663] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 31.948310][ T663] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 666] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 666] close(5) = 0 [pid 666] close(6) = 0 [pid 666] mkdir("./file0", 0777) = 0 [pid 666] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 666] chdir("./file0") = 0 [pid 666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 666] ioctl(6, LOOP_CLR_FD) = 0 [pid 666] close(6) = 0 [pid 666] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 666] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 665] exit_group(0) = ? [pid 666] <... futex resumed>) = ? [pid 666] +++ exited with 0 +++ [pid 667] <... futex resumed>) = ? [pid 667] +++ exited with 0 +++ [pid 665] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=665, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 umount2("./119/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./119/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/bus") = 0 umount2("./119/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 668 ./strace-static-x86_64: Process 668 attached [pid 668] set_robust_list(0x5555720a9760, 24) = 0 [pid 668] chdir("./120") = 0 [pid 668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 668] setpgid(0, 0) = 0 [pid 668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 668] write(3, "1000", 4) = 4 [pid 668] close(3) = 0 [pid 668] symlink("/dev/binderfs", "./binderfs") = 0 [pid 668] write(1, "executing program\n", 18) = 18 [pid 668] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 668] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 668] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 668] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[669]}, 88) = 669 [pid 668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 668] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 668] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 668] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[670]}, 88) = 670 [pid 668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 668] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 670 attached [pid 670] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 670] creat("./bus", 000./strace-static-x86_64: Process 669 attached [pid 669] set_robust_list(0x7f9ba44469a0, 24 [pid 670] <... creat resumed>) = 3 [pid 670] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] <... futex resumed>) = 1 [pid 670] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 670] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] <... futex resumed>) = 1 [pid 670] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 670] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 668] <... futex resumed>) = 0 [pid 668] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 670] <... futex resumed>) = 1 [pid 670] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 670] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 668] <... futex resumed>) = 0 [pid 670] <... futex resumed>) = 1 [pid 670] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 669] <... set_robust_list resumed>) = 0 [pid 669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 669] memfd_create("syzkaller", 0) = 5 [pid 669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 669] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 669] munmap(0x7f9b9c005000, 138412032) = 0 [pid 669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 31.988137][ T666] loop0: detected capacity change from 0 to 256 [ 31.996651][ T666] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.007185][ T666] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.017534][ T666] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 669] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 669] close(5) = 0 [pid 669] close(6) = 0 [pid 669] mkdir("./file0", 0777) = 0 [pid 669] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 669] chdir("./file0") = 0 [pid 669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 669] ioctl(6, LOOP_CLR_FD) = 0 [pid 669] close(6) = 0 [pid 669] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 669] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 668] exit_group(0 [pid 670] <... futex resumed>) = ? [pid 668] <... exit_group resumed>) = ? [pid 670] +++ exited with 0 +++ [pid 669] <... futex resumed>) = ? [pid 669] +++ exited with 0 +++ [pid 668] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=668, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 umount2("./120/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./120/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/bus") = 0 umount2("./120/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 671 ./strace-static-x86_64: Process 671 attached [pid 671] set_robust_list(0x5555720a9760, 24) = 0 [pid 671] chdir("./121") = 0 [pid 671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 671] setpgid(0, 0) = 0 [pid 671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 671] write(3, "1000", 4) = 4 [pid 671] close(3) = 0 [pid 671] symlink("/dev/binderfs", "./binderfs") = 0 [pid 671] write(1, "executing program\n", 18) = 18 [pid 671] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 671] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 671] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 671] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[672]}, 88) = 672 [pid 671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 671] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 671] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 671] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[673]}, 88) = 673 [pid 671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 671] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 673 attached [pid 673] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 673] creat("./bus", 000) = 3 [pid 673] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] <... futex resumed>) = 0 [pid 671] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 673] <... futex resumed>) = 1 [pid 673] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 673] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] <... futex resumed>) = 0 [pid 671] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 673] <... futex resumed>) = 1 [pid 673] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 673] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] <... futex resumed>) = 0 [pid 671] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 673] <... futex resumed>) = 1 [pid 673] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 673] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 671] <... futex resumed>) = 0 [pid 673] <... futex resumed>) = 1 [pid 673] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 672 attached [pid 672] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 672] memfd_create("syzkaller", 0) = 5 [pid 672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 672] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 672] munmap(0x7f9b9c005000, 138412032) = 0 [pid 672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 32.054087][ T669] loop0: detected capacity change from 0 to 256 [ 32.061398][ T669] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.071926][ T669] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.082496][ T669] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 672] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 672] close(5) = 0 [pid 672] close(6) = 0 [pid 672] mkdir("./file0", 0777) = 0 [pid 672] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 672] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 672] chdir("./file0") = 0 [pid 672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 672] ioctl(6, LOOP_CLR_FD) = 0 [pid 672] close(6) = 0 [pid 672] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 672] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 671] exit_group(0 [pid 673] <... futex resumed>) = ? [pid 671] <... exit_group resumed>) = ? [pid 673] +++ exited with 0 +++ [pid 672] <... futex resumed>) = ? [pid 672] +++ exited with 0 +++ [pid 671] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=671, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 umount2("./121/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./121/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/bus") = 0 umount2("./121/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 674 ./strace-static-x86_64: Process 674 attached [pid 674] set_robust_list(0x5555720a9760, 24) = 0 [pid 674] chdir("./122") = 0 [pid 674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 674] setpgid(0, 0) = 0 [pid 674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 674] write(3, "1000", 4) = 4 [pid 674] close(3) = 0 [pid 674] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 674] write(1, "executing program\n", 18) = 18 [pid 674] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 674] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 674] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 674] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[675]}, 88) = 675 [pid 674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 674] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 674] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 674] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[676]}, 88) = 676 [pid 674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 674] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 676 attached [pid 676] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 676] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 676] creat("./bus", 000) = 3 [pid 676] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... futex resumed>) = 0 [pid 674] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 1 [pid 676] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 676] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... futex resumed>) = 0 [pid 674] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 1 [pid 676] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 676] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... futex resumed>) = 0 [pid 674] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 1 [pid 676] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 676] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... futex resumed>) = 0 [pid 676] <... futex resumed>) = 1 [pid 676] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 675 attached [pid 675] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 675] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 675] memfd_create("syzkaller", 0) = 5 [pid 675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 675] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 675] munmap(0x7f9b9c005000, 138412032) = 0 [pid 675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 32.133734][ T672] loop0: detected capacity change from 0 to 256 [ 32.142938][ T672] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.153487][ T672] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.163389][ T672] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 675] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 675] close(5) = 0 [pid 675] close(6) = 0 [pid 675] mkdir("./file0", 0777) = 0 [pid 675] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 675] chdir("./file0") = 0 [pid 675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 675] ioctl(6, LOOP_CLR_FD) = 0 [pid 675] close(6) = 0 [pid 675] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 674] exit_group(0 [pid 676] <... futex resumed>) = ? [pid 674] <... exit_group resumed>) = ? [pid 676] +++ exited with 0 +++ [pid 675] <... futex resumed>) = ? [pid 675] +++ exited with 0 +++ [pid 674] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=674, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 umount2("./122/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./122/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/bus") = 0 umount2("./122/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 677 attached , child_tidptr=0x5555720a9750) = 677 [pid 677] set_robust_list(0x5555720a9760, 24) = 0 [pid 677] chdir("./123") = 0 [pid 677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 677] setpgid(0, 0) = 0 [pid 677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 677] write(3, "1000", 4) = 4 [pid 677] close(3) = 0 [pid 677] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 677] write(1, "executing program\n", 18) = 18 [pid 677] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 677] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 677] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 677] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 678 attached => {parent_tid=[678]}, 88) = 678 [pid 677] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 677] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 678] set_robust_list(0x7f9ba44469a0, 24 [pid 677] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 677] rt_sigprocmask(SIG_BLOCK, ~[], [pid 678] <... set_robust_list resumed>) = 0 [pid 677] <... rt_sigprocmask resumed>[], 8) = 0 [pid 677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[679]}, 88) = 679 [pid 677] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 677] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 679 attached [pid 679] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 679] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 679] creat("./bus", 000) = 3 [pid 678] rt_sigprocmask(SIG_SETMASK, [], [pid 679] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] <... futex resumed>) = 0 [pid 677] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 679] <... futex resumed>) = 1 [pid 679] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 679] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] <... futex resumed>) = 0 [pid 677] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 679] <... futex resumed>) = 1 [pid 679] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 679] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] <... futex resumed>) = 0 [pid 677] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 679] <... futex resumed>) = 1 [pid 679] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 679] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] <... futex resumed>) = 0 [pid 679] <... futex resumed>) = 1 [pid 678] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 679] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 678] memfd_create("syzkaller", 0) = 5 [pid 678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 678] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 678] munmap(0x7f9b9c005000, 138412032) = 0 [pid 678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 32.202577][ T675] loop0: detected capacity change from 0 to 256 [ 32.210832][ T675] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.221633][ T675] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.231280][ T675] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 678] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 678] close(5) = 0 [pid 678] close(6) = 0 [pid 678] mkdir("./file0", 0777) = 0 [pid 678] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 678] chdir("./file0") = 0 [pid 678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 678] ioctl(6, LOOP_CLR_FD) = 0 [pid 678] close(6) = 0 [pid 678] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 678] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 677] exit_group(0 [pid 679] <... futex resumed>) = ? [pid 677] <... exit_group resumed>) = ? [pid 679] +++ exited with 0 +++ [pid 678] <... futex resumed>) = ? [pid 678] +++ exited with 0 +++ [pid 677] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=677, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 umount2("./123/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./123/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/bus") = 0 umount2("./123/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./123/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 680 ./strace-static-x86_64: Process 680 attached [pid 680] set_robust_list(0x5555720a9760, 24) = 0 [pid 680] chdir("./124") = 0 [pid 680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 680] setpgid(0, 0) = 0 [pid 680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 680] write(3, "1000", 4) = 4 [pid 680] close(3) = 0 [pid 680] symlink("/dev/binderfs", "./binderfs") = 0 [pid 680] write(1, "executing program\n", 18) = 18 [pid 680] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 680] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 680] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 680] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[681]}, 88) = 681 [pid 680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 680] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 680] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 680] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 681 attached ./strace-static-x86_64: Process 682 attached => {parent_tid=[682]}, 88) = 682 [pid 680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 680] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 681] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 681] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 681] memfd_create("syzkaller", 0) = 3 [pid 681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 682] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 682] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 682] creat("./bus", 000 [pid 681] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 682] <... creat resumed>) = 4 [pid 682] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] <... write resumed>) = 131072 [pid 681] munmap(0x7f9b9c005000, 138412032 [pid 682] <... futex resumed>) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 681] <... munmap resumed>) = 0 [pid 681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 681] ioctl(5, LOOP_SET_FD, 3 [pid 682] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 682] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 32.272929][ T678] loop0: detected capacity change from 0 to 256 [ 32.280455][ T678] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.291161][ T678] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.302074][ T678] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 682] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 682] <... futex resumed>) = 0 [pid 682] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 682] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 682] <... futex resumed>) = 1 [pid 682] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 682] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 680] <... futex resumed>) = 0 [pid 682] <... futex resumed>) = 1 [pid 682] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 681] <... ioctl resumed>) = 0 [pid 681] close(3) = 0 [pid 681] close(5) = 0 [pid 681] mkdir("./file0", 0777) = 0 [pid 681] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 681] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 681] chdir("./file0") = 0 [pid 681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 681] ioctl(5, LOOP_CLR_FD) = 0 [pid 681] close(5) = 0 [pid 681] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 681] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 680] exit_group(0 [pid 682] <... futex resumed>) = ? [pid 680] <... exit_group resumed>) = ? [pid 682] +++ exited with 0 +++ [pid 681] <... futex resumed>) = ? [pid 681] +++ exited with 0 +++ [pid 680] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=680, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 umount2("./124/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./124/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/bus") = 0 umount2("./124/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 683 ./strace-static-x86_64: Process 683 attached [pid 683] set_robust_list(0x5555720a9760, 24) = 0 [pid 683] chdir("./125") = 0 [pid 683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 683] setpgid(0, 0) = 0 [pid 683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 683] write(3, "1000", 4) = 4 [pid 683] close(3) = 0 [pid 683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 683] write(1, "executing program\n", 18) = 18 [pid 683] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 683] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 683] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 683] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[684]}, 88) = 684 [pid 683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 683] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 683] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 683] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[685]}, 88) = 685 [pid 683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 683] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 685 attached [pid 685] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 685] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 685] creat("./bus", 000) = 3 [pid 685] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] <... futex resumed>) = 0 [pid 683] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 685] <... futex resumed>) = 1 [pid 685] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 685] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] <... futex resumed>) = 0 [pid 683] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 685] <... futex resumed>) = 1 [pid 685] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 685] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] <... futex resumed>) = 0 [pid 683] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 685] <... futex resumed>) = 1 [pid 685] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 685] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] <... futex resumed>) = 0 [pid 685] <... futex resumed>) = 1 [pid 685] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 684 attached [pid 684] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 684] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 684] memfd_create("syzkaller", 0) = 5 [pid 684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 684] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 684] munmap(0x7f9b9c005000, 138412032) = 0 [pid 684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 32.335103][ T681] loop0: detected capacity change from 0 to 256 [ 32.342892][ T681] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.353399][ T681] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.364219][ T681] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 684] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 684] close(5) = 0 [pid 684] close(6) = 0 [pid 684] mkdir("./file0", 0777) = 0 [pid 684] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 684] chdir("./file0") = 0 [pid 684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 684] ioctl(6, LOOP_CLR_FD) = 0 [pid 684] close(6) = 0 [pid 684] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 684] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 683] exit_group(0 [pid 685] <... futex resumed>) = ? [pid 683] <... exit_group resumed>) = ? [pid 685] +++ exited with 0 +++ [pid 684] <... futex resumed>) = ? [pid 684] +++ exited with 0 +++ [pid 683] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=683, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 umount2("./125/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./125/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/bus") = 0 umount2("./125/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 686 ./strace-static-x86_64: Process 686 attached [pid 686] set_robust_list(0x5555720a9760, 24) = 0 [pid 686] chdir("./126") = 0 [pid 686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 686] setpgid(0, 0) = 0 [pid 686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 686] write(3, "1000", 4) = 4 [pid 686] close(3) = 0 [pid 686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 686] write(1, "executing program\n", 18) = 18 [pid 686] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 686] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 686] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[687]}, 88) = 687 [pid 686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 686] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 686] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[688]}, 88) = 688 [pid 686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 686] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 688 attached [pid 688] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 688] creat("./bus", 000) = 3 [pid 688] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 686] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] <... futex resumed>) = 1 [pid 688] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 688] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 686] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] <... futex resumed>) = 1 [pid 688] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 688] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 686] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] <... futex resumed>) = 1 [pid 688] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 688] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 688] <... futex resumed>) = 1 [pid 688] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 687 attached [pid 687] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 687] memfd_create("syzkaller", 0) = 5 [pid 687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 687] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 687] munmap(0x7f9b9c005000, 138412032) = 0 [pid 687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 32.402883][ T684] loop0: detected capacity change from 0 to 256 [ 32.410357][ T684] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.420925][ T684] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.431754][ T684] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 687] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 687] close(5) = 0 [pid 687] close(6) = 0 [pid 687] mkdir("./file0", 0777) = 0 [pid 687] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 687] chdir("./file0") = 0 [pid 687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 687] ioctl(6, LOOP_CLR_FD) = 0 [pid 687] close(6) = 0 [pid 687] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] exit_group(0 [pid 688] <... futex resumed>) = ? [pid 686] <... exit_group resumed>) = ? [pid 688] +++ exited with 0 +++ [pid 687] <... futex resumed>) = ? [pid 687] +++ exited with 0 +++ [pid 686] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=686, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 umount2("./126/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./126/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/bus") = 0 umount2("./126/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 689 ./strace-static-x86_64: Process 689 attached [pid 689] set_robust_list(0x5555720a9760, 24) = 0 [pid 689] chdir("./127") = 0 [pid 689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 689] setpgid(0, 0) = 0 [pid 689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 689] write(3, "1000", 4) = 4 [pid 689] close(3) = 0 [pid 689] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 689] write(1, "executing program\n", 18) = 18 [pid 689] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 689] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 689] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[690]}, 88) = 690 [pid 689] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 689] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 689] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[691]}, 88) = 691 [pid 689] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 689] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 691 attached [pid 691] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 691] creat("./bus", 000) = 3 [pid 691] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 691] <... futex resumed>) = 1 [pid 691] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 691] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 691] <... futex resumed>) = 1 [pid 691] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 691] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 691] <... futex resumed>) = 1 [pid 691] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 691] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 689] <... futex resumed>) = 0 [pid 691] <... futex resumed>) = 1 [pid 691] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 690 attached [pid 690] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 690] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 690] memfd_create("syzkaller", 0) = 5 [pid 690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 690] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 690] munmap(0x7f9b9c005000, 138412032) = 0 [pid 690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 32.467939][ T687] loop0: detected capacity change from 0 to 256 [ 32.476128][ T687] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.487146][ T687] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.497397][ T687] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 690] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 690] close(5) = 0 [pid 690] close(6) = 0 [pid 690] mkdir("./file0", 0777) = 0 [pid 690] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 690] chdir("./file0") = 0 [pid 690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 690] ioctl(6, LOOP_CLR_FD) = 0 [pid 690] close(6) = 0 [pid 690] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 690] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 689] exit_group(0) = ? [pid 690] <... futex resumed>) = ? [pid 690] +++ exited with 0 +++ [pid 691] <... futex resumed>) = ? [pid 691] +++ exited with 0 +++ [pid 689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=689, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 umount2("./127/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./127/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/bus") = 0 umount2("./127/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 692 ./strace-static-x86_64: Process 692 attached [pid 692] set_robust_list(0x5555720a9760, 24) = 0 [pid 692] chdir("./128") = 0 [pid 692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 692] setpgid(0, 0) = 0 [pid 692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 692] write(3, "1000", 4) = 4 [pid 692] close(3) = 0 [pid 692] symlink("/dev/binderfs", "./binderfs") = 0 [pid 692] write(1, "executing program\n", 18executing program ) = 18 [pid 692] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 692] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 692] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[693]}, 88) = 693 ./strace-static-x86_64: Process 693 attached [pid 692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 692] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 693] set_robust_list(0x7f9ba44469a0, 24 [pid 692] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 693] <... set_robust_list resumed>) = 0 [pid 692] <... mprotect resumed>) = 0 [pid 693] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 693] memfd_create("syzkaller", 0 [pid 692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[694]}, 88) = 694 [pid 692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 692] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 694 attached [pid 694] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 694] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 694] creat("./bus", 000 [pid 693] <... memfd_create resumed>) = 3 [pid 694] <... creat resumed>) = 4 [pid 694] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 692] <... futex resumed>) = 0 [pid 692] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... futex resumed>) = 1 [pid 694] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 694] <... mount resumed>) = 0 [pid 694] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 692] <... futex resumed>) = 0 [pid 692] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... futex resumed>) = 1 [pid 694] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 693] <... mmap resumed>) = 0x7f9b9c005000 [pid 694] <... open resumed>) = 5 [pid 694] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 692] <... futex resumed>) = 0 [pid 692] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 694] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 693] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 694] <... futex resumed>) = 1 [pid 692] <... futex resumed>) = 0 [pid 694] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] <... write resumed>) = 131072 [pid 693] munmap(0x7f9b9c005000, 138412032) = 0 [pid 693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 32.539132][ T690] loop0: detected capacity change from 0 to 256 [ 32.546766][ T690] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.557543][ T690] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.568060][ T690] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 693] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 693] close(3) = 0 [pid 693] close(6) = 0 [pid 693] mkdir("./file0", 0777) = 0 [pid 693] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 693] chdir("./file0") = 0 [pid 693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 693] ioctl(6, LOOP_CLR_FD) = 0 [pid 693] close(6) = 0 [pid 693] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 692] exit_group(0) = ? [pid 694] <... futex resumed>) = ? [pid 694] +++ exited with 0 +++ [pid 693] <... futex resumed>) = ? [pid 693] +++ exited with 0 +++ [pid 692] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=692, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 umount2("./128/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./128/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/bus") = 0 umount2("./128/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 695 ./strace-static-x86_64: Process 695 attached [pid 695] set_robust_list(0x5555720a9760, 24) = 0 [pid 695] chdir("./129") = 0 [pid 695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 695] setpgid(0, 0) = 0 [pid 695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 695] write(3, "1000", 4) = 4 [pid 695] close(3) = 0 [pid 695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 695] write(1, "executing program\n", 18executing program ) = 18 [pid 695] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 695] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 696 attached => {parent_tid=[696]}, 88) = 696 [pid 696] set_robust_list(0x7f9ba44469a0, 24 [pid 695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 695] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 695] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 696] <... set_robust_list resumed>) = 0 [pid 695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 697 attached [pid 696] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 697] set_robust_list(0x7f9ba44259a0, 24 [pid 695] <... clone3 resumed> => {parent_tid=[697]}, 88) = 697 [pid 696] memfd_create("syzkaller", 0) = 3 [pid 696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 697] <... set_robust_list resumed>) = 0 [pid 696] <... mmap resumed>) = 0x7f9b9c005000 [pid 695] rt_sigprocmask(SIG_SETMASK, [], [pid 697] rt_sigprocmask(SIG_SETMASK, [], [pid 695] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 695] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 697] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 697] creat("./bus", 000) = 4 [pid 696] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 697] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 697] <... futex resumed>) = 1 [pid 697] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 697] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 697] <... futex resumed>) = 1 [pid 697] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 697] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 697] <... futex resumed>) = 1 [pid 697] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 697] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 695] <... futex resumed>) = 0 [pid 697] <... futex resumed>) = 1 [pid 697] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 696] <... write resumed>) = 131072 [pid 696] munmap(0x7f9b9c005000, 138412032) = 0 [pid 696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 32.611325][ T693] loop0: detected capacity change from 0 to 256 [ 32.618950][ T693] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.629690][ T693] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.639966][ T693] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 696] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 696] close(3) = 0 [pid 696] close(6) = 0 [pid 696] mkdir("./file0", 0777) = 0 [pid 696] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 696] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 696] chdir("./file0") = 0 [pid 696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 696] ioctl(6, LOOP_CLR_FD) = 0 [pid 696] close(6) = 0 [pid 696] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 696] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 695] exit_group(0 [pid 697] <... futex resumed>) = ? [pid 695] <... exit_group resumed>) = ? [pid 697] +++ exited with 0 +++ [pid 696] <... futex resumed>) = ? [pid 696] +++ exited with 0 +++ [pid 695] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=695, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 umount2("./129/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./129/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/bus") = 0 umount2("./129/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 698 ./strace-static-x86_64: Process 698 attached [pid 698] set_robust_list(0x5555720a9760, 24) = 0 [pid 698] chdir("./130") = 0 [pid 698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 698] setpgid(0, 0) = 0 [pid 698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 698] write(3, "1000", 4) = 4 [pid 698] close(3) = 0 [pid 698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 698] write(1, "executing program\n", 18) = 18 [pid 698] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 698] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 698] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 698] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[699]}, 88) = 699 [pid 698] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 698] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 698] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 698] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[700]}, 88) = 700 [pid 698] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 698] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 700 attached [pid 700] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 700] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 700] creat("./bus", 000) = 3 [pid 700] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] <... futex resumed>) = 0 [pid 698] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] <... futex resumed>) = 1 [pid 700] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 700] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] <... futex resumed>) = 0 [pid 698] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] <... futex resumed>) = 1 [pid 700] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 700] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] <... futex resumed>) = 0 [pid 698] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] <... futex resumed>) = 1 [pid 700] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 700] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] <... futex resumed>) = 0 [pid 700] <... futex resumed>) = 1 [pid 700] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 699 attached [pid 699] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 699] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 699] memfd_create("syzkaller", 0) = 5 [pid 699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 32.680220][ T696] loop0: detected capacity change from 0 to 256 [ 32.687836][ T696] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.698364][ T696] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.708818][ T696] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 699] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 699] munmap(0x7f9b9c005000, 138412032) = 0 [pid 699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 699] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 699] close(5) = 0 [pid 699] close(6) = 0 [pid 699] mkdir("./file0", 0777) = 0 [pid 699] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 699] chdir("./file0") = 0 [pid 699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 699] ioctl(6, LOOP_CLR_FD) = 0 [pid 699] close(6) = 0 [pid 699] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 698] exit_group(0 [pid 700] <... futex resumed>) = ? [pid 698] <... exit_group resumed>) = ? [pid 700] +++ exited with 0 +++ [pid 699] <... futex resumed>) = ? [pid 699] +++ exited with 0 +++ [pid 698] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=698, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 umount2("./130/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./130/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/bus") = 0 umount2("./130/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./130/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 701 ./strace-static-x86_64: Process 701 attached [pid 701] set_robust_list(0x5555720a9760, 24) = 0 [pid 701] chdir("./131") = 0 [pid 701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 701] setpgid(0, 0) = 0 [pid 701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 701] write(3, "1000", 4) = 4 [pid 701] close(3) = 0 [pid 701] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 701] write(1, "executing program\n", 18) = 18 [pid 701] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 701] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 701] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 701] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[702]}, 88) = 702 [pid 701] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 701] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 701] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 701] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[703]}, 88) = 703 [pid 701] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 701] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 703 attached [pid 703] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 703] creat("./bus", 000) = 3 [pid 703] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] <... futex resumed>) = 0 [pid 701] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 703] <... futex resumed>) = 1 [pid 703] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 703] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] <... futex resumed>) = 0 [pid 701] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 703] <... futex resumed>) = 1 [pid 703] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 703] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] <... futex resumed>) = 0 [pid 701] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 703] <... futex resumed>) = 1 [pid 703] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 703] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] <... futex resumed>) = 0 [pid 703] <... futex resumed>) = 1 [pid 703] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 702 attached [pid 702] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 702] memfd_create("syzkaller", 0) = 5 [pid 702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 702] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 702] munmap(0x7f9b9c005000, 138412032) = 0 [pid 702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 32.748405][ T699] loop0: detected capacity change from 0 to 256 [ 32.756216][ T699] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.766707][ T699] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.776921][ T699] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 702] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 702] close(5) = 0 [pid 702] close(6) = 0 [pid 702] mkdir("./file0", 0777) = 0 [pid 702] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 702] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 702] chdir("./file0") = 0 [pid 702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 702] ioctl(6, LOOP_CLR_FD) = 0 [pid 702] close(6) = 0 [pid 702] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 701] exit_group(0) = ? [pid 703] <... futex resumed>) = ? [pid 702] <... futex resumed>) = ? [pid 703] +++ exited with 0 +++ [pid 702] +++ exited with 0 +++ [pid 701] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=701, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 umount2("./131/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./131/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/bus") = 0 umount2("./131/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 705 ./strace-static-x86_64: Process 705 attached [pid 705] set_robust_list(0x5555720a9760, 24) = 0 [pid 705] chdir("./132") = 0 [pid 705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 705] setpgid(0, 0) = 0 [pid 705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 705] write(3, "1000", 4) = 4 [pid 705] close(3) = 0 [pid 705] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 705] write(1, "executing program\n", 18) = 18 [pid 705] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 705] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 705] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 705] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[706]}, 88) = 706 [pid 705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 705] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 705] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 705] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[707]}, 88) = 707 [pid 705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 705] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 706 attached [pid 706] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 706] memfd_create("syzkaller", 0) = 3 [pid 706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 32.812617][ T702] loop0: detected capacity change from 0 to 256 [ 32.820287][ T702] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.830813][ T702] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.841120][ T702] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 706] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 706] munmap(0x7f9b9c005000, 138412032) = 0 [pid 706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 706] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 707 attached [pid 707] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 707] creat("./bus", 000) = 5 [pid 707] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 707] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 705] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 707] <... futex resumed>) = 0 [pid 707] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 707] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 707] <... futex resumed>) = 1 [pid 707] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 707] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] <... futex resumed>) = 0 [pid 705] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 707] <... futex resumed>) = 1 [pid 706] <... ioctl resumed>) = 0 [pid 706] close(3) = 0 [pid 707] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 706] close(4) = 0 [pid 707] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 707] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 706] mkdir("./file0", 0777 [pid 707] <... futex resumed>) = 1 [pid 705] <... futex resumed>) = 0 [pid 706] <... mkdir resumed>) = 0 [pid 707] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 706] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 706] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 706] chdir("./file0") = 0 [pid 706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 706] ioctl(4, LOOP_CLR_FD) = 0 [pid 706] close(4) = 0 [pid 706] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 705] exit_group(0) = ? [pid 707] <... futex resumed>) = ? [pid 706] <... futex resumed>) = ? [pid 707] +++ exited with 0 +++ [pid 706] +++ exited with 0 +++ [pid 705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=705, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 umount2("./132/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./132/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/bus") = 0 umount2("./132/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./132/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 708 ./strace-static-x86_64: Process 708 attached [pid 708] set_robust_list(0x5555720a9760, 24) = 0 executing program [pid 708] chdir("./133") = 0 [pid 708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 708] setpgid(0, 0) = 0 [pid 708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 708] write(3, "1000", 4) = 4 [pid 708] close(3) = 0 [pid 708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 708] write(1, "executing program\n", 18) = 18 [pid 708] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 708] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[709]}, 88) = 709 [pid 708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 708] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 708] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[710]}, 88) = 710 [pid 708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 708] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 710 attached [pid 710] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 710] creat("./bus", 000) = 3 [pid 710] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 708] <... futex resumed>) = 0 [pid 708] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... futex resumed>) = 1 [pid 710] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 710] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 708] <... futex resumed>) = 0 [pid 708] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... futex resumed>) = 1 [pid 710] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 710] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 708] <... futex resumed>) = 0 [pid 708] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 710] <... futex resumed>) = 1 [pid 710] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) ./strace-static-x86_64: Process 709 attached [pid 710] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 709] set_robust_list(0x7f9ba44469a0, 24 [pid 708] <... futex resumed>) = 0 [pid 710] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 709] <... set_robust_list resumed>) = 0 [pid 709] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 709] memfd_create("syzkaller", 0) = 5 [pid 709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 709] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 709] munmap(0x7f9b9c005000, 138412032) = 0 [pid 709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 32.876441][ T706] loop0: detected capacity change from 0 to 256 [ 32.884659][ T706] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.895162][ T706] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.905291][ T706] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 709] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 709] close(5) = 0 [pid 709] close(6) = 0 [pid 709] mkdir("./file0", 0777) = 0 [pid 709] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 709] chdir("./file0") = 0 [pid 709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 709] ioctl(6, LOOP_CLR_FD) = 0 [pid 709] close(6) = 0 [pid 709] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 709] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 708] exit_group(0 [pid 710] <... futex resumed>) = ? [pid 708] <... exit_group resumed>) = ? [pid 710] +++ exited with 0 +++ [pid 709] <... futex resumed>) = ? [pid 709] +++ exited with 0 +++ [pid 708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=708, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 umount2("./133/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./133/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/bus") = 0 umount2("./133/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./133/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 711 ./strace-static-x86_64: Process 711 attached [pid 711] set_robust_list(0x5555720a9760, 24) = 0 [pid 711] chdir("./134") = 0 [pid 711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 711] setpgid(0, 0) = 0 [pid 711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 711] write(3, "1000", 4) = 4 [pid 711] close(3) = 0 [pid 711] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 711] write(1, "executing program\n", 18) = 18 [pid 711] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 711] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 711] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 711] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 711] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[712]}, 88) = 712 [pid 711] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 711] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 711] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 711] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 711] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[713]}, 88) = 713 [pid 711] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 711] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 712 attached [pid 712] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 712] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 712] memfd_create("syzkaller", 0) = 3 [pid 712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 ./strace-static-x86_64: Process 713 attached [pid 713] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 713] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 712] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 713] creat("./bus", 000) = 4 [pid 712] <... write resumed>) = 131072 [pid 713] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 713] <... futex resumed>) = 1 [pid 713] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 713] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 713] <... futex resumed>) = 1 [pid 713] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 713] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 711] <... futex resumed>) = 0 [pid 711] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 713] <... futex resumed>) = 1 [pid 713] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 713] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 711] <... futex resumed>) = 0 [pid 713] <... futex resumed>) = 1 [pid 713] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 32.943433][ T709] loop0: detected capacity change from 0 to 256 [ 32.951200][ T709] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.961784][ T709] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 32.972270][ T709] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 712] munmap(0x7f9b9c005000, 138412032) = 0 [pid 712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 712] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 712] close(3) = 0 [pid 712] close(6) = 0 [pid 712] mkdir("./file0", 0777) = 0 [pid 712] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 712] chdir("./file0") = 0 [pid 712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 712] ioctl(6, LOOP_CLR_FD) = 0 [pid 712] close(6) = 0 [pid 712] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 712] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 711] exit_group(0 [pid 713] <... futex resumed>) = ? [pid 711] <... exit_group resumed>) = ? [pid 713] +++ exited with 0 +++ [pid 712] <... futex resumed>) = ? [pid 712] +++ exited with 0 +++ [pid 711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=711, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 umount2("./134/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./134/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/bus") = 0 umount2("./134/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./134/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 714 ./strace-static-x86_64: Process 714 attached [pid 714] set_robust_list(0x5555720a9760, 24) = 0 [pid 714] chdir("./135") = 0 [pid 714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 714] setpgid(0, 0) = 0 [pid 714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 714] write(3, "1000", 4) = 4 [pid 714] close(3) = 0 [pid 714] symlink("/dev/binderfs", "./binderfs") = 0 [pid 714] write(1, "executing program\n", 18) = 18 [pid 714] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 714] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 714] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 714] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 714] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[715]}, 88) = 715 [pid 714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 714] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 714] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 714] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 714] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[716]}, 88) = 716 [pid 714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 714] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 714] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 716 attached [pid 716] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 716] creat("./bus", 000) = 3 [pid 716] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 714] <... futex resumed>) = 0 [pid 714] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 714] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] <... futex resumed>) = 1 [pid 716] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 716] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 714] <... futex resumed>) = 0 [pid 714] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 714] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] <... futex resumed>) = 1 [pid 716] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 716] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 714] <... futex resumed>) = 0 [pid 714] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 714] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 716] <... futex resumed>) = 1 [pid 716] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 716] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 714] <... futex resumed>) = 0 [pid 716] <... futex resumed>) = 1 [pid 716] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 715 attached [pid 715] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 715] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 715] memfd_create("syzkaller", 0) = 5 [pid 715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 715] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 715] munmap(0x7f9b9c005000, 138412032) = 0 [pid 715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 33.009909][ T712] loop0: detected capacity change from 0 to 256 [ 33.017357][ T712] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.027938][ T712] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 33.038479][ T712] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 715] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 715] close(5) = 0 [pid 715] close(6) = 0 [pid 715] mkdir("./file0", 0777) = 0 [pid 715] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 715] chdir("./file0") = 0 [pid 715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 715] ioctl(6, LOOP_CLR_FD) = 0 [pid 715] close(6) = 0 [pid 715] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 714] exit_group(0 [pid 716] <... futex resumed>) = ? [pid 714] <... exit_group resumed>) = ? [pid 716] +++ exited with 0 +++ [pid 715] <... futex resumed>) = ? [pid 715] +++ exited with 0 +++ [pid 714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=714, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 umount2("./135/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./135/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/bus") = 0 umount2("./135/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./135/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 717 ./strace-static-x86_64: Process 717 attached [pid 717] set_robust_list(0x5555720a9760, 24) = 0 [pid 717] chdir("./136") = 0 [pid 717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 717] setpgid(0, 0) = 0 [pid 717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 717] write(3, "1000", 4) = 4 [pid 717] close(3) = 0 [pid 717] symlink("/dev/binderfs", "./binderfs") = 0 [pid 717] write(1, "executing program\n", 18executing program ) = 18 [pid 717] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 717] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 717] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 717] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 718 attached => {parent_tid=[718]}, 88) = 718 [pid 718] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 718] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 717] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 717] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 718] <... futex resumed>) = 0 [pid 718] memfd_create("syzkaller", 0) = 3 [pid 718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c026000 [pid 717] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9b9c005000 [pid 717] mprotect(0x7f9b9c006000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 717] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 718] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9b9c025990, parent_tid=0x7f9b9c025990, exit_signal=0, stack=0x7f9b9c005000, stack_size=0x20240, tls=0x7f9b9c0256c0}./strace-static-x86_64: Process 719 attached [pid 719] set_robust_list(0x7f9b9c0259a0, 24) = 0 [pid 719] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 719] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 717] <... clone3 resumed> => {parent_tid=[719]}, 88) = 719 [pid 718] <... write resumed>) = 131072 [pid 718] munmap(0x7f9b9c026000, 138412032) = 0 [pid 717] rt_sigprocmask(SIG_SETMASK, [], [pid 718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 718] ioctl(4, LOOP_SET_FD, 3 [pid 717] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 719] <... futex resumed>) = 0 [pid 717] <... futex resumed>) = 1 [ 33.074170][ T715] loop0: detected capacity change from 0 to 256 [ 33.082767][ T715] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.093431][ T715] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 33.104078][ T715] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 719] creat("./bus", 000) = 5 [pid 719] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 719] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 717] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 717] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 719] <... futex resumed>) = 0 [pid 719] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 719] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 719] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 717] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 717] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 719] <... futex resumed>) = 0 [pid 719] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 719] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 719] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 717] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 718] <... ioctl resumed>) = 0 [pid 717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 718] close(3 [pid 717] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 719] <... futex resumed>) = 0 [pid 719] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 718] <... close resumed>) = 0 [pid 717] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 719] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 719] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 719] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 718] close(4) = 0 [pid 717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 718] mkdir("./file0", 0777) = 0 [pid 718] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 718] chdir("./file0") = 0 [pid 718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 718] ioctl(4, LOOP_CLR_FD) = 0 [pid 718] close(4) = 0 [pid 718] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 718] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 717] exit_group(0) = ? [pid 718] <... futex resumed>) = ? [pid 718] +++ exited with 0 +++ [pid 719] <... futex resumed>) = ? [pid 719] +++ exited with 0 +++ [pid 717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=717, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 umount2("./136/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./136/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/bus") = 0 umount2("./136/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./136/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 720 ./strace-static-x86_64: Process 720 attached [pid 720] set_robust_list(0x5555720a9760, 24) = 0 [pid 720] chdir("./137") = 0 [pid 720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 720] setpgid(0, 0) = 0 [pid 720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 720] write(3, "1000", 4) = 4 [pid 720] close(3) = 0 [pid 720] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 720] write(1, "executing program\n", 18) = 18 [pid 720] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 720] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 720] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 720] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[721]}, 88) = 721 [pid 720] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 720] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 720] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 720] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[722]}, 88) = 722 [pid 720] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 720] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 722 attached [pid 722] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 722] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 722] creat("./bus", 000./strace-static-x86_64: Process 721 attached [pid 721] set_robust_list(0x7f9ba44469a0, 24 [pid 722] <... creat resumed>) = 3 [pid 721] <... set_robust_list resumed>) = 0 [pid 722] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... futex resumed>) = 0 [pid 720] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... futex resumed>) = 1 [pid 722] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 722] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... futex resumed>) = 0 [pid 720] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... futex resumed>) = 1 [pid 722] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 722] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... futex resumed>) = 0 [pid 720] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... futex resumed>) = 1 [pid 722] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 722] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... futex resumed>) = 0 [pid 722] <... futex resumed>) = 1 [pid 721] rt_sigprocmask(SIG_SETMASK, [], [pid 722] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 721] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 721] memfd_create("syzkaller", 0) = 5 [pid 721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 721] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 721] munmap(0x7f9b9c005000, 138412032) = 0 [pid 721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 33.142886][ T718] loop0: detected capacity change from 0 to 256 [ 33.151393][ T718] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.162300][ T718] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 33.172545][ T718] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 721] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 721] close(5) = 0 [pid 721] close(6) = 0 [pid 721] mkdir("./file0", 0777) = 0 [pid 721] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 721] chdir("./file0") = 0 [pid 721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 721] ioctl(6, LOOP_CLR_FD) = 0 [pid 721] close(6) = 0 [pid 721] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] exit_group(0 [pid 722] <... futex resumed>) = ? [pid 720] <... exit_group resumed>) = ? [pid 722] +++ exited with 0 +++ [pid 721] +++ exited with 0 +++ [pid 720] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=720, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 umount2("./137/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./137/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/bus") = 0 umount2("./137/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./137/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 723 ./strace-static-x86_64: Process 723 attached [pid 723] set_robust_list(0x5555720a9760, 24) = 0 [pid 723] chdir("./138") = 0 [pid 723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 723] setpgid(0, 0) = 0 [pid 723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 723] write(3, "1000", 4) = 4 [pid 723] close(3) = 0 [pid 723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 723] write(1, "executing program\n", 18executing program ) = 18 [pid 723] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 723] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 723] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 723] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[724]}, 88) = 724 [pid 723] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 723] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 723] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 723] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[725]}, 88) = 725 [pid 723] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 725 attached ./strace-static-x86_64: Process 724 attached NULL, 8) = 0 [pid 723] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 725] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 725] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 725] creat("./bus", 000 [pid 724] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 725] <... creat resumed>) = 3 [pid 724] rt_sigprocmask(SIG_SETMASK, [], [pid 725] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 725] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 725] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 725] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 725] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 725] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 725] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 723] <... futex resumed>) = 0 [pid 725] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 724] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 724] memfd_create("syzkaller", 0) = 5 [pid 724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 724] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 724] munmap(0x7f9b9c005000, 138412032) = 0 [pid 724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 33.209949][ T721] loop0: detected capacity change from 0 to 256 [ 33.218077][ T721] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.228831][ T721] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 33.239077][ T721] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 724] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 724] close(5) = 0 [pid 724] close(6) = 0 [pid 724] mkdir("./file0", 0777) = 0 [ 33.287716][ T724] loop0: detected capacity change from 0 to 256 [ 33.306001][ T724] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.316572][ T724] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [pid 724] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 724] chdir("./file0") = 0 [pid 724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 724] ioctl(6, LOOP_CLR_FD) = 0 [pid 724] close(6) = 0 [pid 724] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 724] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 723] exit_group(0) = ? [pid 724] <... futex resumed>) = ? [pid 724] +++ exited with 0 +++ [pid 725] <... futex resumed>) = ? [pid 725] +++ exited with 0 +++ [pid 723] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=723, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 umount2("./138/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./138/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/bus") = 0 umount2("./138/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./138/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 726 ./strace-static-x86_64: Process 726 attached [pid 726] set_robust_list(0x5555720a9760, 24) = 0 [pid 726] chdir("./139") = 0 [pid 726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 726] setpgid(0, 0) = 0 [pid 726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 726] write(3, "1000", 4) = 4 [pid 726] close(3) = 0 [pid 726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 726] write(1, "executing program\n", 18) = 18 [pid 726] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 726] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 726] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[727]}, 88) = 727 [pid 726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 726] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 726] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[728]}, 88) = 728 [pid 726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 726] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 728 attached [pid 728] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 728] creat("./bus", 000) = 3 [pid 728] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 726] <... futex resumed>) = 0 [pid 726] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... futex resumed>) = 1 [pid 728] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 728] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 726] <... futex resumed>) = 0 [pid 726] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... futex resumed>) = 1 [pid 728] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000./strace-static-x86_64: Process 727 attached ) = 4 [pid 727] set_robust_list(0x7f9ba44469a0, 24 [pid 728] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 726] <... futex resumed>) = 0 [pid 726] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... futex resumed>) = 1 [pid 727] <... set_robust_list resumed>) = 0 [pid 728] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 727] rt_sigprocmask(SIG_SETMASK, [], [pid 728] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 728] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 726] <... futex resumed>) = 0 [pid 728] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 727] memfd_create("syzkaller", 0) = 5 [pid 727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 727] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 727] munmap(0x7f9b9c005000, 138412032) = 0 [pid 727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 33.327212][ T724] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 727] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 727] close(5) = 0 [pid 727] close(6) = 0 [pid 727] mkdir("./file0", 0777) = 0 [ 33.367454][ T727] loop0: detected capacity change from 0 to 256 [ 33.375418][ T727] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.386077][ T727] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 33.396226][ T727] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 727] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 727] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 727] chdir("./file0") = 0 [pid 727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 727] ioctl(6, LOOP_CLR_FD) = 0 [pid 727] close(6) = 0 [pid 727] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 726] exit_group(0 [pid 728] <... futex resumed>) = ? [pid 726] <... exit_group resumed>) = ? [pid 728] +++ exited with 0 +++ [pid 727] <... futex resumed>) = ? [pid 727] +++ exited with 0 +++ [pid 726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=726, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 umount2("./139/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./139/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/bus") = 0 umount2("./139/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./139/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 729 ./strace-static-x86_64: Process 729 attached [pid 729] set_robust_list(0x5555720a9760, 24) = 0 [pid 729] chdir("./140") = 0 [pid 729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 729] setpgid(0, 0) = 0 [pid 729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 729] write(3, "1000", 4) = 4 [pid 729] close(3) = 0 [pid 729] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 729] write(1, "executing program\n", 18) = 18 [pid 729] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 729] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 729] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 729] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[730]}, 88) = 730 [pid 729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 729] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 729] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 729] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[731]}, 88) = 731 [pid 729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 729] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 730 attached ./strace-static-x86_64: Process 731 attached [pid 731] set_robust_list(0x7f9ba44259a0, 24 [pid 730] set_robust_list(0x7f9ba44469a0, 24 [pid 731] <... set_robust_list resumed>) = 0 [pid 731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 731] creat("./bus", 000) = 3 [pid 731] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 729] <... futex resumed>) = 0 [pid 729] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 731] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 729] <... futex resumed>) = 0 [pid 729] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 731] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 729] <... futex resumed>) = 0 [pid 729] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 731] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 729] <... futex resumed>) = 0 [pid 731] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 730] <... set_robust_list resumed>) = 0 [pid 730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 730] memfd_create("syzkaller", 0) = 5 [pid 730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 730] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 730] munmap(0x7f9b9c005000, 138412032) = 0 [pid 730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 33.402320][ T28] audit: type=1400 audit(1744814351.059:75): avc: denied { remove_name } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 33.430332][ T28] audit: type=1400 audit(1744814351.059:76): avc: denied { rename } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [pid 730] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 730] close(5) = 0 [pid 730] close(6) = 0 [pid 730] mkdir("./file0", 0777) = 0 [pid 730] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 730] chdir("./file0") = 0 [pid 730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 730] ioctl(6, LOOP_CLR_FD) = 0 [pid 730] close(6) = 0 [pid 730] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 729] exit_group(0 [pid 731] <... futex resumed>) = ? [pid 729] <... exit_group resumed>) = ? [pid 731] +++ exited with 0 +++ [pid 730] <... futex resumed>) = ? [pid 730] +++ exited with 0 +++ [pid 729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=729, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./140/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 umount2("./140/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./140/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/bus") = 0 [ 33.470403][ T730] loop0: detected capacity change from 0 to 256 [ 33.478913][ T730] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.489971][ T730] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 33.499823][ T730] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) umount2("./140/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./140/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 732 ./strace-static-x86_64: Process 732 attached [pid 732] set_robust_list(0x5555720a9760, 24) = 0 [pid 732] chdir("./141") = 0 [pid 732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 732] setpgid(0, 0) = 0 [pid 732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 732] write(3, "1000", 4) = 4 [pid 732] close(3) = 0 [pid 732] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 732] write(1, "executing program\n", 18) = 18 [pid 732] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 732] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 732] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[733]}, 88) = 733 [pid 732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 732] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 732] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[734]}, 88) = 734 [pid 732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 732] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 734 attached [pid 734] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 734] creat("./bus", 000) = 3 [pid 734] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 732] <... futex resumed>) = 0 [pid 732] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] <... futex resumed>) = 1 [pid 734] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 734] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 732] <... futex resumed>) = 0 [pid 732] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] <... futex resumed>) = 1 [pid 734] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 734] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 732] <... futex resumed>) = 0 [pid 732] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] <... futex resumed>) = 1 [pid 734] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 734] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 732] <... futex resumed>) = 0 [pid 734] <... futex resumed>) = 1 [pid 734] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 733 attached [pid 733] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 733] memfd_create("syzkaller", 0) = 5 [pid 733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 733] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 733] munmap(0x7f9b9c005000, 138412032) = 0 [pid 733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 733] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 733] close(5) = 0 [pid 733] close(6) = 0 [pid 733] mkdir("./file0", 0777) = 0 [pid 733] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 733] chdir("./file0") = 0 [pid 733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 733] ioctl(6, LOOP_CLR_FD) = 0 [pid 733] close(6) = 0 [pid 733] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 732] exit_group(0 [pid 734] <... futex resumed>) = ? [pid 732] <... exit_group resumed>) = ? [pid 734] +++ exited with 0 +++ [pid 733] <... futex resumed>) = ? [pid 733] +++ exited with 0 +++ [pid 732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=732, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./141", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./141/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 umount2("./141/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./141/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/bus") = 0 umount2("./141/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./141/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 735 ./strace-static-x86_64: Process 735 attached [pid 735] set_robust_list(0x5555720a9760, 24) = 0 [pid 735] chdir("./142") = 0 [pid 735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 735] setpgid(0, 0) = 0 [pid 735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 735] write(3, "1000", 4) = 4 [pid 735] close(3) = 0 [pid 735] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 735] write(1, "executing program\n", 18) = 18 [pid 735] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 735] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 735] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 735] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[736]}, 88) = 736 [pid 735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 735] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 735] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 735] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[737]}, 88) = 737 [pid 735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 735] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 737 attached [pid 737] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 737] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 737] creat("./bus", 000) = 3 [pid 737] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 735] <... futex resumed>) = 0 [pid 735] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] <... futex resumed>) = 1 [pid 737] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 737] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 735] <... futex resumed>) = 0 [pid 735] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] <... futex resumed>) = 1 [pid 737] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 737] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 735] <... futex resumed>) = 0 [pid 735] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] <... futex resumed>) = 1 [pid 737] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 737] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 735] <... futex resumed>) = 0 [pid 737] <... futex resumed>) = 1 [pid 737] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 736 attached [pid 736] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 736] memfd_create("syzkaller", 0) = 5 [pid 736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 33.565044][ T733] loop0: detected capacity change from 0 to 256 [ 33.573331][ T733] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.583903][ T733] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 33.594436][ T733] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 736] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 736] munmap(0x7f9b9c005000, 138412032) = 0 [pid 736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 736] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 736] close(5) = 0 [pid 736] close(6) = 0 [pid 736] mkdir("./file0", 0777) = 0 [pid 736] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 736] chdir("./file0") = 0 [pid 736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 736] ioctl(6, LOOP_CLR_FD) = 0 [pid 736] close(6) = 0 [pid 736] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] exit_group(0) = ? [pid 736] <... futex resumed>) = ? [pid 736] +++ exited with 0 +++ [pid 737] <... futex resumed>) = ? [pid 737] +++ exited with 0 +++ [pid 735] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=735, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./142", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./142/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 umount2("./142/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./142/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/bus") = 0 umount2("./142/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./142/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 738 ./strace-static-x86_64: Process 738 attached [pid 738] set_robust_list(0x5555720a9760, 24) = 0 [pid 738] chdir("./143") = 0 [pid 738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 738] setpgid(0, 0) = 0 [pid 738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 738] write(3, "1000", 4) = 4 [pid 738] close(3) = 0 [pid 738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 738] write(1, "executing program\n", 18) = 18 [pid 738] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 738] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 738] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 738] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 738] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[739]}, 88) = 739 [pid 738] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 738] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 738] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 738] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 738] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[740]}, 88) = 740 [pid 738] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 738] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 740 attached [pid 740] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 740] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 740] creat("./bus", 000) = 3 [pid 740] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 738] <... futex resumed>) = 0 [pid 738] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... futex resumed>) = 1 [pid 740] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 740] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 738] <... futex resumed>) = 0 [pid 738] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... futex resumed>) = 1 [pid 740] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 740] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 738] <... futex resumed>) = 0 [pid 738] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... futex resumed>) = 1 [pid 740] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 740] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 738] <... futex resumed>) = 0 [pid 740] <... futex resumed>) = 1 [pid 740] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 739 attached [pid 739] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 739] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 739] memfd_create("syzkaller", 0) = 5 [pid 739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 739] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 739] munmap(0x7f9b9c005000, 138412032) = 0 [pid 739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 33.628969][ T736] loop0: detected capacity change from 0 to 256 [ 33.636592][ T736] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.647158][ T736] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 33.657590][ T736] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 739] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 739] close(5) = 0 [pid 739] close(6) = 0 [pid 739] mkdir("./file0", 0777) = 0 [pid 739] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 739] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 739] chdir("./file0") = 0 [pid 739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 739] ioctl(6, LOOP_CLR_FD) = 0 [pid 739] close(6) = 0 [pid 739] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 739] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 738] exit_group(0 [pid 740] <... futex resumed>) = ? [pid 738] <... exit_group resumed>) = ? [pid 740] +++ exited with 0 +++ [pid 739] <... futex resumed>) = ? [pid 739] +++ exited with 0 +++ [pid 738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=738, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./143/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 umount2("./143/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./143/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/bus") = 0 umount2("./143/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./143/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 741 ./strace-static-x86_64: Process 741 attached [pid 741] set_robust_list(0x5555720a9760, 24) = 0 [pid 741] chdir("./144") = 0 [pid 741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 741] setpgid(0, 0) = 0 [pid 741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 741] write(3, "1000", 4) = 4 [pid 741] close(3) = 0 [pid 741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 741] write(1, "executing program\n", 18) = 18 [pid 741] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 741] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 741] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 741] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[742]}, 88) = 742 [pid 741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 741] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 741] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 741] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[743]}, 88) = 743 [pid 741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 741] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 743 attached [pid 743] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 743] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 743] creat("./bus", 000) = 3 [pid 743] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 741] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 743] <... futex resumed>) = 1 [pid 743] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 743] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 741] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 743] <... futex resumed>) = 1 [pid 743] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 743] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 741] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 743] <... futex resumed>) = 1 [pid 743] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 743] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 743] <... futex resumed>) = 1 [pid 743] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 742 attached [pid 742] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 742] memfd_create("syzkaller", 0) = 5 [pid 742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 742] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 742] munmap(0x7f9b9c005000, 138412032) = 0 [pid 742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 33.695152][ T739] loop0: detected capacity change from 0 to 256 [ 33.702789][ T739] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.713325][ T739] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 33.723437][ T739] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 742] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 742] close(5) = 0 [pid 742] close(6) = 0 [pid 742] mkdir("./file0", 0777) = 0 [pid 742] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 742] chdir("./file0") = 0 [pid 742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 742] ioctl(6, LOOP_CLR_FD) = 0 [pid 742] close(6) = 0 [pid 742] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 742] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] exit_group(0 [pid 743] <... futex resumed>) = ? [pid 741] <... exit_group resumed>) = ? [pid 743] +++ exited with 0 +++ [pid 742] <... futex resumed>) = ? [pid 742] +++ exited with 0 +++ [pid 741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=741, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./144", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./144/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 umount2("./144/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./144/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/bus") = 0 umount2("./144/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./144/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 745 ./strace-static-x86_64: Process 745 attached [pid 745] set_robust_list(0x5555720a9760, 24) = 0 [pid 745] chdir("./145") = 0 [pid 745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 745] setpgid(0, 0) = 0 [pid 745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 745] write(3, "1000", 4) = 4 [pid 745] close(3) = 0 [pid 745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 745] write(1, "executing program\n", 18) = 18 [pid 745] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 745] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 745] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[746]}, 88) = 746 [pid 745] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 745] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 745] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[747]}, 88) = 747 [pid 745] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 745] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 747 attached [pid 747] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 747] creat("./bus", 000) = 3 [pid 747] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 747] <... futex resumed>) = 1 [pid 747] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 747] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 747] <... futex resumed>) = 1 [pid 747] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 747] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 745] <... futex resumed>) = 0 [pid 745] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 747] <... futex resumed>) = 1 [pid 747] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 747] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 745] <... futex resumed>) = 0 [pid 747] <... futex resumed>) = 1 [pid 747] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 746 attached [pid 746] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 746] memfd_create("syzkaller", 0) = 5 [pid 746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 746] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 746] munmap(0x7f9b9c005000, 138412032) = 0 [pid 746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 33.762127][ T742] loop0: detected capacity change from 0 to 256 [ 33.769670][ T742] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.780236][ T742] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 33.791040][ T742] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 746] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 746] close(5) = 0 [pid 746] close(6) = 0 [pid 746] mkdir("./file0", 0777) = 0 [pid 746] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 746] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 746] chdir("./file0") = 0 [pid 746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 746] ioctl(6, LOOP_CLR_FD) = 0 [pid 746] close(6) = 0 [pid 746] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 746] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] exit_group(0 [pid 747] <... futex resumed>) = ? [pid 745] <... exit_group resumed>) = ? [pid 747] +++ exited with 0 +++ [pid 746] <... futex resumed>) = ? [pid 746] +++ exited with 0 +++ [pid 745] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=745, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./145/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 umount2("./145/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./145/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/bus") = 0 umount2("./145/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./145/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 748 ./strace-static-x86_64: Process 748 attached [pid 748] set_robust_list(0x5555720a9760, 24) = 0 [pid 748] chdir("./146") = 0 [pid 748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 748] setpgid(0, 0) = 0 [pid 748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 748] write(3, "1000", 4) = 4 [pid 748] close(3) = 0 [pid 748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 748] write(1, "executing program\n", 18) = 18 [pid 748] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 748] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 748] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 748] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[749]}, 88) = 749 [pid 748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 748] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 748] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 748] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[750]}, 88) = 750 [pid 748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 748] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 748] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 750 attached [pid 750] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 750] creat("./bus", 000) = 3 [pid 750] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 748] <... futex resumed>) = 0 [pid 748] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 748] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 750] <... futex resumed>) = 1 [pid 750] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 750] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 748] <... futex resumed>) = 0 [pid 748] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 748] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 750] <... futex resumed>) = 1 [pid 750] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 750] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 748] <... futex resumed>) = 0 [pid 748] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 748] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 750] <... futex resumed>) = 1 [pid 750] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 750] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 748] <... futex resumed>) = 0 [pid 750] <... futex resumed>) = 1 [pid 750] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 749 attached [pid 749] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 749] memfd_create("syzkaller", 0) = 5 [pid 749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 749] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 749] munmap(0x7f9b9c005000, 138412032) = 0 [pid 749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 33.829527][ T746] loop0: detected capacity change from 0 to 256 [ 33.837171][ T746] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.847751][ T746] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 33.858205][ T746] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 749] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 749] close(5) = 0 [pid 749] close(6) = 0 [pid 749] mkdir("./file0", 0777) = 0 [pid 749] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 749] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 749] chdir("./file0") = 0 [pid 749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 749] ioctl(6, LOOP_CLR_FD) = 0 [pid 749] close(6) = 0 [pid 749] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 749] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 748] exit_group(0 [pid 750] <... futex resumed>) = ? [pid 748] <... exit_group resumed>) = ? [pid 750] +++ exited with 0 +++ [pid 749] <... futex resumed>) = ? [pid 749] +++ exited with 0 +++ [pid 748] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=748, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./146/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 umount2("./146/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./146/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/bus") = 0 umount2("./146/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./146/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 751 ./strace-static-x86_64: Process 751 attached [pid 751] set_robust_list(0x5555720a9760, 24) = 0 [pid 751] chdir("./147") = 0 [pid 751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 751] setpgid(0, 0) = 0 [pid 751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 751] write(3, "1000", 4) = 4 [pid 751] close(3) = 0 [pid 751] symlink("/dev/binderfs", "./binderfs") = 0 [pid 751] write(1, "executing program\n", 18) = 18 [pid 751] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 751] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 751] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 751] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 751] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[752]}, 88) = 752 [pid 751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 751] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 751] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 751] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 751] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[753]}, 88) = 753 [pid 751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 751] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 753 attached [pid 753] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 753] creat("./bus", 000) = 3 [pid 753] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 753] <... futex resumed>) = 1 [pid 753] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 753] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 753] <... futex resumed>) = 1 [pid 753] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 753] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 751] <... futex resumed>) = 0 [pid 751] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 753] <... futex resumed>) = 1 [pid 753] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 753] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 751] <... futex resumed>) = 0 [pid 753] <... futex resumed>) = 1 [pid 753] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 752 attached [pid 752] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 752] memfd_create("syzkaller", 0) = 5 [pid 752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 752] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 752] munmap(0x7f9b9c005000, 138412032) = 0 [pid 752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 33.896541][ T749] loop0: detected capacity change from 0 to 256 [ 33.904044][ T749] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.914597][ T749] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 33.925279][ T749] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 752] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 752] close(5) = 0 [pid 752] close(6) = 0 [pid 752] mkdir("./file0", 0777) = 0 [pid 752] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 752] chdir("./file0") = 0 [pid 752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 752] ioctl(6, LOOP_CLR_FD) = 0 [pid 752] close(6) = 0 [pid 752] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 752] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 751] exit_group(0) = ? [pid 752] <... futex resumed>) = ? [pid 752] +++ exited with 0 +++ [pid 753] <... futex resumed>) = ? [pid 753] +++ exited with 0 +++ [pid 751] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=751, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./147", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./147/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/binderfs") = 0 umount2("./147/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./147/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/bus") = 0 umount2("./147/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./147/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./147/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 754 ./strace-static-x86_64: Process 754 attached [pid 754] set_robust_list(0x5555720a9760, 24) = 0 [pid 754] chdir("./148") = 0 [pid 754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 754] setpgid(0, 0) = 0 [pid 754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 754] write(3, "1000", 4) = 4 [pid 754] close(3) = 0 [pid 754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 754] write(1, "executing program\n", 18) = 18 [pid 754] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 754] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 754] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 754] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[755]}, 88) = 755 [pid 754] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 754] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 754] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 754] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[756]}, 88) = 756 [pid 754] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 754] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 756 attached [pid 756] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 756] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 756] creat("./bus", 000) = 3 [pid 756] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 754] <... futex resumed>) = 0 [pid 754] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 756] <... futex resumed>) = 1 [pid 756] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 756] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 754] <... futex resumed>) = 0 [pid 754] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 756] <... futex resumed>) = 1 [pid 756] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 756] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 754] <... futex resumed>) = 0 [pid 754] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 756] <... futex resumed>) = 1 [pid 756] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 756] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 754] <... futex resumed>) = 0 [pid 756] <... futex resumed>) = 1 [pid 756] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 755 attached [pid 755] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 755] memfd_create("syzkaller", 0) = 5 [pid 755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 755] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 755] munmap(0x7f9b9c005000, 138412032) = 0 [pid 755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 33.963030][ T752] loop0: detected capacity change from 0 to 256 [ 33.970667][ T752] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 33.981231][ T752] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 33.992196][ T752] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 755] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 755] close(5) = 0 [pid 755] close(6) = 0 [pid 755] mkdir("./file0", 0777) = 0 [pid 755] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 755] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 755] chdir("./file0") = 0 [pid 755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 755] ioctl(6, LOOP_CLR_FD) = 0 [pid 755] close(6) = 0 [pid 755] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 755] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 754] exit_group(0 [pid 756] <... futex resumed>) = ? [pid 754] <... exit_group resumed>) = ? [pid 756] +++ exited with 0 +++ [pid 755] <... futex resumed>) = ? [pid 755] +++ exited with 0 +++ [pid 754] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=754, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./148/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 umount2("./148/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./148/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/bus") = 0 umount2("./148/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./148/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./148/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 757 ./strace-static-x86_64: Process 757 attached [pid 757] set_robust_list(0x5555720a9760, 24) = 0 [pid 757] chdir("./149") = 0 [pid 757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 757] setpgid(0, 0) = 0 [pid 757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 757] write(3, "1000", 4) = 4 [pid 757] close(3) = 0 [pid 757] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 757] write(1, "executing program\n", 18) = 18 [pid 757] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 757] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 757] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 757] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 757] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[758]}, 88) = 758 [pid 757] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 757] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 757] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 757] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 757] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[759]}, 88) = 759 [pid 757] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 757] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 759 attached [pid 759] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 759] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 759] creat("./bus", 000) = 3 [pid 759] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 759] <... futex resumed>) = 1 [pid 759] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 759] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 759] <... futex resumed>) = 1 [pid 759] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 759] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] <... futex resumed>) = 0 [pid 757] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 759] <... futex resumed>) = 1 [pid 759] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 759] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] <... futex resumed>) = 0 ./strace-static-x86_64: Process 758 attached [pid 759] <... futex resumed>) = 1 [pid 759] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 758] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 758] memfd_create("syzkaller", 0) = 5 [pid 758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 758] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 758] munmap(0x7f9b9c005000, 138412032) = 0 [pid 758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 34.029370][ T755] loop0: detected capacity change from 0 to 256 [ 34.038019][ T755] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 34.048788][ T755] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 34.059443][ T755] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 758] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 758] close(5) = 0 [pid 758] close(6) = 0 [pid 758] mkdir("./file0", 0777) = 0 [pid 758] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 758] chdir("./file0") = 0 [pid 758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 758] ioctl(6, LOOP_CLR_FD) = 0 [pid 758] close(6) = 0 [pid 758] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 758] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] exit_group(0) = ? [pid 758] <... futex resumed>) = ? [pid 758] +++ exited with 0 +++ [pid 759] <... futex resumed>) = ? [pid 759] +++ exited with 0 +++ [pid 757] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=757, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./149", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./149/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 umount2("./149/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./149/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/bus") = 0 umount2("./149/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./149/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./149/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149"executing program ) = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 760 ./strace-static-x86_64: Process 760 attached [pid 760] set_robust_list(0x5555720a9760, 24) = 0 [pid 760] chdir("./150") = 0 [pid 760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 760] setpgid(0, 0) = 0 [pid 760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 760] write(3, "1000", 4) = 4 [pid 760] close(3) = 0 [pid 760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 760] write(1, "executing program\n", 18) = 18 [pid 760] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 760] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 760] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 760] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[761]}, 88) = 761 [pid 760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 760] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 760] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 760] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 761 attached ./strace-static-x86_64: Process 762 attached => {parent_tid=[762]}, 88) = 762 [pid 760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 760] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 760] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 761] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 761] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 762] set_robust_list(0x7f9ba44259a0, 24 [pid 761] memfd_create("syzkaller", 0 [pid 762] <... set_robust_list resumed>) = 0 [pid 762] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 762] creat("./bus", 000 [pid 761] <... memfd_create resumed>) = 4 [pid 761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 762] <... creat resumed>) = 3 [pid 762] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 761] <... mmap resumed>) = 0x7f9b9c005000 [pid 762] <... futex resumed>) = 1 [pid 761] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 760] <... futex resumed>) = 0 [pid 760] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 762] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 761] <... write resumed>) = 131072 [pid 760] <... futex resumed>) = 0 [pid 760] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 762] <... mount resumed>) = 0 [pid 762] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 760] <... futex resumed>) = 0 [pid 760] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 762] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 761] munmap(0x7f9b9c005000, 138412032 [pid 760] <... futex resumed>) = 0 [pid 760] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 762] <... open resumed>) = 5 [pid 762] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 761] <... munmap resumed>) = 0 [pid 760] <... futex resumed>) = 0 [pid 760] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 760] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 762] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 762] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 760] <... futex resumed>) = 0 [pid 762] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 34.098467][ T758] loop0: detected capacity change from 0 to 256 [ 34.107356][ T758] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 34.117965][ T758] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 34.128617][ T758] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 761] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 761] close(4) = 0 [pid 761] close(6) = 0 [pid 761] mkdir("./file0", 0777) = 0 [pid 761] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 761] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 761] chdir("./file0") = 0 [pid 761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 761] ioctl(6, LOOP_CLR_FD) = 0 [pid 761] close(6) = 0 [pid 761] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 761] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 760] exit_group(0) = ? [pid 761] <... futex resumed>) = ? [pid 761] +++ exited with 0 +++ [pid 762] <... futex resumed>) = ? [pid 762] +++ exited with 0 +++ [pid 760] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=760, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./150/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 umount2("./150/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./150/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/bus") = 0 umount2("./150/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./150/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./150/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 763 ./strace-static-x86_64: Process 763 attached [pid 763] set_robust_list(0x5555720a9760, 24) = 0 [pid 763] chdir("./151") = 0 [pid 763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 763] setpgid(0, 0) = 0 [pid 763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 763] write(3, "1000", 4) = 4 [pid 763] close(3) = 0 [pid 763] symlink("/dev/binderfs", "./binderfs") = 0 [pid 763] write(1, "executing program\n", 18) = 18 [pid 763] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 763] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 763] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 763] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[764]}, 88) = 764 [pid 763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 763] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 763] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 763] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[765]}, 88) = 765 [pid 763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 763] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 765 attached [pid 765] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 765] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 765] creat("./bus", 000) = 3 [pid 765] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 765] <... futex resumed>) = 1 [pid 765] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 765] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 765] <... futex resumed>) = 1 [pid 765] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 765] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 765] <... futex resumed>) = 1 [pid 765] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 765] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 763] <... futex resumed>) = 0 [pid 765] <... futex resumed>) = 1 [pid 765] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 764 attached [pid 764] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 764] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 764] memfd_create("syzkaller", 0) = 5 [pid 764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 764] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 764] munmap(0x7f9b9c005000, 138412032) = 0 [pid 764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 34.165973][ T761] loop0: detected capacity change from 0 to 256 [ 34.173678][ T761] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 34.184369][ T761] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 34.194629][ T761] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 764] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 764] close(5) = 0 [pid 764] close(6) = 0 [pid 764] mkdir("./file0", 0777) = 0 [pid 764] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 764] chdir("./file0") = 0 [pid 764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 764] ioctl(6, LOOP_CLR_FD) = 0 [pid 764] close(6) = 0 [pid 764] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 764] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 763] exit_group(0) = ? [pid 764] <... futex resumed>) = ? [pid 765] <... futex resumed>) = ? [pid 764] +++ exited with 0 +++ [pid 765] +++ exited with 0 +++ [pid 763] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=763, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./151", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./151/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 umount2("./151/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./151/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/bus") = 0 umount2("./151/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./151/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./151/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 766 ./strace-static-x86_64: Process 766 attached [pid 766] set_robust_list(0x5555720a9760, 24) = 0 [pid 766] chdir("./152") = 0 [pid 766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 766] setpgid(0, 0) = 0 [pid 766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 766] write(3, "1000", 4) = 4 [pid 766] close(3) = 0 [pid 766] symlink("/dev/binderfs", "./binderfs") = 0 [pid 766] write(1, "executing program\n", 18) = 18 [pid 766] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 766] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 766] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[767]}, 88) = 767 [pid 766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 766] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 766] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[768]}, 88) = 768 [pid 766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 766] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 768 attached [pid 768] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 768] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 768] creat("./bus", 000) = 3 [pid 768] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 766] <... futex resumed>) = 0 [pid 766] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 768] <... futex resumed>) = 1 [pid 768] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 768] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 766] <... futex resumed>) = 0 [pid 766] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 768] <... futex resumed>) = 1 [pid 768] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 768] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 766] <... futex resumed>) = 0 [pid 766] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 768] <... futex resumed>) = 1 [pid 768] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 768] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 766] <... futex resumed>) = 0 [pid 768] <... futex resumed>) = 1 [pid 768] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 767 attached [pid 767] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 767] memfd_create("syzkaller", 0) = 5 [pid 767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 767] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 767] munmap(0x7f9b9c005000, 138412032) = 0 [pid 767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 34.229239][ T764] loop0: detected capacity change from 0 to 256 [ 34.237646][ T764] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 34.248357][ T764] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 34.259359][ T764] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 767] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 767] close(5) = 0 [pid 767] close(6) = 0 [pid 767] mkdir("./file0", 0777) = 0 [pid 767] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 767] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 767] chdir("./file0") = 0 [pid 767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 767] ioctl(6, LOOP_CLR_FD) = 0 [pid 767] close(6) = 0 [pid 767] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 767] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 766] exit_group(0) = ? [pid 767] <... futex resumed>) = ? [pid 767] +++ exited with 0 +++ [pid 768] <... futex resumed>) = ? [pid 768] +++ exited with 0 +++ [pid 766] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=766, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./152", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./152/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 umount2("./152/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./152/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/bus") = 0 umount2("./152/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./152/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./152/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 769 ./strace-static-x86_64: Process 769 attached [pid 769] set_robust_list(0x5555720a9760, 24) = 0 [pid 769] chdir("./153") = 0 [pid 769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 769] setpgid(0, 0) = 0 [pid 769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 769] write(3, "1000", 4) = 4 [pid 769] close(3) = 0 [pid 769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 769] write(1, "executing program\n", 18executing program ) = 18 [pid 769] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 769] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 769] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 769] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 770 attached => {parent_tid=[770]}, 88) = 770 [pid 769] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 769] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 770] set_robust_list(0x7f9ba44469a0, 24 [pid 769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 770] <... set_robust_list resumed>) = 0 [pid 769] <... mmap resumed>) = 0x7f9ba4405000 [pid 769] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 770] rt_sigprocmask(SIG_SETMASK, [], [pid 769] <... mprotect resumed>) = 0 [pid 770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 769] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 770] memfd_create("syzkaller", 0 [pid 769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 770] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 771 attached [pid 770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 771] set_robust_list(0x7f9ba44259a0, 24 [pid 769] <... clone3 resumed> => {parent_tid=[771]}, 88) = 771 [pid 771] <... set_robust_list resumed>) = 0 [pid 770] <... mmap resumed>) = 0x7f9b9c005000 [pid 769] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 769] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 771] creat("./bus", 000) = 4 [pid 771] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 771] <... futex resumed>) = 1 [pid 771] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 771] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 771] <... futex resumed>) = 1 [pid 771] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 771] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 771] <... futex resumed>) = 1 [pid 771] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 771] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] <... futex resumed>) = 0 [pid 771] <... futex resumed>) = 1 [pid 771] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 770] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 770] munmap(0x7f9b9c005000, 138412032) = 0 [pid 770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 34.309997][ T767] loop0: detected capacity change from 0 to 256 [ 34.318311][ T767] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 34.329047][ T767] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 34.339373][ T767] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 770] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 770] close(3) = 0 [pid 770] close(6) = 0 [pid 770] mkdir("./file0", 0777) = 0 [pid 770] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 770] chdir("./file0") = 0 [pid 770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 770] ioctl(6, LOOP_CLR_FD) = 0 [pid 770] close(6) = 0 [pid 770] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 770] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 769] exit_group(0 [pid 771] <... futex resumed>) = ? [pid 769] <... exit_group resumed>) = ? [pid 771] +++ exited with 0 +++ [pid 770] <... futex resumed>) = ? [pid 770] +++ exited with 0 +++ [pid 769] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=769, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./153", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./153/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 umount2("./153/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./153/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/bus") = 0 umount2("./153/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./153/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./153/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 772 ./strace-static-x86_64: Process 772 attached [pid 772] set_robust_list(0x5555720a9760, 24) = 0 [pid 772] chdir("./154") = 0 [pid 772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 772] setpgid(0, 0) = 0 [pid 772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 772] write(3, "1000", 4) = 4 [pid 772] close(3) = 0 [pid 772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 772] write(1, "executing program\n", 18executing program ) = 18 [pid 772] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 772] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 772] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 772] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 773 attached => {parent_tid=[773]}, 88) = 773 [pid 773] set_robust_list(0x7f9ba44469a0, 24 [pid 772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 772] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 773] <... set_robust_list resumed>) = 0 [pid 772] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 773] rt_sigprocmask(SIG_SETMASK, [], [pid 772] rt_sigprocmask(SIG_BLOCK, ~[], [pid 773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 773] memfd_create("syzkaller", 0) = 3 [pid 773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 772] <... rt_sigprocmask resumed>[], 8) = 0 [pid 772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 774 attached [pid 774] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 774] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 772] <... clone3 resumed> => {parent_tid=[774]}, 88) = 774 [pid 772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 773] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 772] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 774] <... futex resumed>) = 0 [pid 774] creat("./bus", 000) = 4 [pid 772] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 774] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 774] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 773] <... write resumed>) = 131072 [pid 774] <... mount resumed>) = 0 [pid 773] munmap(0x7f9b9c005000, 138412032 [pid 774] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 772] <... futex resumed>) = 0 [ 34.383820][ T770] loop0: detected capacity change from 0 to 256 [ 34.394622][ T770] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 34.405364][ T770] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 34.416600][ T770] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 772] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 774] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 774] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 774] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 774] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 772] <... futex resumed>) = 0 [pid 774] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 773] <... munmap resumed>) = 0 [pid 773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 773] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 773] close(3) = 0 [pid 773] close(6) = 0 [pid 773] mkdir("./file0", 0777) = 0 [pid 773] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 773] chdir("./file0") = 0 [pid 773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 773] ioctl(6, LOOP_CLR_FD) = 0 [pid 773] close(6) = 0 [pid 773] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 773] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 772] exit_group(0 [pid 774] <... futex resumed>) = ? [pid 772] <... exit_group resumed>) = ? [pid 774] +++ exited with 0 +++ [pid 773] <... futex resumed>) = ? [pid 773] +++ exited with 0 +++ [pid 772] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=772, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./154", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./154/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/binderfs") = 0 umount2("./154/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./154/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/bus") = 0 umount2("./154/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./154/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./154/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 775 ./strace-static-x86_64: Process 775 attached [pid 775] set_robust_list(0x5555720a9760, 24) = 0 executing program [pid 775] chdir("./155") = 0 [pid 775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 775] setpgid(0, 0) = 0 [pid 775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 775] write(3, "1000", 4) = 4 [pid 775] close(3) = 0 [pid 775] symlink("/dev/binderfs", "./binderfs") = 0 [pid 775] write(1, "executing program\n", 18) = 18 [pid 775] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 775] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 775] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 775] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[776]}, 88) = 776 ./strace-static-x86_64: Process 776 attached [pid 775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 775] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 775] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 775] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[777]}, 88) = 777 [pid 775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 775] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 776] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 776] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 777 attached [pid 776] memfd_create("syzkaller", 0) = 3 [pid 776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 777] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 777] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 777] creat("./bus", 000 [pid 776] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 777] <... creat resumed>) = 4 [pid 776] munmap(0x7f9b9c005000, 138412032 [pid 777] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 776] <... munmap resumed>) = 0 [pid 775] <... futex resumed>) = 0 [pid 777] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 776] ioctl(5, LOOP_SET_FD, 3 [pid 777] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 775] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 34.466122][ T773] loop0: detected capacity change from 0 to 256 [ 34.473651][ T773] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 34.484218][ T773] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 34.493928][ T773] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 775] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 777] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 777] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 777] <... futex resumed>) = 1 [pid 777] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 777] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 777] <... futex resumed>) = 1 [pid 777] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 777] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 776] <... ioctl resumed>) = 0 [pid 776] close(3) = 0 [pid 776] close(5 [pid 777] <... futex resumed>) = 1 [pid 776] <... close resumed>) = 0 [pid 775] <... futex resumed>) = 0 [pid 777] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 776] mkdir("./file0", 0777) = 0 [pid 776] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 776] chdir("./file0") = 0 [pid 776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 776] ioctl(5, LOOP_CLR_FD) = 0 [pid 776] close(5) = 0 [pid 776] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 776] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 775] exit_group(0 [pid 777] <... futex resumed>) = ? [pid 775] <... exit_group resumed>) = ? [pid 777] +++ exited with 0 +++ [pid 776] <... futex resumed>) = ? [pid 776] +++ exited with 0 +++ [pid 775] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=775, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./155", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./155/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/binderfs") = 0 umount2("./155/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./155/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/bus") = 0 umount2("./155/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./155/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./155/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 778 ./strace-static-x86_64: Process 778 attached [pid 778] set_robust_list(0x5555720a9760, 24) = 0 [pid 778] chdir("./156") = 0 [pid 778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 778] setpgid(0, 0) = 0 [pid 778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 778] write(3, "1000", 4) = 4 [pid 778] close(3) = 0 [pid 778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 778] write(1, "executing program\n", 18) = 18 [pid 778] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 778] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 778] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[779]}, 88) = 779 [pid 778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 778] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 778] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[780]}, 88) = 780 [pid 778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 778] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 780 attached [pid 780] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 780] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 780] creat("./bus", 000) = 3 [pid 780] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 780] <... futex resumed>) = 1 [pid 780] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 780] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 780] <... futex resumed>) = 1 [pid 780] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 780] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 780] <... futex resumed>) = 1 [pid 780] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 780] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 780] <... futex resumed>) = 1 [pid 780] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 779 attached [pid 779] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 779] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 779] memfd_create("syzkaller", 0) = 5 [pid 779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 779] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 779] munmap(0x7f9b9c005000, 138412032) = 0 [pid 779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 34.531572][ T776] loop0: detected capacity change from 0 to 256 [ 34.540351][ T776] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 34.551075][ T776] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 34.561682][ T776] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 779] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 779] close(5) = 0 [pid 779] close(6) = 0 [pid 779] mkdir("./file0", 0777) = 0 [pid 779] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 779] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 779] chdir("./file0") = 0 [pid 779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 779] ioctl(6, LOOP_CLR_FD) = 0 [pid 779] close(6) = 0 [pid 779] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 779] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 778] exit_group(0 [pid 780] <... futex resumed>) = ? [pid 778] <... exit_group resumed>) = ? [pid 780] +++ exited with 0 +++ [pid 779] <... futex resumed>) = ? [pid 779] +++ exited with 0 +++ [pid 778] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=778, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./156", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./156/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/binderfs") = 0 umount2("./156/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./156/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/bus") = 0 umount2("./156/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./156/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./156/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 781 ./strace-static-x86_64: Process 781 attached [pid 781] set_robust_list(0x5555720a9760, 24) = 0 [pid 781] chdir("./157") = 0 [pid 781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 781] setpgid(0, 0) = 0 [pid 781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 781] write(3, "1000", 4) = 4 [pid 781] close(3) = 0 [pid 781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 781] write(1, "executing program\n", 18) = 18 [pid 781] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 781] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 781] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[782]}, 88) = 782 [pid 781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 781] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 781] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[783]}, 88) = 783 [pid 781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 781] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 783 attached [pid 783] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 783] creat("./bus", 000) = 3 [pid 783] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 783] <... futex resumed>) = 1 [pid 783] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 783] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 783] <... futex resumed>) = 1 [pid 783] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 783] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 783] <... futex resumed>) = 1 [pid 783] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 783] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 781] <... futex resumed>) = 0 [pid 783] <... futex resumed>) = 1 [pid 783] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 782 attached [pid 782] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 782] memfd_create("syzkaller", 0) = 5 [pid 782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 782] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 782] munmap(0x7f9b9c005000, 138412032) = 0 [pid 782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 34.597588][ T779] loop0: detected capacity change from 0 to 256 [ 34.605300][ T779] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 34.616042][ T779] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 34.626837][ T779] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 782] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 782] close(5) = 0 [pid 782] close(6) = 0 [pid 782] mkdir("./file0", 0777) = 0 [pid 782] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 782] chdir("./file0") = 0 [pid 782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 782] ioctl(6, LOOP_CLR_FD) = 0 [pid 782] close(6) = 0 [pid 782] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 782] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 781] exit_group(0 [pid 783] <... futex resumed>) = ? [pid 781] <... exit_group resumed>) = ? [pid 783] +++ exited with 0 +++ [pid 782] <... futex resumed>) = ? [pid 782] +++ exited with 0 +++ [pid 781] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=781, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./157", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./157/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/binderfs") = 0 umount2("./157/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./157/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/bus") = 0 umount2("./157/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./157/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./157/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 784 ./strace-static-x86_64: Process 784 attached [pid 784] set_robust_list(0x5555720a9760, 24) = 0 [pid 784] chdir("./158") = 0 [pid 784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 784] setpgid(0, 0) = 0 [pid 784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 784] write(3, "1000", 4) = 4 [pid 784] close(3) = 0 [pid 784] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 784] write(1, "executing program\n", 18) = 18 [pid 784] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 784] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 784] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 784] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[785]}, 88) = 785 [pid 784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 784] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 784] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 784] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[786]}, 88) = 786 [pid 784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 784] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 786 attached [pid 786] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 786] creat("./bus", 000) = 3 [pid 786] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 786] <... futex resumed>) = 1 [pid 786] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 786] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 786] <... futex resumed>) = 1 [pid 786] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 786] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 786] <... futex resumed>) = 1 [pid 786] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 786] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] <... futex resumed>) = 0 [pid 786] <... futex resumed>) = 1 [pid 786] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 785 attached [pid 785] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 785] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 785] memfd_create("syzkaller", 0) = 5 [pid 785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 785] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 785] munmap(0x7f9b9c005000, 138412032) = 0 [pid 785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 34.668827][ T782] loop0: detected capacity change from 0 to 256 [ 34.676345][ T782] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 34.686897][ T782] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 34.697011][ T782] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 785] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 785] close(5) = 0 [pid 785] close(6) = 0 [pid 785] mkdir("./file0", 0777) = 0 [pid 785] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 785] chdir("./file0") = 0 [pid 785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 785] ioctl(6, LOOP_CLR_FD) = 0 [pid 785] close(6) = 0 [pid 785] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 785] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 784] exit_group(0 [pid 786] <... futex resumed>) = ? [pid 784] <... exit_group resumed>) = ? [pid 786] +++ exited with 0 +++ [pid 785] <... futex resumed>) = ? [pid 785] +++ exited with 0 +++ [pid 784] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=784, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./158/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/binderfs") = 0 umount2("./158/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./158/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/bus") = 0 umount2("./158/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./158/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./158/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 787 ./strace-static-x86_64: Process 787 attached [pid 787] set_robust_list(0x5555720a9760, 24) = 0 [pid 787] chdir("./159") = 0 [pid 787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 787] setpgid(0, 0) = 0 [pid 787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 787] write(3, "1000", 4) = 4 [pid 787] close(3) = 0 [pid 787] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 787] write(1, "executing program\n", 18) = 18 [pid 787] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 787] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 787] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 787] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 787] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[788]}, 88) = 788 [pid 787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 787] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 787] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 787] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 787] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[789]}, 88) = 789 [pid 787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 787] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 789 attached [pid 789] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 789] creat("./bus", 000) = 3 [pid 789] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 789] <... futex resumed>) = 1 [pid 789] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 789] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 789] <... futex resumed>) = 1 [pid 789] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 789] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 789] <... futex resumed>) = 1 [pid 789] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 789] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = 0 [pid 789] <... futex resumed>) = 1 [pid 789] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 788 attached [pid 788] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 788] memfd_create("syzkaller", 0) = 5 [pid 788] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 788] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 788] munmap(0x7f9b9c005000, 138412032) = 0 [pid 788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 34.734932][ T785] loop0: detected capacity change from 0 to 256 [ 34.744184][ T785] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 34.754665][ T785] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 34.765301][ T785] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 788] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 788] close(5) = 0 [pid 788] close(6) = 0 [pid 788] mkdir("./file0", 0777) = 0 [pid 788] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 788] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 788] chdir("./file0") = 0 [pid 788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 788] ioctl(6, LOOP_CLR_FD) = 0 [pid 788] close(6) = 0 [pid 788] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 788] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] exit_group(0 [pid 789] <... futex resumed>) = ? [pid 787] <... exit_group resumed>) = ? [pid 789] +++ exited with 0 +++ [pid 788] <... futex resumed>) = ? [pid 788] +++ exited with 0 +++ [pid 787] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=787, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./159", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./159/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/binderfs") = 0 umount2("./159/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./159/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/bus") = 0 umount2("./159/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./159/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./159/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 791 ./strace-static-x86_64: Process 791 attached [pid 791] set_robust_list(0x5555720a9760, 24) = 0 [pid 791] chdir("./160") = 0 [pid 791] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 791] setpgid(0, 0) = 0 [pid 791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 791] write(3, "1000", 4) = 4 [pid 791] close(3) = 0 [pid 791] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 791] write(1, "executing program\n", 18) = 18 [pid 791] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 791] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 791] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 791] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 791] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 791] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[792]}, 88) = 792 [pid 791] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 791] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 791] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 791] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 791] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 791] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[793]}, 88) = 793 [pid 791] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 791] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 791] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 793 attached [pid 793] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 793] creat("./bus", 000) = 3 [pid 793] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 791] <... futex resumed>) = 0 [pid 791] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 791] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 793] <... futex resumed>) = 1 [pid 793] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 793] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 791] <... futex resumed>) = 0 [pid 791] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 791] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 793] <... futex resumed>) = 1 [pid 793] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 793] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 791] <... futex resumed>) = 0 [pid 791] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 791] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 793] <... futex resumed>) = 1 [pid 793] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 793] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 791] <... futex resumed>) = 0 [pid 793] <... futex resumed>) = 1 [pid 793] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 792 attached [pid 792] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 792] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 792] memfd_create("syzkaller", 0) = 5 [pid 792] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 792] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 792] munmap(0x7f9b9c005000, 138412032) = 0 [pid 792] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 34.814581][ T788] loop0: detected capacity change from 0 to 256 [ 34.823593][ T788] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 34.834351][ T788] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 34.845148][ T788] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 792] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 792] close(5) = 0 [pid 792] close(6) = 0 [pid 792] mkdir("./file0", 0777) = 0 [pid 792] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 792] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 792] chdir("./file0") = 0 [pid 792] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 792] ioctl(6, LOOP_CLR_FD) = 0 [pid 792] close(6) = 0 [pid 792] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 792] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 791] exit_group(0 [pid 793] <... futex resumed>) = ? [pid 791] <... exit_group resumed>) = ? [pid 793] +++ exited with 0 +++ [pid 792] <... futex resumed>) = ? [pid 792] +++ exited with 0 +++ [pid 791] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=791, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./160", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./160/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/binderfs") = 0 umount2("./160/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./160/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/bus") = 0 umount2("./160/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./160/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./160/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 794 ./strace-static-x86_64: Process 794 attached [pid 794] set_robust_list(0x5555720a9760, 24) = 0 [pid 794] chdir("./161") = 0 [pid 794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 794] setpgid(0, 0) = 0 [pid 794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 794] write(3, "1000", 4) = 4 [pid 794] close(3) = 0 [pid 794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 794] write(1, "executing program\n", 18) = 18 [pid 794] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 794] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 794] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 794] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[795]}, 88) = 795 [pid 794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 794] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 794] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 794] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[796]}, 88) = 796 [pid 794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 794] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 794] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 796 attached [pid 796] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 796] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 796] creat("./bus", 000) = 3 [pid 796] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 794] <... futex resumed>) = 0 [pid 794] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 794] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 796] <... futex resumed>) = 1 [pid 796] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 796] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 794] <... futex resumed>) = 0 [pid 794] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 794] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 796] <... futex resumed>) = 1 [pid 796] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 796] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 794] <... futex resumed>) = 0 [pid 794] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 794] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 796] <... futex resumed>) = 1 [pid 796] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 796] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 794] <... futex resumed>) = 0 [pid 796] <... futex resumed>) = 1 [pid 796] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 795 attached [pid 795] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 795] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 795] memfd_create("syzkaller", 0) = 5 [pid 795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 795] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 795] munmap(0x7f9b9c005000, 138412032) = 0 [pid 795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 34.880369][ T792] loop0: detected capacity change from 0 to 256 [ 34.888447][ T792] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 34.899097][ T792] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 34.909773][ T792] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 795] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 795] close(5) = 0 [pid 795] close(6) = 0 [pid 795] mkdir("./file0", 0777) = 0 [pid 795] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 795] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 795] chdir("./file0") = 0 [pid 795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 795] ioctl(6, LOOP_CLR_FD) = 0 [pid 795] close(6) = 0 [pid 795] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 795] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 794] exit_group(0 [pid 796] <... futex resumed>) = ? [pid 794] <... exit_group resumed>) = ? [pid 796] +++ exited with 0 +++ [pid 795] <... futex resumed>) = ? [pid 795] +++ exited with 0 +++ [pid 794] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=794, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./161", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./161/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/binderfs") = 0 umount2("./161/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./161/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/bus") = 0 umount2("./161/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./161/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./161/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 797 ./strace-static-x86_64: Process 797 attached [pid 797] set_robust_list(0x5555720a9760, 24) = 0 [pid 797] chdir("./162") = 0 [pid 797] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 797] setpgid(0, 0) = 0 [pid 797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 797] write(3, "1000", 4) = 4 [pid 797] close(3) = 0 [pid 797] symlink("/dev/binderfs", "./binderfs") = 0 [pid 797] write(1, "executing program\n", 18) = 18 [pid 797] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 797] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 797] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 797] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 797] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 797] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[798]}, 88) = 798 [pid 797] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 797] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 797] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 797] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 797] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 797] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[799]}, 88) = 799 [pid 797] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 797] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 797] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 799 attached [pid 799] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 799] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 799] creat("./bus", 000) = 3 [pid 799] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] <... futex resumed>) = 0 [pid 797] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 797] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 799] <... futex resumed>) = 1 [pid 799] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 799] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] <... futex resumed>) = 0 [pid 797] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 797] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 799] <... futex resumed>) = 1 [pid 799] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 799] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] <... futex resumed>) = 0 [pid 797] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 797] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 799] <... futex resumed>) = 1 [pid 799] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 799] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 797] <... futex resumed>) = 0 [pid 799] <... futex resumed>) = 1 [pid 799] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 798 attached [pid 798] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 798] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 798] memfd_create("syzkaller", 0) = 5 [pid 798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 798] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 798] munmap(0x7f9b9c005000, 138412032) = 0 [pid 798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 34.944653][ T795] loop0: detected capacity change from 0 to 256 [ 34.952190][ T795] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 34.962743][ T795] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 34.972745][ T795] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 798] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 798] close(5) = 0 [pid 798] close(6) = 0 [pid 798] mkdir("./file0", 0777) = 0 [pid 798] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 798] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 798] chdir("./file0") = 0 [pid 798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 798] ioctl(6, LOOP_CLR_FD) = 0 [pid 798] close(6) = 0 [pid 798] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 798] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 797] exit_group(0 [pid 799] <... futex resumed>) = ? [pid 797] <... exit_group resumed>) = ? [pid 799] +++ exited with 0 +++ [pid 798] <... futex resumed>) = ? [pid 798] +++ exited with 0 +++ [pid 797] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=797, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./162", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./162/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/binderfs") = 0 umount2("./162/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./162/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/bus") = 0 umount2("./162/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./162/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./162/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 800 ./strace-static-x86_64: Process 800 attached [pid 800] set_robust_list(0x5555720a9760, 24) = 0 [pid 800] chdir("./163") = 0 [pid 800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 800] setpgid(0, 0) = 0 [pid 800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 800] write(3, "1000", 4) = 4 [pid 800] close(3) = 0 [pid 800] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 800] write(1, "executing program\n", 18) = 18 [pid 800] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 800] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 800] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 800] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 800] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 800] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 800] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[801]}, 88) = 801 [pid 800] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 800] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 800] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 800] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 800] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 800] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 800] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[802]}, 88) = 802 [pid 800] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 800] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 800] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 802 attached [pid 802] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 802] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 802] creat("./bus", 000) = 3 [pid 802] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 800] <... futex resumed>) = 0 [pid 800] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 800] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 802] <... futex resumed>) = 1 [pid 802] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 802] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 800] <... futex resumed>) = 0 [pid 800] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 800] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 802] <... futex resumed>) = 1 [pid 802] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 802] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 800] <... futex resumed>) = 0 [pid 800] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 800] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 802] <... futex resumed>) = 1 [pid 802] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 802] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 800] <... futex resumed>) = 0 [pid 802] <... futex resumed>) = 1 [pid 802] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 801 attached [pid 801] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 801] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 801] memfd_create("syzkaller", 0) = 5 [pid 801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 801] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 801] munmap(0x7f9b9c005000, 138412032) = 0 [pid 801] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 35.011344][ T798] loop0: detected capacity change from 0 to 256 [ 35.018805][ T798] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.029400][ T798] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 35.040076][ T798] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 801] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 801] close(5) = 0 [pid 801] close(6) = 0 [pid 801] mkdir("./file0", 0777) = 0 [pid 801] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 801] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 801] chdir("./file0") = 0 [pid 801] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 801] ioctl(6, LOOP_CLR_FD) = 0 [pid 801] close(6) = 0 [pid 801] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 801] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 800] exit_group(0 [pid 802] <... futex resumed>) = ? [pid 800] <... exit_group resumed>) = ? [pid 802] +++ exited with 0 +++ [pid 801] <... futex resumed>) = ? [pid 801] +++ exited with 0 +++ [pid 800] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=800, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./163", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./163/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/binderfs") = 0 umount2("./163/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./163/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/bus") = 0 umount2("./163/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./163/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./163/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 803 ./strace-static-x86_64: Process 803 attached [pid 803] set_robust_list(0x5555720a9760, 24) = 0 [pid 803] chdir("./164") = 0 [pid 803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 803] setpgid(0, 0) = 0 [pid 803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 803] write(3, "1000", 4) = 4 [pid 803] close(3) = 0 [pid 803] symlink("/dev/binderfs", "./binderfs") = 0 [pid 803] write(1, "executing program\n", 18executing program ) = 18 [pid 803] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 803] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 803] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 803] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[804]}, 88) = 804 [pid 803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 803] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 803] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 803] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 803] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[805]}, 88) = 805 [pid 803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 803] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 805 attached [pid 805] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 805] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 805] creat("./bus", 000) = 3 [pid 805] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 803] <... futex resumed>) = 0 [pid 803] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 805] <... futex resumed>) = 1 [pid 805] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 805] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 803] <... futex resumed>) = 0 [pid 803] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 805] <... futex resumed>) = 1 [pid 805] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 805] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 803] <... futex resumed>) = 0 [pid 803] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 805] <... futex resumed>) = 1 [pid 805] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 805] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 803] <... futex resumed>) = 0 [pid 805] <... futex resumed>) = 1 [pid 805] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 804 attached [pid 804] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 804] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 804] memfd_create("syzkaller", 0) = 5 [pid 804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 804] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 804] munmap(0x7f9b9c005000, 138412032) = 0 [pid 804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 35.078001][ T801] loop0: detected capacity change from 0 to 256 [ 35.086142][ T801] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.096626][ T801] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 35.106746][ T801] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 804] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 804] close(5) = 0 [pid 804] close(6) = 0 [pid 804] mkdir("./file0", 0777) = 0 [pid 804] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 804] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 804] chdir("./file0") = 0 [pid 804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 804] ioctl(6, LOOP_CLR_FD) = 0 [pid 804] close(6) = 0 [pid 804] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 804] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 803] exit_group(0 [pid 805] <... futex resumed>) = ? [pid 803] <... exit_group resumed>) = ? [pid 805] +++ exited with 0 +++ [pid 804] <... futex resumed>) = ? [pid 804] +++ exited with 0 +++ [pid 803] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=803, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./164", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./164/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/binderfs") = 0 umount2("./164/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./164/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/bus") = 0 umount2("./164/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./164/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./164/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 806 ./strace-static-x86_64: Process 806 attached [pid 806] set_robust_list(0x5555720a9760, 24) = 0 [pid 806] chdir("./165") = 0 [pid 806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 806] setpgid(0, 0) = 0 [pid 806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 806] write(3, "1000", 4) = 4 [pid 806] close(3) = 0 [pid 806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 806] write(1, "executing program\n", 18) = 18 [pid 806] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 806] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 806] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 806] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 806] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 806] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[807]}, 88) = 807 [pid 806] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 806] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 806] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 806] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 806] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 806] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[808]}, 88) = 808 [pid 806] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 806] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 806] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 808 attached [pid 808] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 808] creat("./bus", 000) = 3 [pid 808] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 806] <... futex resumed>) = 0 [pid 806] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 806] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 808] <... futex resumed>) = 1 [pid 808] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 808] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 806] <... futex resumed>) = 0 [pid 806] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 806] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 808] <... futex resumed>) = 1 [pid 808] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 808] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 806] <... futex resumed>) = 0 [pid 806] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 806] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 808] <... futex resumed>) = 1 [pid 808] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 808] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 806] <... futex resumed>) = 0 [pid 808] <... futex resumed>) = 1 [pid 808] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 807 attached [pid 807] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 807] memfd_create("syzkaller", 0) = 5 [pid 807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 807] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 35.143937][ T804] loop0: detected capacity change from 0 to 256 [ 35.152058][ T804] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.162720][ T804] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 35.173185][ T804] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 807] munmap(0x7f9b9c005000, 138412032) = 0 [pid 807] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 807] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 807] close(5) = 0 [pid 807] close(6) = 0 [pid 807] mkdir("./file0", 0777) = 0 [pid 807] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 807] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 807] chdir("./file0") = 0 [pid 807] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 807] ioctl(6, LOOP_CLR_FD) = 0 [pid 807] close(6) = 0 [pid 807] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 807] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 806] exit_group(0 [pid 808] <... futex resumed>) = ? [pid 806] <... exit_group resumed>) = ? [pid 808] +++ exited with 0 +++ [pid 807] <... futex resumed>) = ? [pid 807] +++ exited with 0 +++ [pid 806] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=806, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./165", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./165/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/binderfs") = 0 umount2("./165/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./165/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/bus") = 0 umount2("./165/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./165/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./165/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 809 ./strace-static-x86_64: Process 809 attached [pid 809] set_robust_list(0x5555720a9760, 24) = 0 [pid 809] chdir("./166") = 0 [pid 809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 809] setpgid(0, 0) = 0 [pid 809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 809] write(3, "1000", 4) = 4 [pid 809] close(3) = 0 [pid 809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 809] write(1, "executing program\n", 18) = 18 [pid 809] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 809] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 809] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[810]}, 88) = 810 [pid 809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 809] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 809] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[811]}, 88) = 811 [pid 809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 809] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 811 attached [pid 811] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 811] creat("./bus", 000) = 3 [pid 811] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... futex resumed>) = 0 [pid 809] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 811] <... futex resumed>) = 1 [pid 811] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 811] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... futex resumed>) = 0 [pid 809] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 811] <... futex resumed>) = 1 [pid 811] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 811] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... futex resumed>) = 0 [pid 809] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 811] <... futex resumed>) = 1 [pid 811] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 811] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... futex resumed>) = 0 [pid 811] <... futex resumed>) = 1 [pid 811] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 810 attached [pid 810] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 810] memfd_create("syzkaller", 0) = 5 [pid 810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 810] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 810] munmap(0x7f9b9c005000, 138412032) = 0 [pid 810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 35.209112][ T807] loop0: detected capacity change from 0 to 256 [ 35.217889][ T807] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.228521][ T807] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 35.239243][ T807] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 810] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 810] close(5) = 0 [pid 810] close(6) = 0 [pid 810] mkdir("./file0", 0777) = 0 [pid 810] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 810] chdir("./file0") = 0 [pid 810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 810] ioctl(6, LOOP_CLR_FD) = 0 [pid 810] close(6) = 0 [pid 810] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 810] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 809] exit_group(0) = ? [pid 810] <... futex resumed>) = ? [pid 810] +++ exited with 0 +++ [pid 811] <... futex resumed>) = ? [pid 811] +++ exited with 0 +++ [pid 809] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=809, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./166", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./166/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/binderfs") = 0 umount2("./166/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./166/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/bus") = 0 umount2("./166/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./166/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./166/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 812 ./strace-static-x86_64: Process 812 attached [pid 812] set_robust_list(0x5555720a9760, 24) = 0 [pid 812] chdir("./167") = 0 [pid 812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 812] setpgid(0, 0) = 0 [pid 812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 812] write(3, "1000", 4) = 4 [pid 812] close(3) = 0 [pid 812] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 812] write(1, "executing program\n", 18) = 18 [pid 812] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 812] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 812] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 812] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 813 attached => {parent_tid=[813]}, 88) = 813 [pid 812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 812] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 812] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 812] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 812] rt_sigprocmask(SIG_BLOCK, ~[], [pid 813] set_robust_list(0x7f9ba44469a0, 24 [pid 812] <... rt_sigprocmask resumed>[], 8) = 0 [pid 812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[814]}, 88) = 814 [pid 812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 812] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 812] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 813] <... set_robust_list resumed>) = 0 [pid 813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 814 attached [pid 813] memfd_create("syzkaller", 0) = 3 [pid 813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 814] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 814] creat("./bus", 000) = 4 [pid 813] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 814] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 812] <... futex resumed>) = 0 [pid 812] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 812] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 814] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 813] <... write resumed>) = 131072 [pid 813] munmap(0x7f9b9c005000, 138412032) = 0 [pid 813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 813] ioctl(5, LOOP_SET_FD, 3 [pid 814] <... mount resumed>) = 0 [ 35.277507][ T810] loop0: detected capacity change from 0 to 256 [ 35.285116][ T810] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.295760][ T810] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 35.306288][ T810] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 814] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 814] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 812] <... futex resumed>) = 0 [pid 812] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 812] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 814] <... futex resumed>) = 0 [pid 814] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 814] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 812] <... futex resumed>) = 0 [pid 812] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 812] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 814] <... futex resumed>) = 1 [pid 814] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 814] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 812] <... futex resumed>) = 0 [pid 814] <... futex resumed>) = 1 [pid 814] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 813] <... ioctl resumed>) = 0 [pid 813] close(3) = 0 [pid 813] close(5) = 0 [pid 813] mkdir("./file0", 0777) = 0 [pid 813] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 813] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 813] chdir("./file0") = 0 [pid 813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 813] ioctl(5, LOOP_CLR_FD) = 0 [pid 813] close(5) = 0 [pid 813] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 813] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 812] exit_group(0 [pid 814] <... futex resumed>) = ? [pid 812] <... exit_group resumed>) = ? [pid 814] +++ exited with 0 +++ [pid 813] <... futex resumed>) = ? [pid 813] +++ exited with 0 +++ [pid 812] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=812, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./167/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/binderfs") = 0 umount2("./167/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./167/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/bus") = 0 umount2("./167/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./167/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./167/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 815 ./strace-static-x86_64: Process 815 attached [pid 815] set_robust_list(0x5555720a9760, 24) = 0 [pid 815] chdir("./168") = 0 [pid 815] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 815] setpgid(0, 0) = 0 [pid 815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 815] write(3, "1000", 4) = 4 [pid 815] close(3) = 0 [pid 815] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 815] write(1, "executing program\n", 18) = 18 [pid 815] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 815] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 815] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 815] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 815] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 815] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[816]}, 88) = 816 [pid 815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 815] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 815] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 815] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 815] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 815] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[817]}, 88) = 817 [pid 815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 815] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 815] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 817 attached [pid 817] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 817] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 817] creat("./bus", 000) = 3 [pid 817] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] <... futex resumed>) = 0 [pid 815] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 815] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 817] <... futex resumed>) = 1 [pid 817] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 817] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] <... futex resumed>) = 0 [pid 815] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 815] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 817] <... futex resumed>) = 1 [pid 817] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 817] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] <... futex resumed>) = 0 [pid 815] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 815] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 817] <... futex resumed>) = 1 [pid 817] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 817] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] <... futex resumed>) = 0 [pid 817] <... futex resumed>) = 1 [pid 817] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 816 attached [pid 816] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 816] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 816] memfd_create("syzkaller", 0) = 5 [pid 816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 816] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 816] munmap(0x7f9b9c005000, 138412032) = 0 [pid 816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 35.342079][ T813] loop0: detected capacity change from 0 to 256 [ 35.349798][ T813] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.360324][ T813] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 35.370612][ T813] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 816] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 816] close(5) = 0 [pid 816] close(6) = 0 [pid 816] mkdir("./file0", 0777) = 0 [pid 816] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 816] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 816] chdir("./file0") = 0 [pid 816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 816] ioctl(6, LOOP_CLR_FD) = 0 [pid 816] close(6) = 0 [pid 816] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 816] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 815] exit_group(0 [pid 817] <... futex resumed>) = ? [pid 815] <... exit_group resumed>) = ? [pid 817] +++ exited with 0 +++ [pid 816] <... futex resumed>) = ? [pid 816] +++ exited with 0 +++ [pid 815] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=815, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./168", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./168/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/binderfs") = 0 umount2("./168/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./168/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/bus") = 0 umount2("./168/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./168/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./168/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 818 ./strace-static-x86_64: Process 818 attached [pid 818] set_robust_list(0x5555720a9760, 24) = 0 executing program [pid 818] chdir("./169") = 0 [pid 818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 818] setpgid(0, 0) = 0 [pid 818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 818] write(3, "1000", 4) = 4 [pid 818] close(3) = 0 [pid 818] symlink("/dev/binderfs", "./binderfs") = 0 [pid 818] write(1, "executing program\n", 18) = 18 [pid 818] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 818] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 818] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 818] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 818] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 818] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[819]}, 88) = 819 ./strace-static-x86_64: Process 819 attached [pid 818] rt_sigprocmask(SIG_SETMASK, [], [pid 819] set_robust_list(0x7f9ba44469a0, 24 [pid 818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 818] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 818] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 818] rt_sigprocmask(SIG_BLOCK, ~[], [pid 819] <... set_robust_list resumed>) = 0 [pid 818] <... rt_sigprocmask resumed>[], 8) = 0 [pid 818] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 819] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 820 attached [pid 818] <... clone3 resumed> => {parent_tid=[820]}, 88) = 820 [pid 820] set_robust_list(0x7f9ba44259a0, 24 [pid 819] memfd_create("syzkaller", 0 [pid 818] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 818] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 820] <... set_robust_list resumed>) = 0 [pid 819] <... memfd_create resumed>) = 3 [pid 819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 820] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 820] creat("./bus", 000) = 4 [pid 820] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 818] <... futex resumed>) = 0 [pid 818] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 820] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 819] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 820] <... mount resumed>) = 0 [pid 820] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 818] <... futex resumed>) = 0 [pid 820] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 818] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 820] <... open resumed>) = 5 [pid 820] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 818] <... futex resumed>) = 0 [pid 818] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 820] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 818] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 820] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 820] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 818] <... futex resumed>) = 0 [pid 820] <... futex resumed>) = 1 [pid 820] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 819] <... write resumed>) = 131072 [pid 819] munmap(0x7f9b9c005000, 138412032) = 0 [pid 819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 35.410113][ T816] loop0: detected capacity change from 0 to 256 [ 35.417718][ T816] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.428376][ T816] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 35.438980][ T816] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 819] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 819] close(3) = 0 [pid 819] close(6) = 0 [pid 819] mkdir("./file0", 0777) = 0 [ 35.478605][ T819] loop0: detected capacity change from 0 to 256 [ 35.497314][ T819] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.507897][ T819] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [pid 819] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 819] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 819] chdir("./file0") = 0 [pid 819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 819] ioctl(6, LOOP_CLR_FD) = 0 [pid 819] close(6) = 0 [pid 819] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 819] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 818] exit_group(0 [pid 820] <... futex resumed>) = ? [pid 818] <... exit_group resumed>) = ? [pid 820] +++ exited with 0 +++ [pid 819] <... futex resumed>) = ? [pid 819] +++ exited with 0 +++ [pid 818] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=818, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./169", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./169/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/binderfs") = 0 umount2("./169/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./169/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/bus") = 0 umount2("./169/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./169/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./169/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 821 ./strace-static-x86_64: Process 821 attached [pid 821] set_robust_list(0x5555720a9760, 24) = 0 [pid 821] chdir("./170") = 0 [pid 821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 821] setpgid(0, 0) = 0 [pid 821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 821] write(3, "1000", 4) = 4 [pid 821] close(3) = 0 [pid 821] symlink("/dev/binderfs", "./binderfs") = 0 [pid 821] write(1, "executing program\n", 18) = 18 [pid 821] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 821] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 821] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 821] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 821] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[822]}, 88) = 822 [pid 821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 821] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 821] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 821] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 821] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[823]}, 88) = 823 [pid 821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 821] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 823 attached [pid 823] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 823] creat("./bus", 000) = 3 [pid 823] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 821] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 823] <... futex resumed>) = 1 [pid 823] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 823] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 821] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 823] <... futex resumed>) = 1 [pid 823] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 823] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 821] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 823] <... futex resumed>) = 1 [pid 823] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 823] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 823] <... futex resumed>) = 1 [pid 823] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 822 attached [pid 822] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 822] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 822] memfd_create("syzkaller", 0) = 5 [pid 822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 822] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 822] munmap(0x7f9b9c005000, 138412032) = 0 [pid 822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 35.518920][ T819] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 822] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 822] close(5) = 0 [pid 822] close(6) = 0 [pid 822] mkdir("./file0", 0777) = 0 [pid 822] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 822] chdir("./file0") = 0 [pid 822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 822] ioctl(6, LOOP_CLR_FD) = 0 [pid 822] close(6) = 0 [pid 822] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 822] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 821] exit_group(0 [pid 823] <... futex resumed>) = ? [pid 821] <... exit_group resumed>) = ? [pid 823] +++ exited with 0 +++ [pid 822] <... futex resumed>) = ? [pid 822] +++ exited with 0 +++ [pid 821] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=821, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./170", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./170/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/binderfs") = 0 umount2("./170/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./170/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/bus") = 0 umount2("./170/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./170/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./170/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 824 ./strace-static-x86_64: Process 824 attached [pid 824] set_robust_list(0x5555720a9760, 24) = 0 [pid 824] chdir("./171") = 0 [pid 824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 824] setpgid(0, 0) = 0 [pid 824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 824] write(3, "1000", 4) = 4 [pid 824] close(3) = 0 [pid 824] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 824] write(1, "executing program\n", 18) = 18 [pid 824] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 824] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 824] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[825]}, 88) = 825 [pid 824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 824] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 824] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[826]}, 88) = 826 [pid 824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 824] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 826 attached [pid 826] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 826] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 826] creat("./bus", 000) = 3 [pid 826] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] <... futex resumed>) = 0 [pid 824] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 826] <... futex resumed>) = 1 [pid 826] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 826] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] <... futex resumed>) = 0 [pid 824] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 826] <... futex resumed>) = 1 [pid 826] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 826] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] <... futex resumed>) = 0 [pid 824] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 826] <... futex resumed>) = 1 [pid 826] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 826] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] <... futex resumed>) = 0 [pid 826] <... futex resumed>) = 1 [pid 826] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 825 attached [pid 825] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 825] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 825] memfd_create("syzkaller", 0) = 5 [pid 825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 825] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 825] munmap(0x7f9b9c005000, 138412032) = 0 [pid 825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 35.555045][ T822] loop0: detected capacity change from 0 to 256 [ 35.563498][ T822] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.574083][ T822] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 35.584837][ T822] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 825] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 825] close(5) = 0 [pid 825] close(6) = 0 [pid 825] mkdir("./file0", 0777) = 0 [pid 825] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 825] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 825] chdir("./file0") = 0 [pid 825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 825] ioctl(6, LOOP_CLR_FD) = 0 [pid 825] close(6) = 0 [pid 825] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 824] exit_group(0 [pid 825] <... futex resumed>) = 0 [pid 826] <... futex resumed>) = ? [pid 824] <... exit_group resumed>) = ? [pid 826] +++ exited with 0 +++ [pid 825] +++ exited with 0 +++ [pid 824] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=824, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./171", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./171/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/binderfs") = 0 umount2("./171/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./171/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/bus") = 0 umount2("./171/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./171/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./171/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 827 ./strace-static-x86_64: Process 827 attached [pid 827] set_robust_list(0x5555720a9760, 24) = 0 [pid 827] chdir("./172") = 0 [pid 827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 827] setpgid(0, 0) = 0 [pid 827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 827] write(3, "1000", 4) = 4 [pid 827] close(3) = 0 [pid 827] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 827] write(1, "executing program\n", 18) = 18 [pid 827] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 827] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 827] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 827] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[828]}, 88) = 828 [pid 827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 827] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 827] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 827] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[829]}, 88) = 829 [pid 827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 827] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 828 attached [pid 828] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 828] memfd_create("syzkaller", 0) = 3 [pid 828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 828] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 35.622960][ T825] loop0: detected capacity change from 0 to 256 [ 35.630707][ T825] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.641209][ T825] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 35.651464][ T825] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 828] munmap(0x7f9b9c005000, 138412032) = 0 [pid 828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 828] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 829 attached [pid 829] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 829] creat("./bus", 000) = 5 [pid 829] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 829] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 827] <... futex resumed>) = 0 [pid 827] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 827] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 829] <... futex resumed>) = 0 [pid 829] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 829] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 828] <... ioctl resumed>) = 0 [pid 829] <... futex resumed>) = 1 [pid 827] <... futex resumed>) = 0 [pid 828] close(3) = 0 [pid 828] close(4 [pid 829] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 828] <... close resumed>) = 0 [pid 827] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 829] <... open resumed>) = 3 [pid 828] mkdir("./file0", 0777) = 0 [pid 829] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 827] <... futex resumed>) = 0 [pid 827] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 829] <... futex resumed>) = 1 [pid 829] write(3, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 829] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 827] <... futex resumed>) = 0 [pid 829] <... futex resumed>) = 1 [pid 829] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 828] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 828] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 828] chdir("./file0") = 0 [pid 828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 828] ioctl(6, LOOP_CLR_FD) = 0 [pid 828] close(6) = 0 [pid 828] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 828] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 827] exit_group(0) = ? [pid 829] <... futex resumed>) = ? [pid 828] <... futex resumed>) = ? [pid 829] +++ exited with 0 +++ [pid 828] +++ exited with 0 +++ [pid 827] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=827, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./172", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./172/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/binderfs") = 0 umount2("./172/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./172/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/bus") = 0 umount2("./172/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./172/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./172/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 830 ./strace-static-x86_64: Process 830 attached [pid 830] set_robust_list(0x5555720a9760, 24) = 0 [pid 830] chdir("./173") = 0 [pid 830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 830] setpgid(0, 0) = 0 [pid 830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 830] write(3, "1000", 4) = 4 [pid 830] close(3) = 0 [pid 830] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 830] write(1, "executing program\n", 18) = 18 [pid 830] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 830] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 830] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 830] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[831]}, 88) = 831 [pid 830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 830] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 830] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 830] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[832]}, 88) = 832 [pid 830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 830] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 832 attached [pid 832] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 832] creat("./bus", 000) = 3 [pid 832] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 830] <... futex resumed>) = 0 [pid 830] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 832] <... futex resumed>) = 1 [pid 832] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 832] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 830] <... futex resumed>) = 0 [pid 830] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 832] <... futex resumed>) = 1 [pid 832] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 832] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 830] <... futex resumed>) = 0 [pid 830] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 832] <... futex resumed>) = 1 [pid 832] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 832] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 830] <... futex resumed>) = 0 [pid 832] <... futex resumed>) = 1 [pid 832] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 831 attached [pid 831] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 831] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 831] memfd_create("syzkaller", 0) = 5 [pid 831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 831] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 831] munmap(0x7f9b9c005000, 138412032) = 0 [pid 831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 35.692694][ T828] loop0: detected capacity change from 0 to 256 [ 35.703210][ T828] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.713743][ T828] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 35.724281][ T828] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 831] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 831] close(5) = 0 [pid 831] close(6) = 0 [pid 831] mkdir("./file0", 0777) = 0 [pid 831] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 831] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 831] chdir("./file0") = 0 [pid 831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 831] ioctl(6, LOOP_CLR_FD) = 0 [pid 831] close(6) = 0 [pid 831] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 831] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 830] exit_group(0 [pid 832] <... futex resumed>) = ? [pid 830] <... exit_group resumed>) = ? [pid 832] +++ exited with 0 +++ [pid 831] <... futex resumed>) = ? [pid 831] +++ exited with 0 +++ [pid 830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=830, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./173", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./173/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/binderfs") = 0 umount2("./173/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./173/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/bus") = 0 umount2("./173/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./173/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./173/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 833 ./strace-static-x86_64: Process 833 attached [pid 833] set_robust_list(0x5555720a9760, 24) = 0 [pid 833] chdir("./174") = 0 [pid 833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 833] setpgid(0, 0) = 0 [pid 833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 833] write(3, "1000", 4) = 4 [pid 833] close(3) = 0 [pid 833] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 833] write(1, "executing program\n", 18) = 18 [pid 833] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 833] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 833] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 833] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 833] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[834]}, 88) = 834 [pid 833] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 833] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 833] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 833] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 833] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[836]}, 88) = 836 [pid 833] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 833] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 833] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 836 attached [pid 836] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 836] creat("./bus", 000) = 3 [pid 836] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 833] <... futex resumed>) = 0 [pid 833] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 833] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] <... futex resumed>) = 1 [pid 836] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 836] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 833] <... futex resumed>) = 0 [pid 833] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 833] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] <... futex resumed>) = 1 [pid 836] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 836] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 833] <... futex resumed>) = 0 [pid 833] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 833] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 836] <... futex resumed>) = 1 [pid 836] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 836] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 833] <... futex resumed>) = 0 [pid 836] <... futex resumed>) = 1 [pid 836] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 834 attached [pid 834] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 834] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 834] memfd_create("syzkaller", 0) = 5 [pid 834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 834] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 834] munmap(0x7f9b9c005000, 138412032) = 0 [pid 834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 35.772743][ T831] loop0: detected capacity change from 0 to 256 [ 35.781061][ T831] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.791759][ T831] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 35.802279][ T831] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 834] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 834] close(5) = 0 [pid 834] close(6) = 0 [pid 834] mkdir("./file0", 0777) = 0 [pid 834] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 834] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 834] chdir("./file0") = 0 [pid 834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 834] ioctl(6, LOOP_CLR_FD) = 0 [pid 834] close(6) = 0 [pid 834] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 834] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 833] exit_group(0 [pid 836] <... futex resumed>) = ? [pid 833] <... exit_group resumed>) = ? [pid 836] +++ exited with 0 +++ [pid 834] <... futex resumed>) = ? [pid 834] +++ exited with 0 +++ [pid 833] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=833, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./174", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./174/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/binderfs") = 0 umount2("./174/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./174/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/bus") = 0 umount2("./174/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./174/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./174/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 837 ./strace-static-x86_64: Process 837 attached [pid 837] set_robust_list(0x5555720a9760, 24) = 0 [pid 837] chdir("./175") = 0 [pid 837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 837] setpgid(0, 0) = 0 [pid 837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 837] write(3, "1000", 4) = 4 [pid 837] close(3) = 0 [pid 837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 837] write(1, "executing program\n", 18) = 18 [pid 837] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 837] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 837] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 837] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 837] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[838]}, 88) = 838 [pid 837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 837] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 837] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 837] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 837] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[839]}, 88) = 839 [pid 837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 837] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 837] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 839 attached [pid 839] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 839] creat("./bus", 000) = 3 [pid 839] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] <... futex resumed>) = 0 [pid 837] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 837] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] <... futex resumed>) = 1 [pid 839] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 839] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] <... futex resumed>) = 0 [pid 837] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 837] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] <... futex resumed>) = 1 [pid 839] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 839] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] <... futex resumed>) = 0 [pid 837] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 837] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 839] <... futex resumed>) = 1 [pid 839] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 839] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 837] <... futex resumed>) = 0 [pid 839] <... futex resumed>) = 1 [pid 839] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 838 attached [pid 838] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 838] memfd_create("syzkaller", 0) = 5 [pid 838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 838] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 838] munmap(0x7f9b9c005000, 138412032) = 0 [pid 838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 35.840459][ T834] loop0: detected capacity change from 0 to 256 [ 35.847888][ T834] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.858612][ T834] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 35.868990][ T834] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 838] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 838] close(5) = 0 [pid 838] close(6) = 0 [pid 838] mkdir("./file0", 0777) = 0 [pid 838] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 838] chdir("./file0") = 0 [pid 838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 838] ioctl(6, LOOP_CLR_FD) = 0 [pid 838] close(6) = 0 [pid 838] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 838] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 837] exit_group(0 [pid 839] <... futex resumed>) = ? [pid 837] <... exit_group resumed>) = ? [pid 839] +++ exited with 0 +++ [pid 838] <... futex resumed>) = ? [pid 838] +++ exited with 0 +++ [pid 837] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=837, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./175/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/binderfs") = 0 umount2("./175/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./175/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/bus") = 0 umount2("./175/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./175/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./175/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 840 ./strace-static-x86_64: Process 840 attached [pid 840] set_robust_list(0x5555720a9760, 24) = 0 [pid 840] chdir("./176") = 0 [pid 840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 840] setpgid(0, 0) = 0 [pid 840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 840] write(3, "1000", 4) = 4 [pid 840] close(3) = 0 [pid 840] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 840] write(1, "executing program\n", 18) = 18 [pid 840] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 840] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 840] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 840] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 840] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[841]}, 88) = 841 [pid 840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 840] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 840] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 840] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 840] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[842]}, 88) = 842 [pid 840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 840] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 840] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 842 attached [pid 842] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 842] creat("./bus", 000) = 3 [pid 842] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 840] <... futex resumed>) = 0 [pid 840] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 840] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 842] <... futex resumed>) = 1 [pid 842] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 842] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 840] <... futex resumed>) = 0 [pid 840] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 840] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 842] <... futex resumed>) = 1 [pid 842] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 842] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 840] <... futex resumed>) = 0 [pid 840] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 840] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 842] <... futex resumed>) = 1 [pid 842] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 842] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 840] <... futex resumed>) = 0 [pid 842] <... futex resumed>) = 1 [pid 842] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 841 attached [pid 841] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 841] memfd_create("syzkaller", 0) = 5 [pid 841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 841] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 841] munmap(0x7f9b9c005000, 138412032) = 0 [pid 841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 35.908139][ T838] loop0: detected capacity change from 0 to 256 [ 35.915693][ T838] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.926176][ T838] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 35.936818][ T838] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 841] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 841] close(5) = 0 [pid 841] close(6) = 0 [pid 841] mkdir("./file0", 0777) = 0 [pid 841] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 841] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 841] chdir("./file0") = 0 [pid 841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 841] ioctl(6, LOOP_CLR_FD) = 0 [pid 841] close(6) = 0 [pid 841] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 841] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 840] exit_group(0 [pid 842] <... futex resumed>) = ? [pid 840] <... exit_group resumed>) = ? [pid 842] +++ exited with 0 +++ [pid 841] <... futex resumed>) = ? [pid 841] +++ exited with 0 +++ [pid 840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=840, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./176", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./176/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/binderfs") = 0 umount2("./176/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./176/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/bus") = 0 umount2("./176/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./176/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./176/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 843 ./strace-static-x86_64: Process 843 attached [pid 843] set_robust_list(0x5555720a9760, 24) = 0 [pid 843] chdir("./177") = 0 [pid 843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 843] setpgid(0, 0) = 0 [pid 843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 843] write(3, "1000", 4) = 4 [pid 843] close(3) = 0 [pid 843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 843] write(1, "executing program\n", 18executing program ) = 18 [pid 843] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 843] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 843] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 843] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 843] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 843] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[844]}, 88) = 844 [pid 843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 843] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 843] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 843] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 844 attached ) = 0 [pid 843] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 843] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[845]}, 88) = 845 [pid 843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 843] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 843] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 845 attached [pid 845] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 845] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 845] creat("./bus", 000 [pid 844] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 844] rt_sigprocmask(SIG_SETMASK, [], [pid 845] <... creat resumed>) = 3 [pid 844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 844] memfd_create("syzkaller", 0) = 4 [pid 844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 845] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 843] <... futex resumed>) = 0 [pid 843] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 843] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 845] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 843] <... futex resumed>) = 0 [pid 843] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 843] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 845] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 845] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 843] <... futex resumed>) = 0 [pid 843] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 843] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 844] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 845] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 845] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 843] <... futex resumed>) = 0 [pid 844] <... write resumed>) = 131072 [pid 844] munmap(0x7f9b9c005000, 138412032 [pid 845] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 844] <... munmap resumed>) = 0 [ 35.975423][ T841] loop0: detected capacity change from 0 to 256 [ 35.983116][ T841] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.993979][ T841] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 36.004640][ T841] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 844] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 844] close(4) = 0 [pid 844] close(6) = 0 [pid 844] mkdir("./file0", 0777) = 0 [pid 844] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 844] chdir("./file0") = 0 [pid 844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 844] ioctl(6, LOOP_CLR_FD) = 0 [pid 844] close(6) = 0 [pid 844] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 844] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 843] exit_group(0) = ? [pid 844] <... futex resumed>) = ? [pid 844] +++ exited with 0 +++ [pid 845] <... futex resumed>) = ? [pid 845] +++ exited with 0 +++ [pid 843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=843, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./177", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./177/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/binderfs") = 0 umount2("./177/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./177/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/bus") = 0 umount2("./177/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./177/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./177/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 846 ./strace-static-x86_64: Process 846 attached [pid 846] set_robust_list(0x5555720a9760, 24) = 0 [pid 846] chdir("./178") = 0 [pid 846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 846] setpgid(0, 0) = 0 [pid 846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 846] write(3, "1000", 4) = 4 [pid 846] close(3) = 0 [pid 846] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 846] write(1, "executing program\n", 18) = 18 [pid 846] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 846] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 846] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 846] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 846] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 847 attached => {parent_tid=[847]}, 88) = 847 [pid 846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 847] set_robust_list(0x7f9ba44469a0, 24 [pid 846] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 846] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 847] <... set_robust_list resumed>) = 0 [pid 846] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 847] rt_sigprocmask(SIG_SETMASK, [], [pid 846] rt_sigprocmask(SIG_BLOCK, ~[], [pid 847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 846] <... rt_sigprocmask resumed>[], 8) = 0 [pid 847] memfd_create("syzkaller", 0 [pid 846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 847] <... memfd_create resumed>) = 3 [pid 847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 ./strace-static-x86_64: Process 848 attached [pid 848] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 848] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 846] <... clone3 resumed> => {parent_tid=[848]}, 88) = 848 [pid 846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 846] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 848] <... futex resumed>) = 0 [pid 848] creat("./bus", 000 [pid 846] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] <... creat resumed>) = 4 [pid 848] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 848] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 847] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 846] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 848] <... futex resumed>) = 0 [pid 848] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 847] <... write resumed>) = 131072 [pid 846] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] <... mount resumed>) = 0 [pid 847] munmap(0x7f9b9c005000, 138412032 [pid 848] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 848] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 846] <... futex resumed>) = 0 [pid 847] <... munmap resumed>) = 0 [pid 847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 847] ioctl(5, LOOP_SET_FD, 3 [pid 846] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 36.049497][ T844] loop0: detected capacity change from 0 to 256 [ 36.057918][ T844] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 36.068668][ T844] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 36.079117][ T844] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 846] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 848] <... futex resumed>) = 0 [pid 848] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 848] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 848] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 846] <... futex resumed>) = 0 [pid 846] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 848] <... futex resumed>) = 0 [pid 848] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 848] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 848] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 846] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 847] <... ioctl resumed>) = 0 [pid 847] close(3) = 0 [pid 847] close(5) = 0 [pid 847] mkdir("./file0", 0777) = 0 [pid 847] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 847] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 847] chdir("./file0") = 0 [pid 847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 847] ioctl(5, LOOP_CLR_FD) = 0 [pid 847] close(5) = 0 [pid 847] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 847] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 846] exit_group(0) = ? [pid 847] <... futex resumed>) = ? [pid 847] +++ exited with 0 +++ [pid 848] <... futex resumed>) = ? [pid 848] +++ exited with 0 +++ [pid 846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=846, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./178", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./178/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/binderfs") = 0 umount2("./178/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./178/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/bus") = 0 umount2("./178/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./178/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./178/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 849 ./strace-static-x86_64: Process 849 attached [pid 849] set_robust_list(0x5555720a9760, 24) = 0 [pid 849] chdir("./179") = 0 [pid 849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 849] setpgid(0, 0) = 0 [pid 849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 849] write(3, "1000", 4) = 4 [pid 849] close(3) = 0 [pid 849] symlink("/dev/binderfs", "./binderfs") = 0 [pid 849] write(1, "executing program\n", 18executing program ) = 18 [pid 849] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 849] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 849] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 849] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[850]}, 88) = 850 [pid 849] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 849] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 849] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 849] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 849] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 849] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[851]}, 88) = 851 ./strace-static-x86_64: Process 850 attached ./strace-static-x86_64: Process 851 attached [pid 849] rt_sigprocmask(SIG_SETMASK, [], [pid 850] set_robust_list(0x7f9ba44469a0, 24 [pid 851] set_robust_list(0x7f9ba44259a0, 24 [pid 849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 849] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 849] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 850] <... set_robust_list resumed>) = 0 [pid 850] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 851] <... set_robust_list resumed>) = 0 [pid 850] memfd_create("syzkaller", 0 [pid 851] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 851] creat("./bus", 000 [pid 850] <... memfd_create resumed>) = 4 [pid 850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 851] <... creat resumed>) = 3 [pid 850] <... mmap resumed>) = 0x7f9b9c005000 [pid 851] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 849] <... futex resumed>) = 0 [pid 851] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 849] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 849] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] <... futex resumed>) = 0 [pid 851] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 850] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 851] <... mount resumed>) = 0 [pid 850] <... write resumed>) = 131072 [pid 851] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 850] munmap(0x7f9b9c005000, 138412032 [pid 851] <... futex resumed>) = 1 [pid 849] <... futex resumed>) = 0 [pid 850] <... munmap resumed>) = 0 [pid 849] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 849] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 851] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 849] <... futex resumed>) = 0 [pid 849] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 849] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 851] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 851] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 849] <... futex resumed>) = 0 [pid 850] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 851] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 850] <... openat resumed>) = 6 [ 36.117108][ T847] loop0: detected capacity change from 0 to 256 [ 36.125266][ T847] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 36.136048][ T847] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 36.146464][ T847] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 850] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 850] close(4) = 0 [pid 850] close(6) = 0 [pid 850] mkdir("./file0", 0777) = 0 [pid 850] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 850] chdir("./file0") = 0 [pid 850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 850] ioctl(6, LOOP_CLR_FD) = 0 [pid 850] close(6) = 0 [pid 850] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 849] exit_group(0) = ? [pid 851] <... futex resumed>) = ? [pid 850] +++ exited with 0 +++ [pid 851] +++ exited with 0 +++ [pid 849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=849, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./179", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./179/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/binderfs") = 0 umount2("./179/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./179/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/bus") = 0 umount2("./179/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./179/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./179/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 852 ./strace-static-x86_64: Process 852 attached [pid 852] set_robust_list(0x5555720a9760, 24) = 0 [pid 852] chdir("./180") = 0 [pid 852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 852] setpgid(0, 0) = 0 [pid 852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 852] write(3, "1000", 4) = 4 [pid 852] close(3) = 0 [pid 852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 852] write(1, "executing program\n", 18executing program ) = 18 [pid 852] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 852] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 852] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 852] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[853]}, 88) = 853 ./strace-static-x86_64: Process 853 attached [pid 852] rt_sigprocmask(SIG_SETMASK, [], [pid 853] set_robust_list(0x7f9ba44469a0, 24 [pid 852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 852] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 852] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 852] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 852] rt_sigprocmask(SIG_BLOCK, ~[], [pid 853] <... set_robust_list resumed>) = 0 [pid 852] <... rt_sigprocmask resumed>[], 8) = 0 [pid 852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 853] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 854 attached NULL, 8) = 0 [pid 852] <... clone3 resumed> => {parent_tid=[854]}, 88) = 854 [pid 852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 852] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 852] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] set_robust_list(0x7f9ba44259a0, 24 [pid 853] memfd_create("syzkaller", 0 [pid 854] <... set_robust_list resumed>) = 0 [pid 854] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 854] creat("./bus", 000 [pid 853] <... memfd_create resumed>) = 4 [pid 853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 854] <... creat resumed>) = 3 [pid 854] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 852] <... futex resumed>) = 0 [pid 852] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 852] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] <... futex resumed>) = 1 [pid 854] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 854] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 852] <... futex resumed>) = 0 [pid 852] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 852] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] <... futex resumed>) = 1 [pid 854] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 854] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 852] <... futex resumed>) = 0 [pid 852] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 852] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 854] <... futex resumed>) = 1 [pid 854] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 853] <... mmap resumed>) = 0x7f9b9c005000 [pid 854] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 853] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 852] <... futex resumed>) = 0 [pid 854] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 853] <... write resumed>) = 131072 [pid 853] munmap(0x7f9b9c005000, 138412032) = 0 [pid 853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 36.188989][ T850] loop0: detected capacity change from 0 to 256 [ 36.196965][ T850] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 36.207808][ T850] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 36.218184][ T850] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 853] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 853] close(4) = 0 [pid 853] close(6) = 0 [pid 853] mkdir("./file0", 0777) = 0 [pid 853] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 853] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 853] chdir("./file0") = 0 [pid 853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 853] ioctl(6, LOOP_CLR_FD) = 0 [pid 853] close(6) = 0 [pid 853] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 853] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 852] exit_group(0) = ? [pid 853] <... futex resumed>) = ? [pid 853] +++ exited with 0 +++ [pid 854] <... futex resumed>) = ? [pid 854] +++ exited with 0 +++ [pid 852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=852, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./180", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./180/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/binderfs") = 0 umount2("./180/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./180/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/bus") = 0 umount2("./180/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./180/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./180/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 855 ./strace-static-x86_64: Process 855 attached [pid 855] set_robust_list(0x5555720a9760, 24) = 0 [pid 855] chdir("./181") = 0 [pid 855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 855] setpgid(0, 0) = 0 [pid 855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 855] write(3, "1000", 4) = 4 [pid 855] close(3) = 0 [pid 855] symlink("/dev/binderfs", "./binderfs") = 0 [pid 855] write(1, "executing program\n", 18) = 18 [pid 855] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 855] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 855] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[856]}, 88) = 856 [pid 855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 855] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 855] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[857]}, 88) = 857 [pid 855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 855] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 856 attached [pid 856] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 856] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 856] memfd_create("syzkaller", 0) = 3 [pid 856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 856] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 856] munmap(0x7f9b9c005000, 138412032) = 0 [pid 856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 36.258767][ T853] loop0: detected capacity change from 0 to 256 [ 36.267393][ T853] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 36.278038][ T853] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 36.288251][ T853] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 856] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 857 attached ) = 0 [pid 856] close(3) = 0 [pid 856] close(4) = 0 [pid 856] mkdir("./file0", 0777 [pid 857] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 856] <... mkdir resumed>) = 0 [pid 857] rt_sigprocmask(SIG_SETMASK, [], [pid 856] mount("/dev/loop0", "./file0", "exfat", 0, "" [pid 857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 857] creat("./bus", 000) = 3 [pid 857] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 857] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 855] <... futex resumed>) = 0 [pid 855] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 855] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] <... futex resumed>) = 0 [pid 857] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 857] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 855] <... futex resumed>) = 0 [pid 855] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 857] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 855] <... futex resumed>) = 0 [pid 857] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 855] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] <... write resumed>) = 4096 [pid 857] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 855] <... futex resumed>) = 0 [ 36.323457][ T856] loop0: detected capacity change from 0 to 256 [ 36.331302][ T856] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 36.341770][ T856] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 36.349969][ T856] ================================================================================ [ 36.359564][ T856] UBSAN: shift-out-of-bounds in fs/exfat/super.c:529:38 [ 36.366395][ T856] shift exponent 185 is too large for 32-bit type 'int' [ 36.373266][ T856] CPU: 0 PID: 856 Comm: syz-executor634 Not tainted 6.1.129-syzkaller-00006-gefda22f3484c #0 [ 36.383186][ T856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 36.393102][ T856] Call Trace: [ 36.396204][ T856] [ 36.398979][ T856] dump_stack_lvl+0x151/0x1b7 [ 36.403494][ T856] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 36.408790][ T856] dump_stack+0x15/0x18 [ 36.412777][ T856] __ubsan_handle_shift_out_of_bounds+0x3e1/0x440 [ 36.419034][ T856] exfat_fill_super+0x2b3a/0x2b80 [pid 857] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 855] exit_group(0 [pid 857] <... futex resumed>) = ? [pid 855] <... exit_group resumed>) = ? [pid 857] +++ exited with 0 +++ [ 36.423894][ T856] ? exfat_reconfigure+0x90/0x90 [ 36.428660][ T856] ? set_blocksize+0x1cb/0x360 [ 36.433268][ T856] ? sb_set_blocksize+0xa8/0xf0 [ 36.437951][ T856] get_tree_bdev+0x440/0x680 [ 36.442381][ T856] ? exfat_reconfigure+0x90/0x90 [ 36.447152][ T856] exfat_get_tree+0x1c/0x20 [ 36.451498][ T856] vfs_get_tree+0x88/0x290 [ 36.455744][ T856] do_new_mount+0x2ba/0xb30 [ 36.460083][ T856] ? do_move_mount_old+0x160/0x160 [ 36.465035][ T856] ? security_capable+0x87/0xb0 [ 36.469717][ T856] ? ns_capable+0x89/0xe0 [ 36.473881][ T856] path_mount+0x671/0x1070 [ 36.478139][ T856] ? user_path_at_empty+0x14e/0x1a0 [ 36.483175][ T856] __se_sys_mount+0x2c4/0x3b0 [ 36.487683][ T856] ? __x64_sys_mount+0xd0/0xd0 [ 36.492282][ T856] ? fpregs_restore_userregs+0x130/0x290 [ 36.497752][ T856] __x64_sys_mount+0xbf/0xd0 [ 36.502177][ T856] x64_sys_call+0x49d/0x9a0 [ 36.506515][ T856] do_syscall_64+0x3b/0xb0 [ 36.510767][ T856] ? clear_bhb_loop+0x55/0xb0 [ 36.515290][ T856] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 36.521018][ T856] RIP: 0033:0x7f9ba448b56a [ 36.525268][ T856] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 36.544707][ T856] RSP: 002b:00007f9ba4445fd8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 36.552960][ T856] RAX: ffffffffffffffda RBX: 00007f9ba4445ff0 RCX: 00007f9ba448b56a [ 36.560760][ T856] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00007f9ba4445ff0 [pid 856] <... mount resumed>) = ? [pid 856] +++ exited with 0 +++ [pid 855] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=855, si_uid=0, si_status=0, si_utime=1, si_stime=8} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./181", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./181/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/binderfs") = 0 umount2("./181/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./181/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/bus") = 0 umount2("./181/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./181/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 36.568572][ T856] RBP: 0000200000000240 R08: 00007f9ba4446030 R09: 00000000000014f8 [ 36.576386][ T856] R10: 0000000000000000 R11: 0000000000000286 R12: 0000200000000000 [ 36.584203][ T856] R13: 00007f9ba4446030 R14: 0000000000000003 R15: 0000000000000000 [ 36.592010][ T856] [ 36.594971][ T856] ================================================================================ [ 36.604011][ T856] exFAT-fs (loop0): unable to set blocksize 33554432 [ 36.610495][ T856] exFAT-fs (loop0): failed to read boot sector [ 36.616515][ T856] exFAT-fs (loop0): failed to recognize exfat type ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 858 ./strace-static-x86_64: Process 858 attached [pid 858] set_robust_list(0x5555720a9760, 24) = 0 [pid 858] chdir("./182") = 0 [pid 858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 858] setpgid(0, 0) = 0 [pid 858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 858] write(3, "1000", 4) = 4 [pid 858] close(3) = 0 [pid 858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 858] write(1, "executing program\n", 18executing program ) = 18 [pid 858] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 858] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 858] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 858] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 859 attached => {parent_tid=[859]}, 88) = 859 [pid 858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 858] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 858] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 858] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 859] set_robust_list(0x7f9ba44469a0, 24 [pid 858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[860]}, 88) = 860 [pid 858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 858] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 858] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 860 attached [pid 860] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 860] creat("./bus", 000 [pid 859] <... set_robust_list resumed>) = 0 [pid 859] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 859] memfd_create("syzkaller", 0 [pid 860] <... creat resumed>) = 3 [pid 859] <... memfd_create resumed>) = 4 [pid 859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 860] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 858] <... futex resumed>) = 0 [pid 858] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 858] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 860] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 858] <... futex resumed>) = 0 [pid 858] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 858] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 859] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 860] <... futex resumed>) = 1 [pid 860] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 859] <... write resumed>) = 131072 [pid 859] munmap(0x7f9b9c005000, 138412032 [pid 860] <... open resumed>) = 5 [pid 860] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 859] <... munmap resumed>) = 0 [pid 858] <... futex resumed>) = 0 [pid 860] <... futex resumed>) = 1 [pid 858] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 859] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 858] <... futex resumed>) = 0 [pid 858] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 859] <... openat resumed>) = 6 [pid 859] ioctl(6, LOOP_SET_FD, 4 [pid 860] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 860] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 858] <... futex resumed>) = 0 [pid 860] <... futex resumed>) = 1 [pid 860] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 859] <... ioctl resumed>) = 0 [pid 859] close(4) = 0 [pid 859] close(6) = 0 [pid 859] mkdir("./file0", 0777) = 0 [pid 859] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 859] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 859] chdir("./file0") = 0 [pid 859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 859] ioctl(6, LOOP_CLR_FD) = 0 [pid 859] close(6) = 0 [pid 859] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 859] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 858] exit_group(0) = ? [pid 859] <... futex resumed>) = ? [pid 859] +++ exited with 0 +++ [pid 860] <... futex resumed>) = ? [pid 860] +++ exited with 0 +++ [pid 858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=858, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./182", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./182/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/binderfs") = 0 umount2("./182/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./182/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/bus") = 0 umount2("./182/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./182/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./182/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 861 executing program ./strace-static-x86_64: Process 861 attached [pid 861] set_robust_list(0x5555720a9760, 24) = 0 [pid 861] chdir("./183") = 0 [pid 861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 861] setpgid(0, 0) = 0 [pid 861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 861] write(3, "1000", 4) = 4 [pid 861] close(3) = 0 [pid 861] symlink("/dev/binderfs", "./binderfs") = 0 [pid 861] write(1, "executing program\n", 18) = 18 [pid 861] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 861] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 861] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[862]}, 88) = 862 [pid 861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 861] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 861] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[863]}, 88) = 863 [pid 861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 861] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 863 attached [pid 863] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 863] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 863] creat("./bus", 000) = 3 [pid 863] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 861] <... futex resumed>) = 0 [pid 861] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 863] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 861] <... futex resumed>) = 0 [pid 861] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 863] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 861] <... futex resumed>) = 0 [pid 861] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 863] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 861] <... futex resumed>) = 0 [pid 863] <... futex resumed>) = 1 [pid 863] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 862 attached [pid 862] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 862] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 862] memfd_create("syzkaller", 0) = 5 [pid 862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 862] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 862] munmap(0x7f9b9c005000, 138412032) = 0 [pid 862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 36.685868][ T859] loop0: detected capacity change from 0 to 256 [ 36.694492][ T859] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 36.704991][ T859] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 36.715419][ T859] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 862] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 862] close(5) = 0 [pid 862] close(6) = 0 [pid 862] mkdir("./file0", 0777) = 0 [pid 862] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 862] chdir("./file0") = 0 [pid 862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 862] ioctl(6, LOOP_CLR_FD) = 0 [pid 862] close(6) = 0 [pid 862] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 861] exit_group(0 [pid 863] <... futex resumed>) = ? [pid 861] <... exit_group resumed>) = ? [pid 863] +++ exited with 0 +++ [pid 862] <... futex resumed>) = ? [pid 862] +++ exited with 0 +++ [pid 861] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=861, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./183", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./183/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/binderfs") = 0 umount2("./183/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./183/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/bus") = 0 umount2("./183/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./183/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./183/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 864 ./strace-static-x86_64: Process 864 attached [pid 864] set_robust_list(0x5555720a9760, 24) = 0 [pid 864] chdir("./184") = 0 [pid 864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 864] setpgid(0, 0) = 0 [pid 864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 864] write(3, "1000", 4) = 4 [pid 864] close(3) = 0 [pid 864] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 864] write(1, "executing program\n", 18) = 18 [pid 864] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 864] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 864] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[865]}, 88) = 865 [pid 864] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 864] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 864] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[866]}, 88) = 866 [pid 864] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 864] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 866 attached [pid 866] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 866] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 866] creat("./bus", 000) = 3 [pid 866] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 864] <... futex resumed>) = 0 [pid 864] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] <... futex resumed>) = 1 [pid 866] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 866] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 864] <... futex resumed>) = 0 [pid 864] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] <... futex resumed>) = 1 [pid 866] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 ./strace-static-x86_64: Process 865 attached [pid 866] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 864] <... futex resumed>) = 0 [pid 864] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] <... futex resumed>) = 1 [pid 866] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 866] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 864] <... futex resumed>) = 0 [pid 866] <... futex resumed>) = 1 [pid 865] set_robust_list(0x7f9ba44469a0, 24 [pid 866] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 865] <... set_robust_list resumed>) = 0 [pid 865] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 865] memfd_create("syzkaller", 0) = 5 [pid 865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 865] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 865] munmap(0x7f9b9c005000, 138412032) = 0 [pid 865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 36.755312][ T862] loop0: detected capacity change from 0 to 256 [ 36.763490][ T862] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 36.774064][ T862] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 36.784637][ T862] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 865] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 865] close(5) = 0 [pid 865] close(6) = 0 [pid 865] mkdir("./file0", 0777) = 0 [pid 865] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 865] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 865] chdir("./file0") = 0 [pid 865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 865] ioctl(6, LOOP_CLR_FD) = 0 [pid 865] close(6) = 0 [pid 865] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] exit_group(0) = ? [pid 865] +++ exited with 0 +++ [pid 866] <... futex resumed>) = ? [pid 866] +++ exited with 0 +++ [pid 864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=864, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./184", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./184/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/binderfs") = 0 umount2("./184/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./184/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/bus") = 0 umount2("./184/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./184/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./184/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 868 ./strace-static-x86_64: Process 868 attached [pid 868] set_robust_list(0x5555720a9760, 24) = 0 [pid 868] chdir("./185") = 0 [pid 868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 868] setpgid(0, 0) = 0 executing program [pid 868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 868] write(3, "1000", 4) = 4 [pid 868] close(3) = 0 [pid 868] symlink("/dev/binderfs", "./binderfs") = 0 [pid 868] write(1, "executing program\n", 18) = 18 [pid 868] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 868] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[869]}, 88) = 869 [pid 868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 868] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 868] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 868] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[870]}, 88) = 870 [pid 868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 868] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 870 attached [pid 870] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 870] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 870] creat("./bus", 000) = 3 [pid 870] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = 0 [pid 868] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 870] <... futex resumed>) = 1 [pid 870] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 870] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = 0 [pid 868] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 870] <... futex resumed>) = 1 [pid 870] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 870] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = 0 [pid 868] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 870] <... futex resumed>) = 1 [pid 870] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 870] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 868] <... futex resumed>) = 0 [pid 870] <... futex resumed>) = 1 [pid 870] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 869 attached [pid 869] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 869] memfd_create("syzkaller", 0) = 5 [pid 869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 869] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 869] munmap(0x7f9b9c005000, 138412032) = 0 [pid 869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 36.833384][ T865] loop0: detected capacity change from 0 to 256 [ 36.843316][ T865] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 36.853784][ T865] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 36.864069][ T865] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 869] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 869] close(5) = 0 [pid 869] close(6) = 0 [pid 869] mkdir("./file0", 0777) = 0 [pid 869] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 869] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 869] chdir("./file0") = 0 [pid 869] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 869] ioctl(6, LOOP_CLR_FD) = 0 [pid 869] close(6) = 0 [pid 869] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 869] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 868] exit_group(0 [pid 870] <... futex resumed>) = ? [pid 868] <... exit_group resumed>) = ? [pid 870] +++ exited with 0 +++ [pid 869] <... futex resumed>) = ? [pid 869] +++ exited with 0 +++ [pid 868] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=868, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./185", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./185/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./185/binderfs") = 0 umount2("./185/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./185/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./185/bus") = 0 umount2("./185/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./185/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./185/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 871 ./strace-static-x86_64: Process 871 attached [pid 871] set_robust_list(0x5555720a9760, 24) = 0 [pid 871] chdir("./186") = 0 [pid 871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 871] setpgid(0, 0) = 0 [pid 871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 871] write(3, "1000", 4) = 4 [pid 871] close(3) = 0 [pid 871] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 871] write(1, "executing program\n", 18) = 18 [pid 871] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 871] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 871] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 871] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[872]}, 88) = 872 [pid 871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 871] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 871] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 871] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[873]}, 88) = 873 [pid 871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 871] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 871] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 873 attached [pid 873] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 873] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 873] creat("./bus", 000) = 3 [pid 873] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 871] <... futex resumed>) = 0 [pid 871] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 871] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 873] <... futex resumed>) = 1 [pid 873] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 873] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 871] <... futex resumed>) = 0 [pid 871] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 871] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 873] <... futex resumed>) = 1 [pid 873] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 873] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 871] <... futex resumed>) = 0 [pid 871] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 871] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 873] <... futex resumed>) = 1 [pid 873] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 873] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 871] <... futex resumed>) = 0 [pid 873] <... futex resumed>) = 1 [pid 873] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 872 attached [pid 872] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 872] memfd_create("syzkaller", 0) = 5 [pid 872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 872] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 872] munmap(0x7f9b9c005000, 138412032) = 0 [pid 872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 36.902206][ T869] loop0: detected capacity change from 0 to 256 [ 36.909896][ T869] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 36.920661][ T869] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 36.931074][ T869] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 872] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 872] close(5) = 0 [pid 872] close(6) = 0 [pid 872] mkdir("./file0", 0777) = 0 [pid 872] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 872] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 872] chdir("./file0") = 0 [pid 872] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 872] ioctl(6, LOOP_CLR_FD) = 0 [pid 872] close(6) = 0 [pid 872] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 872] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 871] exit_group(0 [pid 873] <... futex resumed>) = ? [pid 871] <... exit_group resumed>) = ? [pid 873] +++ exited with 0 +++ [pid 872] <... futex resumed>) = ? [pid 872] +++ exited with 0 +++ [pid 871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=871, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./186", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./186/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/binderfs") = 0 umount2("./186/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./186/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/bus") = 0 umount2("./186/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./186/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./186/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 874 ./strace-static-x86_64: Process 874 attached [pid 874] set_robust_list(0x5555720a9760, 24) = 0 [pid 874] chdir("./187") = 0 [pid 874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 874] setpgid(0, 0) = 0 [pid 874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 874] write(3, "1000", 4) = 4 [pid 874] close(3) = 0 [pid 874] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 874] write(1, "executing program\n", 18) = 18 [pid 874] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 874] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 874] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[875]}, 88) = 875 [pid 874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 874] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 874] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 874] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 874] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[876]}, 88) = 876 [pid 874] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 874] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 875 attached [pid 875] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 875] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 875] memfd_create("syzkaller", 0) = 3 [pid 875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 875] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 875] munmap(0x7f9b9c005000, 138412032) = 0 [pid 875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 36.967905][ T872] loop0: detected capacity change from 0 to 256 [ 36.976105][ T872] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 36.986703][ T872] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 36.997170][ T872] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 875] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 876 attached ) = 0 [pid 875] close(3) = 0 [pid 875] close(4) = 0 [pid 875] mkdir("./file0", 0777 [pid 876] set_robust_list(0x7f9ba44259a0, 24 [pid 875] <... mkdir resumed>) = 0 [pid 875] mount("/dev/loop0", "./file0", "exfat", 0, "" [pid 876] <... set_robust_list resumed>) = 0 [pid 876] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 876] creat("./bus", 000) = 3 [pid 876] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 876] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 874] <... futex resumed>) = 0 [pid 874] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 876] <... futex resumed>) = 0 [pid 874] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 876] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 876] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 874] <... futex resumed>) = 0 [pid 876] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 874] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 876] <... open resumed>) = 4 [pid 874] <... futex resumed>) = 0 [pid 876] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 874] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 876] <... futex resumed>) = 0 [pid 874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 876] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 874] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 874] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 876] <... write resumed>) = 4096 [pid 876] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 874] <... futex resumed>) = 0 [pid 876] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 875] <... mount resumed>) = -1 EIO (Input/output error) [pid 875] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 875] ioctl(5, LOOP_CLR_FD) = 0 [pid 875] close(5) = 0 [pid 875] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 875] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 874] exit_group(0 [pid 876] <... futex resumed>) = ? [pid 874] <... exit_group resumed>) = ? [pid 876] +++ exited with 0 +++ [pid 875] <... futex resumed>) = ? [pid 875] +++ exited with 0 +++ [pid 874] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=874, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./187", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./187/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/binderfs") = 0 umount2("./187/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./187/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/bus") = 0 umount2("./187/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./187/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./187/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./187") = 0 mkdir("./188", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 877 ./strace-static-x86_64: Process 877 attached [pid 877] set_robust_list(0x5555720a9760, 24) = 0 executing program [pid 877] chdir("./188") = 0 [pid 877] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 877] setpgid(0, 0) = 0 [pid 877] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 877] write(3, "1000", 4) = 4 [pid 877] close(3) = 0 [pid 877] symlink("/dev/binderfs", "./binderfs") = 0 [pid 877] write(1, "executing program\n", 18) = 18 [pid 877] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 877] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 877] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 877] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[878]}, 88) = 878 [pid 877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 877] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 877] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 877] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 877] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[879]}, 88) = 879 [pid 877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 877] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 879 attached [pid 879] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 879] creat("./bus", 000) = 3 [pid 879] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 879] <... futex resumed>) = 1 [pid 879] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 879] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 879] <... futex resumed>) = 1 [pid 879] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 879] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 877] <... futex resumed>) = 0 [pid 877] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 877] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 879] <... futex resumed>) = 1 [pid 879] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 879] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 877] <... futex resumed>) = 0 [pid 879] <... futex resumed>) = 1 [pid 879] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 878 attached [pid 878] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 878] memfd_create("syzkaller", 0) = 5 [pid 878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 878] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 878] munmap(0x7f9b9c005000, 138412032) = 0 [pid 878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 37.030420][ T875] loop0: detected capacity change from 0 to 256 [ 37.038025][ T875] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.048528][ T875] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 37.056904][ T875] exFAT-fs (loop0): unable to set blocksize 33554432 [ 37.063524][ T875] exFAT-fs (loop0): failed to read boot sector [ 37.069468][ T875] exFAT-fs (loop0): failed to recognize exfat type [pid 878] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 878] close(5) = 0 [pid 878] close(6) = 0 [pid 878] mkdir("./file0", 0777) = 0 [pid 878] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 878] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 878] chdir("./file0") = 0 [pid 878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 878] ioctl(6, LOOP_CLR_FD) = 0 [pid 878] close(6) = 0 [pid 878] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 878] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 877] exit_group(0 [pid 879] <... futex resumed>) = ? [pid 877] <... exit_group resumed>) = ? [pid 879] +++ exited with 0 +++ [pid 878] <... futex resumed>) = ? [pid 878] +++ exited with 0 +++ [pid 877] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=877, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./188", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./188/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./188/binderfs") = 0 umount2("./188/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./188/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./188/bus") = 0 umount2("./188/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./188/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./188/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./188/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 880 ./strace-static-x86_64: Process 880 attached [pid 880] set_robust_list(0x5555720a9760, 24) = 0 [pid 880] chdir("./189") = 0 [pid 880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 880] setpgid(0, 0) = 0 executing program [pid 880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 880] write(3, "1000", 4) = 4 [pid 880] close(3) = 0 [pid 880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 880] write(1, "executing program\n", 18) = 18 [pid 880] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 880] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 880] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 880] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[881]}, 88) = 881 [pid 880] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 880] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 880] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 880] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[882]}, 88) = 882 [pid 880] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 880] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 882 attached [pid 882] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 882] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 882] creat("./bus", 000) = 3 [pid 882] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 882] <... futex resumed>) = 1 [pid 882] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 882] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 882] <... futex resumed>) = 1 [pid 882] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 882] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 880] <... futex resumed>) = 0 [pid 880] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 880] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 882] <... futex resumed>) = 1 [pid 882] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 882] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 880] <... futex resumed>) = 0 [pid 882] <... futex resumed>) = 1 [pid 882] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 881 attached [pid 881] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 881] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 881] memfd_create("syzkaller", 0) = 5 [pid 881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 37.105859][ T878] loop0: detected capacity change from 0 to 256 [ 37.114451][ T878] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.125183][ T878] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 37.135792][ T878] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 881] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 881] munmap(0x7f9b9c005000, 138412032) = 0 [pid 881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 881] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 881] close(5) = 0 [pid 881] close(6) = 0 [pid 881] mkdir("./file0", 0777) = 0 [pid 881] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 881] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 881] chdir("./file0") = 0 [pid 881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 881] ioctl(6, LOOP_CLR_FD) = 0 [pid 881] close(6) = 0 [pid 881] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 880] exit_group(0) = ? [pid 881] <... futex resumed>) = ? [pid 881] +++ exited with 0 +++ [pid 882] <... futex resumed>) = ? [pid 882] +++ exited with 0 +++ [pid 880] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=880, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./189", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./189/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./189/binderfs") = 0 umount2("./189/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./189/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./189/bus") = 0 umount2("./189/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./189/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./189/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./189/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 883 ./strace-static-x86_64: Process 883 attached [pid 883] set_robust_list(0x5555720a9760, 24) = 0 [pid 883] chdir("./190") = 0 [pid 883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 883] setpgid(0, 0) = 0 [pid 883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 883] write(3, "1000", 4) = 4 [pid 883] close(3) = 0 [pid 883] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 883] write(1, "executing program\n", 18) = 18 [pid 883] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 883] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 883] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 883] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[884]}, 88) = 884 [pid 883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 883] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 883] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 883] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[885]}, 88) = 885 [pid 883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 883] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 885 attached [pid 885] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 885] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 885] creat("./bus", 000) = 3 [pid 885] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 885] <... futex resumed>) = 1 [pid 885] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 885] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 885] <... futex resumed>) = 1 [pid 885] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 885] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] <... futex resumed>) = 0 [pid 883] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 883] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 885] <... futex resumed>) = 1 [pid 885] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 885] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 883] <... futex resumed>) = 0 [pid 885] <... futex resumed>) = 1 [pid 885] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 884 attached [pid 884] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 884] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 884] memfd_create("syzkaller", 0) = 5 [pid 884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 884] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 884] munmap(0x7f9b9c005000, 138412032) = 0 [pid 884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 37.187062][ T881] loop0: detected capacity change from 0 to 256 [ 37.195099][ T881] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.205658][ T881] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 37.216361][ T881] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 884] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 884] close(5) = 0 [pid 884] close(6) = 0 [pid 884] mkdir("./file0", 0777) = 0 [pid 884] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 884] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 884] chdir("./file0") = 0 [pid 884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 884] ioctl(6, LOOP_CLR_FD) = 0 [pid 884] close(6) = 0 [pid 884] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 884] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 883] exit_group(0 [pid 885] <... futex resumed>) = ? [pid 883] <... exit_group resumed>) = ? [pid 885] +++ exited with 0 +++ [pid 884] <... futex resumed>) = ? [pid 884] +++ exited with 0 +++ [pid 883] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=883, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./190", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./190/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./190/binderfs") = 0 umount2("./190/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./190/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./190/bus") = 0 umount2("./190/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./190/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./190/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./190/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 886 ./strace-static-x86_64: Process 886 attached [pid 886] set_robust_list(0x5555720a9760, 24) = 0 [pid 886] chdir("./191") = 0 [pid 886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 886] setpgid(0, 0) = 0 [pid 886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 886] write(3, "1000", 4) = 4 [pid 886] close(3) = 0 [pid 886] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 886] write(1, "executing program\n", 18) = 18 [pid 886] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 886] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 886] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 886] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[887]}, 88) = 887 [pid 886] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 886] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 886] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 886] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[888]}, 88) = 888 [pid 886] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 886] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 888 attached [pid 888] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 888] creat("./bus", 000) = 3 [pid 888] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 888] <... futex resumed>) = 1 [pid 888] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 888] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 888] <... futex resumed>) = 1 [pid 888] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000./strace-static-x86_64: Process 887 attached [pid 887] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 887] memfd_create("syzkaller", 0 [pid 888] <... open resumed>) = 4 [pid 888] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 886] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 886] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 888] <... futex resumed>) = 1 [pid 888] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 888] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 886] <... futex resumed>) = 0 [pid 888] <... futex resumed>) = 1 [pid 888] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 887] <... memfd_create resumed>) = 5 [pid 887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 887] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 887] munmap(0x7f9b9c005000, 138412032) = 0 [ 37.253567][ T884] loop0: detected capacity change from 0 to 256 [ 37.261081][ T884] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.271554][ T884] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 37.282025][ T884] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 887] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 887] close(5) = 0 [pid 887] close(6) = 0 [pid 887] mkdir("./file0", 0777) = 0 [pid 887] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 887] chdir("./file0") = 0 [pid 887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 887] ioctl(6, LOOP_CLR_FD) = 0 [pid 887] close(6) = 0 [pid 887] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 887] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 886] exit_group(0 [pid 888] <... futex resumed>) = ? [pid 886] <... exit_group resumed>) = ? [pid 888] +++ exited with 0 +++ [pid 887] <... futex resumed>) = ? [pid 887] +++ exited with 0 +++ [pid 886] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=886, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./191", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./191/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./191/binderfs") = 0 umount2("./191/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./191/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./191/bus") = 0 umount2("./191/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./191/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./191/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./191/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./191") = 0 mkdir("./192", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 889 ./strace-static-x86_64: Process 889 attached [pid 889] set_robust_list(0x5555720a9760, 24) = 0 [pid 889] chdir("./192") = 0 [pid 889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 889] setpgid(0, 0) = 0 [pid 889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 889] write(3, "1000", 4) = 4 [pid 889] close(3) = 0 [pid 889] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 889] write(1, "executing program\n", 18) = 18 [pid 889] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 889] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 889] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 889] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[890]}, 88) = 890 [pid 889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 889] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 889] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 889] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 890 attached => {parent_tid=[891]}, 88) = 891 [pid 889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 889] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 889] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 891 attached [pid 891] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 891] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 891] creat("./bus", 000 [pid 890] set_robust_list(0x7f9ba44469a0, 24 [pid 891] <... creat resumed>) = 3 [pid 891] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 889] <... futex resumed>) = 0 [pid 889] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 889] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 891] <... futex resumed>) = 1 [pid 891] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 890] <... set_robust_list resumed>) = 0 [pid 891] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 889] <... futex resumed>) = 0 [pid 889] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 889] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 891] <... futex resumed>) = 1 [pid 891] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 891] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 889] <... futex resumed>) = 0 [pid 889] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 889] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 891] <... futex resumed>) = 1 [pid 891] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 891] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 889] <... futex resumed>) = 0 [pid 891] <... futex resumed>) = 1 [pid 891] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 890] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 890] memfd_create("syzkaller", 0) = 5 [pid 890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 890] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 890] munmap(0x7f9b9c005000, 138412032) = 0 [pid 890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 37.316391][ T887] loop0: detected capacity change from 0 to 256 [ 37.325437][ T887] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.335945][ T887] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 37.346536][ T887] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 890] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 890] close(5) = 0 [pid 890] close(6) = 0 [pid 890] mkdir("./file0", 0777) = 0 [pid 890] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 890] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 890] chdir("./file0") = 0 [pid 890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 890] ioctl(6, LOOP_CLR_FD) = 0 [pid 890] close(6) = 0 [pid 890] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 890] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 889] exit_group(0 [pid 891] <... futex resumed>) = ? [pid 889] <... exit_group resumed>) = ? [pid 891] +++ exited with 0 +++ [pid 890] <... futex resumed>) = ? [pid 890] +++ exited with 0 +++ [pid 889] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=889, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./192", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./192/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./192/binderfs") = 0 umount2("./192/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./192/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./192/bus") = 0 umount2("./192/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./192/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./192/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./192/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 892 ./strace-static-x86_64: Process 892 attached [pid 892] set_robust_list(0x5555720a9760, 24) = 0 [pid 892] chdir("./193") = 0 [pid 892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 892] setpgid(0, 0) = 0 [pid 892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 892] write(3, "1000", 4) = 4 [pid 892] close(3) = 0 [pid 892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 892] write(1, "executing program\n", 18) = 18 [pid 892] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 892] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 892] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 892] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[893]}, 88) = 893 [pid 892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 892] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 892] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 892] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[894]}, 88) = 894 [pid 892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 892] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 892] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 894 attached [pid 894] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 894] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 894] creat("./bus", 000) = 3 [pid 894] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 892] <... futex resumed>) = 0 [pid 892] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 892] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 894] <... futex resumed>) = 1 [pid 894] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 894] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 892] <... futex resumed>) = 0 [pid 892] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 892] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 894] <... futex resumed>) = 1 [pid 894] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 894] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 892] <... futex resumed>) = 0 [pid 892] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 892] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 894] <... futex resumed>) = 1 [pid 894] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 894] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 892] <... futex resumed>) = 0 [pid 894] <... futex resumed>) = 1 [pid 894] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 893 attached [pid 893] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 893] memfd_create("syzkaller", 0) = 5 [pid 893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 893] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 893] munmap(0x7f9b9c005000, 138412032) = 0 [pid 893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 37.382322][ T890] loop0: detected capacity change from 0 to 256 [ 37.389747][ T890] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.400308][ T890] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 37.410199][ T890] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 893] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 893] close(5) = 0 [pid 893] close(6) = 0 [pid 893] mkdir("./file0", 0777) = 0 [pid 893] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 893] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 893] chdir("./file0") = 0 [pid 893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 893] ioctl(6, LOOP_CLR_FD) = 0 [pid 893] close(6) = 0 [pid 893] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 893] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 892] exit_group(0 [pid 894] <... futex resumed>) = ? [pid 892] <... exit_group resumed>) = ? [pid 894] +++ exited with 0 +++ [pid 893] <... futex resumed>) = ? [pid 893] +++ exited with 0 +++ [pid 892] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=892, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./193", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./193/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./193/binderfs") = 0 umount2("./193/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./193/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./193/bus") = 0 umount2("./193/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./193/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./193/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./193/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 895 ./strace-static-x86_64: Process 895 attached [pid 895] set_robust_list(0x5555720a9760, 24) = 0 [pid 895] chdir("./194") = 0 [pid 895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 895] setpgid(0, 0) = 0 [pid 895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 895] write(3, "1000", 4) = 4 [pid 895] close(3) = 0 [pid 895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 895] write(1, "executing program\n", 18executing program ) = 18 [pid 895] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 895] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 895] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 895] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 896 attached => {parent_tid=[896]}, 88) = 896 [pid 896] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 896] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 895] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 895] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 895] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 895] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 896] <... futex resumed>) = 0 [pid 895] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 896] memfd_create("syzkaller", 0./strace-static-x86_64: Process 897 attached ) = 3 [pid 895] <... clone3 resumed> => {parent_tid=[897]}, 88) = 897 [pid 897] set_robust_list(0x7f9ba44259a0, 24 [pid 896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 895] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 895] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 897] <... set_robust_list resumed>) = 0 [pid 897] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 897] creat("./bus", 000 [pid 896] <... mmap resumed>) = 0x7f9b9c005000 [pid 897] <... creat resumed>) = 4 [pid 897] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 897] <... futex resumed>) = 1 [pid 897] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 897] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 897] <... futex resumed>) = 1 [pid 897] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 897] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 895] <... futex resumed>) = 0 [pid 895] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 895] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 897] <... futex resumed>) = 1 [pid 897] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 897] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 895] <... futex resumed>) = 0 [pid 897] <... futex resumed>) = 1 [pid 897] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 896] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 896] munmap(0x7f9b9c005000, 138412032) = 0 [pid 896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 896] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 896] close(3) = 0 [pid 896] close(6) = 0 [pid 896] mkdir("./file0", 0777) = 0 [ 37.449066][ T893] loop0: detected capacity change from 0 to 256 [ 37.456573][ T893] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.467115][ T893] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 37.477547][ T893] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 896] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 896] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 896] chdir("./file0") = 0 [pid 896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 896] ioctl(6, LOOP_CLR_FD) = 0 [pid 896] close(6) = 0 [pid 896] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 896] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 895] exit_group(0 [pid 897] <... futex resumed>) = ? [pid 895] <... exit_group resumed>) = ? [pid 897] +++ exited with 0 +++ [pid 896] <... futex resumed>) = ? [pid 896] +++ exited with 0 +++ [pid 895] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=895, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./194", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./194/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./194/binderfs") = 0 umount2("./194/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./194/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./194/bus") = 0 umount2("./194/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./194/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./194/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./194/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 mkdir("./195", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 898 executing program ./strace-static-x86_64: Process 898 attached [pid 898] set_robust_list(0x5555720a9760, 24) = 0 [pid 898] chdir("./195") = 0 [pid 898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 898] setpgid(0, 0) = 0 [pid 898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 898] write(3, "1000", 4) = 4 [pid 898] close(3) = 0 [pid 898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 898] write(1, "executing program\n", 18) = 18 [pid 898] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 898] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 898] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[899]}, 88) = 899 [pid 898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 898] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 898] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[900]}, 88) = 900 [pid 898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 898] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 900 attached [pid 900] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 900] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 900] creat("./bus", 000./strace-static-x86_64: Process 899 attached ) = 3 [pid 900] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 900] <... futex resumed>) = 1 [pid 900] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 900] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 900] <... futex resumed>) = 1 [pid 900] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 900] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 898] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 898] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 900] <... futex resumed>) = 1 [pid 900] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 900] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 898] <... futex resumed>) = 0 [pid 900] <... futex resumed>) = 1 [pid 900] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 899] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 899] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 899] memfd_create("syzkaller", 0) = 5 [pid 899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 899] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 899] munmap(0x7f9b9c005000, 138412032) = 0 [pid 899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 37.523529][ T896] loop0: detected capacity change from 0 to 256 [ 37.532953][ T896] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.543760][ T896] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 37.554173][ T896] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 899] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 899] close(5) = 0 [pid 899] close(6) = 0 [pid 899] mkdir("./file0", 0777) = 0 [pid 899] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 899] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 899] chdir("./file0") = 0 [pid 899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 899] ioctl(6, LOOP_CLR_FD) = 0 [pid 899] close(6) = 0 [pid 899] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 899] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 898] exit_group(0 [pid 900] <... futex resumed>) = ? [pid 898] <... exit_group resumed>) = ? [pid 900] +++ exited with 0 +++ [pid 899] <... futex resumed>) = ? [pid 899] +++ exited with 0 +++ [pid 898] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=898, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./195", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./195/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./195/binderfs") = 0 umount2("./195/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./195/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./195/bus") = 0 umount2("./195/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./195/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./195/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./195/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 901 ./strace-static-x86_64: Process 901 attached [pid 901] set_robust_list(0x5555720a9760, 24) = 0 [pid 901] chdir("./196") = 0 [pid 901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 901] setpgid(0, 0) = 0 [pid 901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 901] write(3, "1000", 4) = 4 [pid 901] close(3) = 0 [pid 901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 901] write(1, "executing program\n", 18) = 18 [pid 901] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 901] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 901] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[902]}, 88) = 902 [pid 901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 901] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 901] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[903]}, 88) = 903 [pid 901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 901] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 903 attached [pid 903] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 903] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 903] creat("./bus", 000) = 3 [pid 903] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] <... futex resumed>) = 0 [pid 901] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 903] <... futex resumed>) = 1 [pid 903] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 903] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] <... futex resumed>) = 0 [pid 901] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 903] <... futex resumed>) = 1 [pid 903] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 903] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] <... futex resumed>) = 0 [pid 901] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 901] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 903] <... futex resumed>) = 1 [pid 903] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 903] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 901] <... futex resumed>) = 0 [pid 903] <... futex resumed>) = 1 [pid 903] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 902 attached [pid 902] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 902] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 902] memfd_create("syzkaller", 0) = 5 [pid 902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 902] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 37.591328][ T899] loop0: detected capacity change from 0 to 256 [ 37.599374][ T899] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.610187][ T899] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 37.620553][ T899] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 902] munmap(0x7f9b9c005000, 138412032) = 0 [pid 902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 902] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 902] close(5) = 0 [pid 902] close(6) = 0 [pid 902] mkdir("./file0", 0777) = 0 [pid 902] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 902] chdir("./file0") = 0 [pid 902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 902] ioctl(6, LOOP_CLR_FD) = 0 [pid 902] close(6) = 0 [pid 902] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 902] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 901] exit_group(0 [pid 903] <... futex resumed>) = ? [pid 902] <... futex resumed>) = ? [pid 901] <... exit_group resumed>) = ? [pid 903] +++ exited with 0 +++ [pid 902] +++ exited with 0 +++ [pid 901] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=901, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./196", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./196/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./196/binderfs") = 0 umount2("./196/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./196/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./196/bus") = 0 umount2("./196/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./196/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./196/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./196/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 904 ./strace-static-x86_64: Process 904 attached [pid 904] set_robust_list(0x5555720a9760, 24) = 0 [pid 904] chdir("./197") = 0 [pid 904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 904] setpgid(0, 0) = 0 [pid 904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 904] write(3, "1000", 4) = 4 [pid 904] close(3) = 0 [pid 904] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 904] write(1, "executing program\n", 18) = 18 [pid 904] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 904] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 904] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[905]}, 88) = 905 [pid 904] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 904] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 904] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[906]}, 88) = 906 [pid 904] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 904] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 906 attached [pid 906] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 906] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 906] creat("./bus", 000) = 3 [pid 906] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 906] <... futex resumed>) = 1 [pid 906] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 906] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 906] <... futex resumed>) = 1 [pid 906] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 906] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 904] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 904] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 906] <... futex resumed>) = 1 [pid 906] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 906] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 904] <... futex resumed>) = 0 [pid 906] <... futex resumed>) = 1 [pid 906] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 905 attached [pid 905] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 905] memfd_create("syzkaller", 0) = 5 [pid 905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 905] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 905] munmap(0x7f9b9c005000, 138412032) = 0 [ 37.656455][ T902] loop0: detected capacity change from 0 to 256 [ 37.664947][ T902] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.675661][ T902] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 37.686263][ T902] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 905] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 905] close(5) = 0 [pid 905] close(6) = 0 [pid 905] mkdir("./file0", 0777) = 0 [pid 905] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 905] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 905] chdir("./file0") = 0 [pid 905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 905] ioctl(6, LOOP_CLR_FD) = 0 [pid 905] close(6) = 0 [pid 905] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 905] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 904] exit_group(0 [pid 906] <... futex resumed>) = ? [pid 904] <... exit_group resumed>) = ? [pid 906] +++ exited with 0 +++ [pid 905] <... futex resumed>) = ? [pid 905] +++ exited with 0 +++ [pid 904] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=904, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./197", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./197/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./197/binderfs") = 0 umount2("./197/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./197/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./197/bus") = 0 umount2("./197/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./197/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./197/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./197/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 mkdir("./198", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 907 ./strace-static-x86_64: Process 907 attached [pid 907] set_robust_list(0x5555720a9760, 24) = 0 [pid 907] chdir("./198") = 0 [pid 907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 907] setpgid(0, 0) = 0 [pid 907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 907] write(3, "1000", 4) = 4 [pid 907] close(3) = 0 [pid 907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 907] write(1, "executing program\n", 18executing program ) = 18 [pid 907] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 907] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 907] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 908 attached => {parent_tid=[908]}, 88) = 908 [pid 908] set_robust_list(0x7f9ba44469a0, 24 [pid 907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 907] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 907] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 908] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 909 attached [pid 907] <... clone3 resumed> => {parent_tid=[909]}, 88) = 909 [pid 907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 907] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 908] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 908] memfd_create("syzkaller", 0 [pid 909] set_robust_list(0x7f9ba44259a0, 24 [pid 908] <... memfd_create resumed>) = 3 [pid 908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 909] <... set_robust_list resumed>) = 0 [pid 909] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 909] creat("./bus", 000) = 4 [pid 908] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 909] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 909] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 908] <... write resumed>) = 131072 [pid 907] <... futex resumed>) = 0 [pid 908] munmap(0x7f9b9c005000, 138412032) = 0 [pid 907] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 908] ioctl(5, LOOP_SET_FD, 3 [pid 909] <... futex resumed>) = 0 [pid 907] <... futex resumed>) = 1 [ 37.724169][ T905] loop0: detected capacity change from 0 to 256 [ 37.732407][ T905] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.742949][ T905] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 37.753940][ T905] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 909] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 907] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 909] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 909] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 909] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 907] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 907] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 909] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 909] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 907] <... futex resumed>) = 0 [pid 909] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 908] <... ioctl resumed>) = 0 [pid 908] close(3) = 0 [pid 908] close(5) = 0 [pid 908] mkdir("./file0", 0777) = 0 [pid 908] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 908] chdir("./file0") = 0 [pid 908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 908] ioctl(5, LOOP_CLR_FD) = 0 [pid 908] close(5) = 0 [pid 908] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 908] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 907] exit_group(0) = ? [pid 908] <... futex resumed>) = ? [pid 908] +++ exited with 0 +++ [pid 909] <... futex resumed>) = ? [pid 909] +++ exited with 0 +++ [pid 907] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=907, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./198", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./198/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./198/binderfs") = 0 umount2("./198/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./198/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./198/bus") = 0 umount2("./198/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./198/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./198/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./198/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 911 ./strace-static-x86_64: Process 911 attached [pid 911] set_robust_list(0x5555720a9760, 24) = 0 [pid 911] chdir("./199") = 0 [pid 911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 911] setpgid(0, 0) = 0 [pid 911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 911] write(3, "1000", 4) = 4 [pid 911] close(3) = 0 [pid 911] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 911] write(1, "executing program\n", 18) = 18 [pid 911] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 911] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 911] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 911] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[912]}, 88) = 912 [pid 911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 911] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 911] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 911] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[913]}, 88) = 913 [pid 911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 911] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 911] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 913 attached [pid 913] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 913] creat("./bus", 000) = 3 [pid 913] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] <... futex resumed>) = 0 [pid 911] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 911] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 913] <... futex resumed>) = 1 [pid 913] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 913] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] <... futex resumed>) = 0 [pid 911] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 911] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 913] <... futex resumed>) = 1 [pid 913] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 913] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] <... futex resumed>) = 0 [pid 911] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 911] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 913] <... futex resumed>) = 1 [pid 913] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 913] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 911] <... futex resumed>) = 0 [pid 913] <... futex resumed>) = 1 [pid 913] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 912 attached [pid 912] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 912] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 912] memfd_create("syzkaller", 0) = 5 [pid 912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 912] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 912] munmap(0x7f9b9c005000, 138412032) = 0 [pid 912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 37.791429][ T908] loop0: detected capacity change from 0 to 256 [ 37.799407][ T908] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.810028][ T908] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 37.820678][ T908] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 912] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 912] close(5) = 0 [pid 912] close(6) = 0 [pid 912] mkdir("./file0", 0777) = 0 [pid 912] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 912] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 912] chdir("./file0") = 0 [pid 912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 912] ioctl(6, LOOP_CLR_FD) = 0 [pid 912] close(6) = 0 [pid 912] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 912] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 911] exit_group(0) = ? [pid 913] <... futex resumed>) = ? [pid 913] +++ exited with 0 +++ [pid 912] <... futex resumed>) = ? [pid 912] +++ exited with 0 +++ [pid 911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=911, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./199", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./199/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./199/binderfs") = 0 umount2("./199/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./199/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./199/bus") = 0 umount2("./199/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./199/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./199/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./199/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 914 ./strace-static-x86_64: Process 914 attached [pid 914] set_robust_list(0x5555720a9760, 24) = 0 [pid 914] chdir("./200") = 0 [pid 914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 914] setpgid(0, 0) = 0 [pid 914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 914] write(3, "1000", 4) = 4 [pid 914] close(3) = 0 [pid 914] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 914] write(1, "executing program\n", 18) = 18 [pid 914] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 914] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 914] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[915]}, 88) = 915 [pid 914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 914] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 914] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 914] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 915 attached [pid 915] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 915] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 915] memfd_create("syzkaller", 0 [pid 914] <... clone3 resumed> => {parent_tid=[916]}, 88) = 916 [pid 914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 914] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 915] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 916 attached [pid 915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 916] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 916] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 916] creat("./bus", 000) = 4 [pid 916] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 914] <... futex resumed>) = 0 [pid 914] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 916] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 916] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 914] <... futex resumed>) = 0 [pid 914] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 916] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 916] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 914] <... futex resumed>) = 0 [pid 914] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 914] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 916] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 916] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 914] <... futex resumed>) = 0 [pid 916] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 915] <... mmap resumed>) = 0x7f9b9c005000 [pid 915] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 915] munmap(0x7f9b9c005000, 138412032) = 0 [pid 915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 37.859255][ T912] loop0: detected capacity change from 0 to 256 [ 37.866874][ T912] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.877377][ T912] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 37.887769][ T912] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 915] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 915] close(3) = 0 [pid 915] close(6) = 0 [pid 915] mkdir("./file0", 0777) = 0 [pid 915] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 915] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 915] chdir("./file0") = 0 [pid 915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 915] ioctl(6, LOOP_CLR_FD) = 0 [pid 915] close(6) = 0 [pid 915] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 915] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 914] exit_group(0 [pid 915] <... futex resumed>) = ? [pid 914] <... exit_group resumed>) = ? [pid 916] <... futex resumed>) = ? [pid 915] +++ exited with 0 +++ [pid 916] +++ exited with 0 +++ [pid 914] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=914, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./200", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./200/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./200/binderfs") = 0 umount2("./200/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./200/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./200/bus") = 0 umount2("./200/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./200/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./200/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./200/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 917 ./strace-static-x86_64: Process 917 attached [pid 917] set_robust_list(0x5555720a9760, 24) = 0 [pid 917] chdir("./201") = 0 [pid 917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 917] setpgid(0, 0) = 0 [pid 917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 917] write(3, "1000", 4) = 4 [pid 917] close(3) = 0 [pid 917] symlink("/dev/binderfs", "./binderfs") = 0 [pid 917] write(1, "executing program\n", 18) = 18 [pid 917] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 917] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 917] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 917] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 917] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 917] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[918]}, 88) = 918 [pid 917] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 917] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 917] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 917] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 917] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 917] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[919]}, 88) = 919 [pid 917] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 917] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 917] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 919 attached [pid 919] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 919] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 919] creat("./bus", 000) = 3 [pid 919] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 917] <... futex resumed>) = 0 [pid 917] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 917] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 919] <... futex resumed>) = 1 [pid 919] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 919] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 917] <... futex resumed>) = 0 [pid 917] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 917] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 919] <... futex resumed>) = 1 [pid 919] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 919] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 917] <... futex resumed>) = 0 [pid 917] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 917] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 919] <... futex resumed>) = 1 [pid 919] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 919] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 917] <... futex resumed>) = 0 [pid 919] <... futex resumed>) = 1 [pid 919] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 918 attached [pid 918] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 918] memfd_create("syzkaller", 0) = 5 [pid 918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 918] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 918] munmap(0x7f9b9c005000, 138412032) = 0 [pid 918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 37.931221][ T915] loop0: detected capacity change from 0 to 256 [ 37.939224][ T915] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.949925][ T915] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 37.960299][ T915] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 918] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 918] close(5) = 0 [pid 918] close(6) = 0 [pid 918] mkdir("./file0", 0777) = 0 [pid 918] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 918] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 918] chdir("./file0") = 0 [pid 918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 918] ioctl(6, LOOP_CLR_FD) = 0 [pid 918] close(6) = 0 [pid 918] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 917] exit_group(0) = ? [pid 919] <... futex resumed>) = ? [pid 918] <... futex resumed>) = ? [pid 918] +++ exited with 0 +++ [pid 919] +++ exited with 0 +++ [pid 917] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=917, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./201", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./201/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./201/binderfs") = 0 umount2("./201/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./201/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./201/bus") = 0 umount2("./201/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./201/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./201/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./201/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 920 ./strace-static-x86_64: Process 920 attached [pid 920] set_robust_list(0x5555720a9760, 24) = 0 [pid 920] chdir("./202") = 0 [pid 920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 920] setpgid(0, 0) = 0 [pid 920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 920] write(3, "1000", 4) = 4 [pid 920] close(3) = 0 [pid 920] symlink("/dev/binderfs", "./binderfs") = 0 [pid 920] write(1, "executing program\n", 18executing program ) = 18 [pid 920] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 920] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 920] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 920] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[921]}, 88) = 921 [pid 920] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 920] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 920] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 920] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[922]}, 88) = 922 [pid 920] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 920] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 920] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 922 attached [pid 922] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 922] creat("./bus", 000) = 3 [pid 922] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] <... futex resumed>) = 0 [pid 920] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 920] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 922] <... futex resumed>) = 1 [pid 922] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 922] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] <... futex resumed>) = 0 [pid 920] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 920] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 922] <... futex resumed>) = 1 [pid 922] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 922] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] <... futex resumed>) = 0 [pid 920] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 920] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 922] <... futex resumed>) = 1 [pid 922] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 922] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 920] <... futex resumed>) = 0 [pid 922] <... futex resumed>) = 1 [pid 922] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 921 attached [pid 921] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 921] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 921] memfd_create("syzkaller", 0) = 5 [pid 921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 921] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 921] munmap(0x7f9b9c005000, 138412032) = 0 [pid 921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 38.011376][ T918] loop0: detected capacity change from 0 to 256 [ 38.019077][ T918] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.029612][ T918] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.039900][ T918] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 921] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 921] close(5) = 0 [pid 921] close(6) = 0 [pid 921] mkdir("./file0", 0777) = 0 [pid 921] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 921] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 921] chdir("./file0") = 0 [pid 921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 921] ioctl(6, LOOP_CLR_FD) = 0 [pid 921] close(6) = 0 [pid 921] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 921] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 920] exit_group(0) = ? [pid 922] <... futex resumed>) = ? [pid 921] <... futex resumed>) = ? [pid 922] +++ exited with 0 +++ [pid 921] +++ exited with 0 +++ [pid 920] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=920, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./202", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./202/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./202/binderfs") = 0 umount2("./202/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./202/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./202/bus") = 0 umount2("./202/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./202/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./202/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./202/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 923 ./strace-static-x86_64: Process 923 attached [pid 923] set_robust_list(0x5555720a9760, 24) = 0 [pid 923] chdir("./203") = 0 [pid 923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 923] setpgid(0, 0) = 0 [pid 923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 923] write(3, "1000", 4) = 4 [pid 923] close(3) = 0 [pid 923] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 923] write(1, "executing program\n", 18) = 18 [pid 923] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 923] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 923] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 923] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 923] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[924]}, 88) = 924 [pid 923] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 923] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 923] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 923] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 923] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[925]}, 88) = 925 [pid 923] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 923] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 923] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 925 attached [pid 925] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 925] creat("./bus", 000) = 3 [pid 925] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 923] <... futex resumed>) = 0 [pid 923] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 923] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 925] <... futex resumed>) = 1 [pid 925] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 925] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 923] <... futex resumed>) = 0 [pid 923] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 923] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 925] <... futex resumed>) = 1 [pid 925] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 925] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 923] <... futex resumed>) = 0 [pid 923] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 923] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 925] <... futex resumed>) = 1 [pid 925] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 925] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 923] <... futex resumed>) = 0 [pid 925] <... futex resumed>) = 1 ./strace-static-x86_64: Process 924 attached [pid 925] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 924] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 924] memfd_create("syzkaller", 0) = 5 [pid 924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 924] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 924] munmap(0x7f9b9c005000, 138412032) = 0 [pid 924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 38.078311][ T921] loop0: detected capacity change from 0 to 256 [ 38.085815][ T921] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.096330][ T921] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.106749][ T921] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 924] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 924] close(5) = 0 [pid 924] close(6) = 0 [pid 924] mkdir("./file0", 0777) = 0 [pid 924] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 924] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 924] chdir("./file0") = 0 [pid 924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 924] ioctl(6, LOOP_CLR_FD) = 0 [pid 924] close(6) = 0 [pid 924] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 924] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 923] exit_group(0) = ? [pid 925] <... futex resumed>) = ? [pid 924] <... futex resumed>) = ? [pid 925] +++ exited with 0 +++ [pid 924] +++ exited with 0 +++ [pid 923] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=923, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./203", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./203/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./203/binderfs") = 0 umount2("./203/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./203/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./203/bus") = 0 umount2("./203/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./203/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./203/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./203/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 mkdir("./204", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 926 ./strace-static-x86_64: Process 926 attached [pid 926] set_robust_list(0x5555720a9760, 24) = 0 [pid 926] chdir("./204") = 0 [pid 926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 926] setpgid(0, 0) = 0 [pid 926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 926] write(3, "1000", 4) = 4 [pid 926] close(3) = 0 [pid 926] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 926] write(1, "executing program\n", 18) = 18 [pid 926] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 926] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 926] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 926] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[927]}, 88) = 927 [pid 926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 926] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 926] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 926] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 926] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 926] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[928]}, 88) = 928 [pid 926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 926] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 926] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 928 attached [pid 928] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 928] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 928] creat("./bus", 000) = 3 [pid 928] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 926] <... futex resumed>) = 0 [pid 926] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 926] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 928] <... futex resumed>) = 1 [pid 928] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 928] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 926] <... futex resumed>) = 0 [pid 926] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 926] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 928] <... futex resumed>) = 1 [pid 928] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 928] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 926] <... futex resumed>) = 0 [pid 926] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 926] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 928] <... futex resumed>) = 1 [pid 928] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 928] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 926] <... futex resumed>) = 0 [pid 928] <... futex resumed>) = 1 [pid 928] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 927 attached [pid 927] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 927] memfd_create("syzkaller", 0) = 5 [pid 927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 38.143334][ T924] loop0: detected capacity change from 0 to 256 [ 38.151489][ T924] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.162299][ T924] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.173133][ T924] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 927] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 927] munmap(0x7f9b9c005000, 138412032) = 0 [pid 927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 927] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 927] close(5) = 0 [pid 927] close(6) = 0 [pid 927] mkdir("./file0", 0777) = 0 [pid 927] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 927] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 927] chdir("./file0") = 0 [pid 927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 927] ioctl(6, LOOP_CLR_FD) = 0 [pid 927] close(6) = 0 [pid 927] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 927] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 926] exit_group(0) = ? [pid 927] <... futex resumed>) = ? [pid 927] +++ exited with 0 +++ [pid 928] <... futex resumed>) = ? [pid 928] +++ exited with 0 +++ [pid 926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=926, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./204", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./204/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./204/binderfs") = 0 umount2("./204/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./204/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./204/bus") = 0 umount2("./204/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./204/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./204/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./204/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 929 ./strace-static-x86_64: Process 929 attached [pid 929] set_robust_list(0x5555720a9760, 24) = 0 [pid 929] chdir("./205") = 0 [pid 929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 929] setpgid(0, 0) = 0 [pid 929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 929] write(3, "1000", 4) = 4 [pid 929] close(3) = 0 [pid 929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 929] write(1, "executing program\n", 18executing program ) = 18 [pid 929] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 929] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 929] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[930]}, 88) = 930 [pid 929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 929] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 929] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 929] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 929] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[931]}, 88) = 931 [pid 929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 929] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 929] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 931 attached [pid 931] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 931] creat("./bus", 000) = 3 [pid 931] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 929] <... futex resumed>) = 0 [pid 929] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 929] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 931] <... futex resumed>) = 1 [pid 931] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 931] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 929] <... futex resumed>) = 0 [pid 929] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 929] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 931] <... futex resumed>) = 1 [pid 931] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 931] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 929] <... futex resumed>) = 0 [pid 929] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 929] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 931] <... futex resumed>) = 1 [pid 931] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 931] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 929] <... futex resumed>) = 0 [pid 931] <... futex resumed>) = 1 [pid 931] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 930 attached [pid 930] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 930] memfd_create("syzkaller", 0) = 5 [pid 930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 930] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 930] munmap(0x7f9b9c005000, 138412032) = 0 [ 38.211852][ T927] loop0: detected capacity change from 0 to 256 [ 38.220169][ T927] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.230752][ T927] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.241291][ T927] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 930] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 930] close(5) = 0 [pid 930] close(6) = 0 [pid 930] mkdir("./file0", 0777) = 0 [pid 930] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 930] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 930] chdir("./file0") = 0 [pid 930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 930] ioctl(6, LOOP_CLR_FD) = 0 [pid 930] close(6) = 0 [pid 930] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 930] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 929] exit_group(0 [pid 931] <... futex resumed>) = ? [pid 929] <... exit_group resumed>) = ? [pid 931] +++ exited with 0 +++ [pid 930] <... futex resumed>) = ? [pid 930] +++ exited with 0 +++ [pid 929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=929, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./205", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./205/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./205/binderfs") = 0 umount2("./205/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./205/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./205/bus") = 0 umount2("./205/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./205/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./205/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./205/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 932 ./strace-static-x86_64: Process 932 attached [pid 932] set_robust_list(0x5555720a9760, 24) = 0 [pid 932] chdir("./206") = 0 [pid 932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 932] setpgid(0, 0) = 0 [pid 932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 932] write(3, "1000", 4) = 4 [pid 932] close(3) = 0 [pid 932] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 932] write(1, "executing program\n", 18) = 18 [pid 932] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 932] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 932] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 932] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 932] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[933]}, 88) = 933 [pid 932] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 932] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 932] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 932] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 932] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 932] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[934]}, 88) = 934 [pid 932] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 932] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 932] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 934 attached [pid 934] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 934] creat("./bus", 000./strace-static-x86_64: Process 933 attached ) = 3 [pid 934] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 932] <... futex resumed>) = 0 [pid 932] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 932] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 934] <... futex resumed>) = 1 [pid 934] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 933] set_robust_list(0x7f9ba44469a0, 24 [pid 934] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 932] <... futex resumed>) = 0 [pid 932] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 932] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 934] <... futex resumed>) = 1 [pid 934] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 934] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 932] <... futex resumed>) = 0 [pid 932] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 932] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 934] <... futex resumed>) = 1 [pid 934] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 934] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 932] <... futex resumed>) = 0 [pid 934] <... futex resumed>) = 1 [pid 934] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 933] <... set_robust_list resumed>) = 0 [pid 933] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 933] memfd_create("syzkaller", 0) = 5 [pid 933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 933] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 933] munmap(0x7f9b9c005000, 138412032) = 0 [pid 933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 38.278798][ T930] loop0: detected capacity change from 0 to 256 [ 38.287026][ T930] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.297621][ T930] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.308138][ T930] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 933] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 933] close(5) = 0 [pid 933] close(6) = 0 [pid 933] mkdir("./file0", 0777) = 0 [pid 933] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 933] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 933] chdir("./file0") = 0 [pid 933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 933] ioctl(6, LOOP_CLR_FD) = 0 [pid 933] close(6) = 0 [pid 933] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 933] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 932] exit_group(0) = ? [pid 933] <... futex resumed>) = ? [pid 933] +++ exited with 0 +++ [pid 934] <... futex resumed>) = ? [pid 934] +++ exited with 0 +++ [pid 932] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=932, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./206", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./206/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./206/binderfs") = 0 umount2("./206/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./206/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./206/bus") = 0 umount2("./206/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./206/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./206/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./206/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 935 ./strace-static-x86_64: Process 935 attached [pid 935] set_robust_list(0x5555720a9760, 24) = 0 [pid 935] chdir("./207") = 0 [pid 935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 935] setpgid(0, 0) = 0 [pid 935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 935] write(3, "1000", 4) = 4 [pid 935] close(3) = 0 [pid 935] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 935] write(1, "executing program\n", 18) = 18 [pid 935] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 935] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 935] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[936]}, 88) = 936 [pid 935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 935] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 935] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 935] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 935] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[937]}, 88) = 937 [pid 935] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 935] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 935] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 937 attached [pid 937] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 937] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 937] creat("./bus", 000) = 3 [pid 937] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 935] <... futex resumed>) = 0 [pid 935] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 935] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 937] <... futex resumed>) = 1 [pid 937] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 937] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 935] <... futex resumed>) = 0 [pid 935] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 935] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 937] <... futex resumed>) = 1 [pid 937] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 937] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 935] <... futex resumed>) = 0 [pid 935] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 935] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 937] <... futex resumed>) = 1 [pid 937] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 937] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 935] <... futex resumed>) = 0 ./strace-static-x86_64: Process 936 attached [pid 937] <... futex resumed>) = 1 [pid 937] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 936] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 936] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 936] memfd_create("syzkaller", 0) = 5 [pid 936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 936] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 936] munmap(0x7f9b9c005000, 138412032) = 0 [pid 936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 38.344205][ T933] loop0: detected capacity change from 0 to 256 [ 38.352242][ T933] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.362758][ T933] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.373835][ T933] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 936] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 936] close(5) = 0 [pid 936] close(6) = 0 [pid 936] mkdir("./file0", 0777) = 0 [pid 936] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 936] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 936] chdir("./file0") = 0 [pid 936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 936] ioctl(6, LOOP_CLR_FD) = 0 [pid 936] close(6) = 0 [pid 936] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 936] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 935] exit_group(0 [pid 937] <... futex resumed>) = ? [pid 935] <... exit_group resumed>) = ? [pid 937] +++ exited with 0 +++ [pid 936] <... futex resumed>) = ? [pid 936] +++ exited with 0 +++ [pid 935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=935, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./207", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./207/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./207/binderfs") = 0 umount2("./207/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./207/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./207/bus") = 0 umount2("./207/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./207/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./207/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./207/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 938 ./strace-static-x86_64: Process 938 attached [pid 938] set_robust_list(0x5555720a9760, 24) = 0 [pid 938] chdir("./208") = 0 [pid 938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 938] setpgid(0, 0) = 0 [pid 938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 938] write(3, "1000", 4) = 4 [pid 938] close(3) = 0 [pid 938] symlink("/dev/binderfs", "./binderfs") = 0 [pid 938] write(1, "executing program\n", 18) = 18 [pid 938] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 938] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 938] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[939]}, 88) = 939 [pid 938] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 938] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 938] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 938] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 938] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[940]}, 88) = 940 [pid 938] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 938] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 940 attached [pid 940] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 940] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 940] creat("./bus", 000) = 3 [pid 940] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 938] <... futex resumed>) = 0 [pid 938] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 940] <... futex resumed>) = 1 [pid 940] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 940] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 938] <... futex resumed>) = 0 [pid 938] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 940] <... futex resumed>) = 1 [pid 940] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 940] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 938] <... futex resumed>) = 0 [pid 938] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 938] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 940] <... futex resumed>) = 1 [pid 940] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 940] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 938] <... futex resumed>) = 0 [pid 940] <... futex resumed>) = 1 [pid 940] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 939 attached [pid 939] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 939] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 939] memfd_create("syzkaller", 0) = 5 [pid 939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 939] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 939] munmap(0x7f9b9c005000, 138412032) = 0 [ 38.411495][ T936] loop0: detected capacity change from 0 to 256 [ 38.419061][ T936] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.429766][ T936] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.439714][ T936] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 939] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 939] close(5) = 0 [pid 939] close(6) = 0 [pid 939] mkdir("./file0", 0777) = 0 [pid 939] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 939] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 939] chdir("./file0") = 0 [pid 939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 939] ioctl(6, LOOP_CLR_FD) = 0 [pid 939] close(6) = 0 [pid 939] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 939] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 938] exit_group(0) = ? [pid 939] <... futex resumed>) = ? [pid 939] +++ exited with 0 +++ [pid 940] <... futex resumed>) = ? [pid 940] +++ exited with 0 +++ [pid 938] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=938, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./208", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./208/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./208/binderfs") = 0 umount2("./208/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./208/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./208/bus") = 0 umount2("./208/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./208/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./208/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./208/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 941 ./strace-static-x86_64: Process 941 attached [pid 941] set_robust_list(0x5555720a9760, 24) = 0 [pid 941] chdir("./209") = 0 [pid 941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 941] setpgid(0, 0) = 0 executing program [pid 941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 941] write(3, "1000", 4) = 4 [pid 941] close(3) = 0 [pid 941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 941] write(1, "executing program\n", 18) = 18 [pid 941] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 941] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 941] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 941] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[942]}, 88) = 942 [pid 941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 941] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 941] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 941] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[943]}, 88) = 943 [pid 941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 941] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 941] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 943 attached [pid 943] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 943] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 943] creat("./bus", 000) = 3 [pid 943] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 941] <... futex resumed>) = 0 [pid 941] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 941] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 943] <... futex resumed>) = 1 [pid 943] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 943] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 941] <... futex resumed>) = 0 [pid 941] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 941] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 943] <... futex resumed>) = 1 [pid 943] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 943] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 941] <... futex resumed>) = 0 [pid 941] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 941] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 943] <... futex resumed>) = 1 [pid 943] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 943] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 941] <... futex resumed>) = 0 [pid 943] <... futex resumed>) = 1 [pid 943] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 942 attached [pid 942] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 942] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 942] memfd_create("syzkaller", 0) = 5 [pid 942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 942] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 942] munmap(0x7f9b9c005000, 138412032) = 0 [pid 942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 38.477898][ T939] loop0: detected capacity change from 0 to 256 [ 38.485451][ T939] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.496025][ T939] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.506701][ T939] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 942] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 942] close(5) = 0 [pid 942] close(6) = 0 [pid 942] mkdir("./file0", 0777) = 0 [pid 942] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 942] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 942] chdir("./file0") = 0 [pid 942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 942] ioctl(6, LOOP_CLR_FD) = 0 [pid 942] close(6) = 0 [pid 942] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 942] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 941] exit_group(0) = ? [pid 942] <... futex resumed>) = ? [pid 942] +++ exited with 0 +++ [pid 943] <... futex resumed>) = ? [pid 943] +++ exited with 0 +++ [pid 941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=941, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./209", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./209/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./209/binderfs") = 0 umount2("./209/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./209/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./209/bus") = 0 umount2("./209/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./209/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./209/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./209/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 944 ./strace-static-x86_64: Process 944 attached [pid 944] set_robust_list(0x5555720a9760, 24) = 0 [pid 944] chdir("./210") = 0 [pid 944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 944] setpgid(0, 0) = 0 [pid 944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 944] write(3, "1000", 4) = 4 [pid 944] close(3) = 0 [pid 944] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 944] write(1, "executing program\n", 18) = 18 [pid 944] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 944] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 944] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 944] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[945]}, 88) = 945 [pid 944] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 944] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 944] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 944] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[946]}, 88) = 946 [pid 944] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 944] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 944] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 946 attached [pid 946] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 946] creat("./bus", 000) = 3 [pid 946] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 944] <... futex resumed>) = 0 [pid 944] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 944] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 946] <... futex resumed>) = 1 [pid 946] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 946] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 944] <... futex resumed>) = 0 [pid 944] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 944] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 946] <... futex resumed>) = 1 [pid 946] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 946] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 944] <... futex resumed>) = 0 [pid 944] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 944] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 946] <... futex resumed>) = 1 [pid 946] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 946] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 944] <... futex resumed>) = 0 [pid 946] <... futex resumed>) = 1 [pid 946] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 945 attached [pid 945] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 945] memfd_create("syzkaller", 0) = 5 [pid 945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 945] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 945] munmap(0x7f9b9c005000, 138412032) = 0 [ 38.547475][ T942] loop0: detected capacity change from 0 to 256 [ 38.555150][ T942] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.565638][ T942] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.576843][ T942] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 945] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 945] close(5) = 0 [pid 945] close(6) = 0 [pid 945] mkdir("./file0", 0777) = 0 [pid 945] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 945] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 945] chdir("./file0") = 0 [pid 945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 945] ioctl(6, LOOP_CLR_FD) = 0 [pid 945] close(6) = 0 [pid 945] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 945] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 944] exit_group(0) = ? [pid 946] <... futex resumed>) = ? [pid 946] +++ exited with 0 +++ [pid 945] <... futex resumed>) = ? [pid 945] +++ exited with 0 +++ [pid 944] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=944, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./210", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./210/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./210/binderfs") = 0 umount2("./210/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./210/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./210/bus") = 0 umount2("./210/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./210/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./210/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./210/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 947 ./strace-static-x86_64: Process 947 attached [pid 947] set_robust_list(0x5555720a9760, 24) = 0 [pid 947] chdir("./211") = 0 [pid 947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 947] setpgid(0, 0) = 0 [pid 947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 947] write(3, "1000", 4) = 4 [pid 947] close(3) = 0 [pid 947] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 947] write(1, "executing program\n", 18) = 18 [pid 947] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 947] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 947] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 947] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[948]}, 88) = 948 [pid 947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 947] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 947] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 947] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 947] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 947] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[949]}, 88) = 949 [pid 947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 947] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 947] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 949 attached [pid 949] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 949] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 949] creat("./bus", 000) = 3 [pid 949] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 947] <... futex resumed>) = 0 [pid 947] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 947] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 949] <... futex resumed>) = 1 [pid 949] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 949] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 947] <... futex resumed>) = 0 [pid 947] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 947] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 949] <... futex resumed>) = 1 [pid 949] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 949] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 947] <... futex resumed>) = 0 [pid 947] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 947] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 949] <... futex resumed>) = 1 [pid 949] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 949] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 947] <... futex resumed>) = 0 [pid 949] <... futex resumed>) = 1 [pid 949] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 948 attached [pid 948] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 948] memfd_create("syzkaller", 0) = 5 [pid 948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 38.614381][ T945] loop0: detected capacity change from 0 to 256 [ 38.623349][ T945] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.633892][ T945] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.644912][ T945] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 948] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 948] munmap(0x7f9b9c005000, 138412032) = 0 [pid 948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 948] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 948] close(5) = 0 [pid 948] close(6) = 0 [pid 948] mkdir("./file0", 0777) = 0 [pid 948] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 948] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 948] chdir("./file0") = 0 [pid 948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 948] ioctl(6, LOOP_CLR_FD) = 0 [pid 948] close(6) = 0 [pid 948] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 947] exit_group(0 [pid 949] <... futex resumed>) = ? [pid 947] <... exit_group resumed>) = ? [pid 949] +++ exited with 0 +++ [pid 948] +++ exited with 0 +++ [pid 947] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=947, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./211", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./211/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./211/binderfs") = 0 umount2("./211/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./211/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./211/bus") = 0 umount2("./211/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./211/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./211/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./211/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./211") = 0 mkdir("./212", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 950 ./strace-static-x86_64: Process 950 attached [pid 950] set_robust_list(0x5555720a9760, 24) = 0 [pid 950] chdir("./212") = 0 [pid 950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 950] setpgid(0, 0) = 0 [pid 950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 950] write(3, "1000", 4) = 4 [pid 950] close(3) = 0 [pid 950] symlink("/dev/binderfs", "./binderfs") = 0 [pid 950] write(1, "executing program\n", 18executing program ) = 18 [pid 950] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 950] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 950] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[951]}, 88) = 951 [pid 950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 950] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 950] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 950] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[952]}, 88) = 952 [pid 950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 952 attached [pid 950] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 951 attached [pid 951] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 951] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 951] memfd_create("syzkaller", 0) = 3 [pid 951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 952] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 952] creat("./bus", 000) = 4 [pid 952] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 950] <... futex resumed>) = 0 [pid 950] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 951] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 952] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 952] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 951] <... write resumed>) = 131072 [pid 952] <... futex resumed>) = 1 [pid 950] <... futex resumed>) = 0 [pid 950] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 950] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 951] munmap(0x7f9b9c005000, 138412032) = 0 [pid 952] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 951] ioctl(5, LOOP_SET_FD, 3 [pid 952] <... open resumed>) = 6 [pid 952] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 38.688475][ T948] loop0: detected capacity change from 0 to 256 [ 38.697223][ T948] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.707771][ T948] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.718286][ T948] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 952] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 950] <... futex resumed>) = 0 [pid 950] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 950] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 952] <... futex resumed>) = 0 [pid 952] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 952] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 950] <... futex resumed>) = 0 [pid 952] <... futex resumed>) = 1 [pid 952] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 951] <... ioctl resumed>) = 0 [pid 951] close(3) = 0 [pid 951] close(5) = 0 [pid 951] mkdir("./file0", 0777) = 0 [pid 951] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 951] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 951] chdir("./file0") = 0 [pid 951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 951] ioctl(5, LOOP_CLR_FD) = 0 [pid 951] close(5) = 0 [pid 951] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 951] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 950] exit_group(0 [pid 952] <... futex resumed>) = ? [pid 950] <... exit_group resumed>) = ? [pid 952] +++ exited with 0 +++ [pid 951] <... futex resumed>) = ? [pid 951] +++ exited with 0 +++ [pid 950] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=950, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./212", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./212/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./212/binderfs") = 0 umount2("./212/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./212/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./212/bus") = 0 umount2("./212/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./212/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./212/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./212/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./212") = 0 mkdir("./213", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 953 ./strace-static-x86_64: Process 953 attached [pid 953] set_robust_list(0x5555720a9760, 24) = 0 [pid 953] chdir("./213") = 0 [pid 953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 953] setpgid(0, 0) = 0 [pid 953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 953] write(3, "1000", 4) = 4 [pid 953] close(3) = 0 [pid 953] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 953] write(1, "executing program\n", 18) = 18 [pid 953] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 953] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 953] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 953] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 953] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[954]}, 88) = 954 [pid 953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 953] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 953] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 953] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 953] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[955]}, 88) = 955 [pid 953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 953] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 953] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 955 attached [pid 955] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 955] creat("./bus", 000./strace-static-x86_64: Process 954 attached ) = 3 [pid 954] set_robust_list(0x7f9ba44469a0, 24 [pid 955] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 953] <... futex resumed>) = 0 [pid 953] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 953] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 955] <... futex resumed>) = 1 [pid 955] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 954] <... set_robust_list resumed>) = 0 [pid 955] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 953] <... futex resumed>) = 0 [pid 953] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 953] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 955] <... futex resumed>) = 1 [pid 955] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 955] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 953] <... futex resumed>) = 0 [pid 953] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 953] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 955] <... futex resumed>) = 1 [pid 955] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 955] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 953] <... futex resumed>) = 0 [pid 955] <... futex resumed>) = 1 [pid 955] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 954] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 954] memfd_create("syzkaller", 0) = 5 [pid 954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 954] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 954] munmap(0x7f9b9c005000, 138412032) = 0 [pid 954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 38.757558][ T951] loop0: detected capacity change from 0 to 256 [ 38.764997][ T951] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.775592][ T951] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.786208][ T951] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 954] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 954] close(5) = 0 [pid 954] close(6) = 0 [pid 954] mkdir("./file0", 0777) = 0 [pid 954] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 954] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 954] chdir("./file0") = 0 [pid 954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 954] ioctl(6, LOOP_CLR_FD) = 0 [pid 954] close(6) = 0 [pid 954] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 954] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 953] exit_group(0 [pid 955] <... futex resumed>) = ? [pid 953] <... exit_group resumed>) = ? [pid 955] +++ exited with 0 +++ [pid 954] <... futex resumed>) = ? [pid 954] +++ exited with 0 +++ [pid 953] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=953, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./213", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./213/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./213/binderfs") = 0 umount2("./213/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./213/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./213/bus") = 0 umount2("./213/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./213/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./213/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./213/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./213") = 0 mkdir("./214", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 957 ./strace-static-x86_64: Process 957 attached [pid 957] set_robust_list(0x5555720a9760, 24) = 0 [pid 957] chdir("./214") = 0 [pid 957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 957] setpgid(0, 0) = 0 [pid 957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 957] write(3, "1000", 4) = 4 [pid 957] close(3) = 0 [pid 957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 957] write(1, "executing program\n", 18executing program ) = 18 [pid 957] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 957] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 957] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 957] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 957] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 958 attached => {parent_tid=[958]}, 88) = 958 [pid 958] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 958] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 958] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 957] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 958] <... futex resumed>) = 0 [pid 958] memfd_create("syzkaller", 0 [pid 957] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 958] <... memfd_create resumed>) = 3 [pid 958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c026000 [pid 957] <... futex resumed>) = 0 [pid 957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9b9c005000 [pid 957] mprotect(0x7f9b9c006000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 957] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 958] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9b9c025990, parent_tid=0x7f9b9c025990, exit_signal=0, stack=0x7f9b9c005000, stack_size=0x20240, tls=0x7f9b9c0256c0} => {parent_tid=[959]}, 88) = 959 [pid 957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 957] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 957] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 959 attached [pid 959] set_robust_list(0x7f9b9c0259a0, 24) = 0 [pid 959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 959] creat("./bus", 000) = 4 [pid 959] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 957] <... futex resumed>) = 0 [pid 957] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 957] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 959] <... futex resumed>) = 1 [pid 959] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 959] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 957] <... futex resumed>) = 0 [pid 957] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 957] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 959] <... futex resumed>) = 1 [pid 959] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 959] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 957] <... futex resumed>) = 0 [pid 957] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 957] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 959] <... futex resumed>) = 1 [pid 959] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 959] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 957] <... futex resumed>) = 0 [pid 959] <... futex resumed>) = 1 [pid 959] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 958] <... write resumed>) = 131072 [pid 958] munmap(0x7f9b9c026000, 138412032) = 0 [pid 958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 38.824510][ T954] loop0: detected capacity change from 0 to 256 [ 38.832089][ T954] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.843122][ T954] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.853725][ T954] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 958] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 958] close(3) = 0 [pid 958] close(6) = 0 [pid 958] mkdir("./file0", 0777) = 0 [pid 958] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 958] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 958] chdir("./file0") = 0 [pid 958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 958] ioctl(6, LOOP_CLR_FD) = 0 [pid 958] close(6) = 0 [pid 958] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 958] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 957] exit_group(0) = ? [pid 958] <... futex resumed>) = ? [pid 958] +++ exited with 0 +++ [pid 959] <... futex resumed>) = ? [pid 959] +++ exited with 0 +++ [pid 957] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=957, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./214", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./214/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./214/binderfs") = 0 umount2("./214/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./214/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./214/bus") = 0 umount2("./214/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./214/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./214/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./214/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./214") = 0 mkdir("./215", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 960 ./strace-static-x86_64: Process 960 attached [pid 960] set_robust_list(0x5555720a9760, 24) = 0 executing program [pid 960] chdir("./215") = 0 [pid 960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 960] setpgid(0, 0) = 0 [pid 960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 960] write(3, "1000", 4) = 4 [pid 960] close(3) = 0 [pid 960] symlink("/dev/binderfs", "./binderfs") = 0 [pid 960] write(1, "executing program\n", 18) = 18 [pid 960] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 960] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 960] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 960] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[961]}, 88) = 961 [pid 960] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 960] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 960] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 960] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 960] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[962]}, 88) = 962 [pid 960] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 960] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 962 attached [pid 962] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 962] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 962] creat("./bus", 000) = 3 [pid 962] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 960] <... futex resumed>) = 0 [pid 960] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] <... futex resumed>) = 1 [pid 962] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 962] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 960] <... futex resumed>) = 0 [pid 960] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] <... futex resumed>) = 1 [pid 962] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 962] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 960] <... futex resumed>) = 0 [pid 960] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 960] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 962] <... futex resumed>) = 1 [pid 962] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 962] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 960] <... futex resumed>) = 0 [pid 962] <... futex resumed>) = 1 [pid 962] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 961 attached [pid 961] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 961] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 961] memfd_create("syzkaller", 0) = 5 [pid 961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 961] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 961] munmap(0x7f9b9c005000, 138412032) = 0 [ 38.897362][ T958] loop0: detected capacity change from 0 to 256 [ 38.906038][ T958] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.916728][ T958] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.927236][ T958] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 961] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 961] close(5) = 0 [pid 961] close(6) = 0 [pid 961] mkdir("./file0", 0777) = 0 [pid 961] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 961] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 961] chdir("./file0") = 0 [pid 961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 961] ioctl(6, LOOP_CLR_FD) = 0 [pid 961] close(6) = 0 [pid 961] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 961] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 960] exit_group(0) = ? [pid 961] <... futex resumed>) = ? [pid 961] +++ exited with 0 +++ [pid 962] <... futex resumed>) = ? [pid 962] +++ exited with 0 +++ [pid 960] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=960, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./215", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./215/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./215/binderfs") = 0 umount2("./215/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./215/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./215/bus") = 0 umount2("./215/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./215/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./215/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./215/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./215") = 0 mkdir("./216", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 963 ./strace-static-x86_64: Process 963 attached [pid 963] set_robust_list(0x5555720a9760, 24) = 0 [pid 963] chdir("./216") = 0 [pid 963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 963] setpgid(0, 0) = 0 [pid 963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 963] write(3, "1000", 4) = 4 [pid 963] close(3) = 0 [pid 963] symlink("/dev/binderfs", "./binderfs") = 0 [pid 963] write(1, "executing program\n", 18) = 18 [pid 963] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 963] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 963] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 963] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 963] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[964]}, 88) = 964 [pid 963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 963] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 963] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 963] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 963] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[965]}, 88) = 965 [pid 963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 963] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 963] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 965 attached [pid 965] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 965] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 965] creat("./bus", 000) = 3 [pid 965] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 963] <... futex resumed>) = 0 [pid 963] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 963] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 965] <... futex resumed>) = 1 [pid 965] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 965] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 963] <... futex resumed>) = 0 [pid 963] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 963] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 965] <... futex resumed>) = 1 [pid 965] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 965] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 963] <... futex resumed>) = 0 [pid 963] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 963] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 965] <... futex resumed>) = 1 [pid 965] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 965] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 963] <... futex resumed>) = 0 [pid 965] <... futex resumed>) = 1 [pid 965] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 964 attached [pid 964] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 964] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 964] memfd_create("syzkaller", 0) = 5 [pid 964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 964] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 964] munmap(0x7f9b9c005000, 138412032) = 0 [pid 964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 38.964886][ T961] loop0: detected capacity change from 0 to 256 [ 38.972987][ T961] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 38.983616][ T961] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 38.994193][ T961] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 964] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 964] close(5) = 0 [pid 964] close(6) = 0 [pid 964] mkdir("./file0", 0777) = 0 [pid 964] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 964] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 964] chdir("./file0") = 0 [pid 964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 964] ioctl(6, LOOP_CLR_FD) = 0 [pid 964] close(6) = 0 [pid 964] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 964] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 963] exit_group(0 [pid 965] <... futex resumed>) = ? [pid 963] <... exit_group resumed>) = ? [pid 965] +++ exited with 0 +++ [pid 964] <... futex resumed>) = ? [pid 964] +++ exited with 0 +++ [pid 963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=963, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./216", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./216/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./216/binderfs") = 0 umount2("./216/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./216/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./216/bus") = 0 umount2("./216/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./216/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./216/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./216/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./216") = 0 mkdir("./217", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 966 ./strace-static-x86_64: Process 966 attached [pid 966] set_robust_list(0x5555720a9760, 24) = 0 [pid 966] chdir("./217") = 0 [pid 966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 966] setpgid(0, 0) = 0 [pid 966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 966] write(3, "1000", 4) = 4 [pid 966] close(3) = 0 [pid 966] symlink("/dev/binderfs", "./binderfs") = 0 [pid 966] write(1, "executing program\n", 18) = 18 [pid 966] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 966] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 966] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 966] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[967]}, 88) = 967 [pid 966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 966] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 966] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 966] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[968]}, 88) = 968 [pid 966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 966] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 966] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 968 attached [pid 968] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 968] creat("./bus", 000) = 3 [pid 968] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 966] <... futex resumed>) = 0 [pid 966] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 966] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] <... futex resumed>) = 1 [pid 968] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 968] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 966] <... futex resumed>) = 0 [pid 966] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 966] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] <... futex resumed>) = 1 [pid 968] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 968] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 966] <... futex resumed>) = 0 [pid 966] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 966] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 968] <... futex resumed>) = 1 [pid 968] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 968] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 966] <... futex resumed>) = 0 [pid 968] <... futex resumed>) = 1 [pid 968] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 967 attached [pid 967] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 967] memfd_create("syzkaller", 0) = 5 [pid 967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 39.033504][ T964] loop0: detected capacity change from 0 to 256 [ 39.041984][ T964] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.052587][ T964] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 39.063047][ T964] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 967] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 967] munmap(0x7f9b9c005000, 138412032) = 0 [pid 967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 967] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 967] close(5) = 0 [pid 967] close(6) = 0 [pid 967] mkdir("./file0", 0777) = 0 [pid 967] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 967] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 967] chdir("./file0") = 0 [pid 967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 967] ioctl(6, LOOP_CLR_FD) = 0 [pid 967] close(6) = 0 [pid 967] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 967] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 966] exit_group(0 [pid 968] <... futex resumed>) = ? [pid 966] <... exit_group resumed>) = ? [pid 968] +++ exited with 0 +++ [pid 967] <... futex resumed>) = ? [pid 967] +++ exited with 0 +++ [pid 966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=966, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./217", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./217/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./217/binderfs") = 0 umount2("./217/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./217/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./217/bus") = 0 umount2("./217/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./217/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./217/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./217/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./217") = 0 mkdir("./218", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 969 ./strace-static-x86_64: Process 969 attached [pid 969] set_robust_list(0x5555720a9760, 24) = 0 [pid 969] chdir("./218") = 0 [pid 969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 969] setpgid(0, 0) = 0 [pid 969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 969] write(3, "1000", 4) = 4 [pid 969] close(3) = 0 [pid 969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 969] write(1, "executing program\n", 18) = 18 [pid 969] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 969] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 969] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 969] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 969] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[970]}, 88) = 970 [pid 969] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 969] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 969] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 969] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 969] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[971]}, 88) = 971 [pid 969] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 969] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 969] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 971 attached [pid 971] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 971] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 971] creat("./bus", 000) = 3 [pid 971] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 969] <... futex resumed>) = 0 [pid 969] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 969] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 971] <... futex resumed>) = 1 [pid 971] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 971] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 969] <... futex resumed>) = 0 [pid 969] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 969] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 971] <... futex resumed>) = 1 [pid 971] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 971] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 969] <... futex resumed>) = 0 [pid 969] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 969] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 971] <... futex resumed>) = 1 [pid 971] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 971] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 969] <... futex resumed>) = 0 [pid 971] <... futex resumed>) = 1 [pid 971] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 970 attached [pid 970] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 970] memfd_create("syzkaller", 0) = 5 [pid 970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 970] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 970] munmap(0x7f9b9c005000, 138412032) = 0 [pid 970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 39.099842][ T967] loop0: detected capacity change from 0 to 256 [ 39.107593][ T967] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.118150][ T967] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 39.128725][ T967] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 970] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 970] close(5) = 0 [pid 970] close(6) = 0 [pid 970] mkdir("./file0", 0777) = 0 [pid 970] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 970] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 970] chdir("./file0") = 0 [pid 970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 970] ioctl(6, LOOP_CLR_FD) = 0 [pid 970] close(6) = 0 [pid 970] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 970] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 969] exit_group(0 [pid 971] <... futex resumed>) = ? [pid 969] <... exit_group resumed>) = ? [pid 971] +++ exited with 0 +++ [pid 970] <... futex resumed>) = ? [pid 970] +++ exited with 0 +++ [pid 969] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=969, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./218", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./218/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./218/binderfs") = 0 umount2("./218/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./218/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./218/bus") = 0 umount2("./218/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./218/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./218/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./218/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./218") = 0 mkdir("./219", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 972 ./strace-static-x86_64: Process 972 attached [pid 972] set_robust_list(0x5555720a9760, 24) = 0 [pid 972] chdir("./219") = 0 [pid 972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 972] setpgid(0, 0) = 0 [pid 972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 972] write(3, "1000", 4) = 4 [pid 972] close(3) = 0 [pid 972] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 972] write(1, "executing program\n", 18) = 18 [pid 972] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 972] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 972] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 972] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[973]}, 88) = 973 [pid 972] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 972] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 972] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 972] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 972] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[974]}, 88) = 974 [pid 972] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 972] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 972] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 974 attached [pid 974] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 974] creat("./bus", 000) = 3 [pid 974] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 972] <... futex resumed>) = 0 [pid 972] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 972] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] <... futex resumed>) = 1 [pid 974] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 974] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 972] <... futex resumed>) = 0 [pid 972] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 972] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] <... futex resumed>) = 1 [pid 974] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 974] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 972] <... futex resumed>) = 0 [pid 972] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 972] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 974] <... futex resumed>) = 1 [pid 974] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 974] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 972] <... futex resumed>) = 0 [pid 974] <... futex resumed>) = 1 [pid 974] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 973 attached [pid 973] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 973] memfd_create("syzkaller", 0) = 5 [pid 973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 973] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 973] munmap(0x7f9b9c005000, 138412032) = 0 [pid 973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 39.163488][ T970] loop0: detected capacity change from 0 to 256 [ 39.171065][ T970] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.181708][ T970] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 39.192178][ T970] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 973] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 973] close(5) = 0 [pid 973] close(6) = 0 [pid 973] mkdir("./file0", 0777) = 0 [pid 973] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 973] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 973] chdir("./file0") = 0 [pid 973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 973] ioctl(6, LOOP_CLR_FD) = 0 [pid 973] close(6) = 0 [pid 973] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 973] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 972] exit_group(0 [pid 974] <... futex resumed>) = ? [pid 972] <... exit_group resumed>) = ? [pid 974] +++ exited with 0 +++ [pid 973] <... futex resumed>) = ? [pid 973] +++ exited with 0 +++ [pid 972] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=972, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./219", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./219/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./219/binderfs") = 0 umount2("./219/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./219/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./219/bus") = 0 umount2("./219/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./219/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./219/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./219/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./219") = 0 mkdir("./220", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 975 ./strace-static-x86_64: Process 975 attached [pid 975] set_robust_list(0x5555720a9760, 24) = 0 [pid 975] chdir("./220") = 0 [pid 975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 975] setpgid(0, 0) = 0 [pid 975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 975] write(3, "1000", 4) = 4 [pid 975] close(3) = 0 [pid 975] symlink("/dev/binderfs", "./binderfs") = 0 [pid 975] write(1, "executing program\n", 18executing program ) = 18 [pid 975] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 975] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 975] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 975] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 975] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 975] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 975] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[976]}, 88) = 976 [pid 975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 975] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 975] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 975] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 975] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 975] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 975] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[977]}, 88) = 977 [pid 975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 975] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 975] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 977 attached [pid 977] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 977] creat("./bus", 000) = 3 [pid 977] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 975] <... futex resumed>) = 0 [pid 975] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 975] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 977] <... futex resumed>) = 1 [pid 977] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 977] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 975] <... futex resumed>) = 0 [pid 975] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 975] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 977] <... futex resumed>) = 1 [pid 977] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 977] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 975] <... futex resumed>) = 0 [pid 975] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 975] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 977] <... futex resumed>) = 1 [pid 977] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 977] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 975] <... futex resumed>) = 0 [pid 977] <... futex resumed>) = 1 [pid 977] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 976 attached [pid 976] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 976] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 976] memfd_create("syzkaller", 0) = 5 [pid 976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 976] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 976] munmap(0x7f9b9c005000, 138412032) = 0 [pid 976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 39.242435][ T973] loop0: detected capacity change from 0 to 256 [ 39.250543][ T973] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.261370][ T973] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 39.271213][ T973] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 976] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 976] close(5) = 0 [pid 976] close(6) = 0 [pid 976] mkdir("./file0", 0777) = 0 [pid 976] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 976] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 976] chdir("./file0") = 0 [pid 976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 976] ioctl(6, LOOP_CLR_FD) = 0 [pid 976] close(6) = 0 [pid 976] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 976] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 975] exit_group(0) = ? [pid 976] <... futex resumed>) = ? [pid 976] +++ exited with 0 +++ [pid 977] <... futex resumed>) = ? [pid 977] +++ exited with 0 +++ [pid 975] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=975, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./220", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./220/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./220/binderfs") = 0 umount2("./220/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./220/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./220/bus") = 0 umount2("./220/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./220/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./220/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./220/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./220") = 0 mkdir("./221", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 978 ./strace-static-x86_64: Process 978 attached [pid 978] set_robust_list(0x5555720a9760, 24) = 0 [pid 978] chdir("./221") = 0 [pid 978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 978] setpgid(0, 0) = 0 [pid 978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 978] write(3, "1000", 4) = 4 [pid 978] close(3) = 0 [pid 978] symlink("/dev/binderfs", "./binderfs") = 0 [pid 978] write(1, "executing program\n", 18executing program ) = 18 [pid 978] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 978] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 978] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 978] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 978] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[979]}, 88) = 979 [pid 978] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 978] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 978] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 978] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 978] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[980]}, 88) = 980 [pid 978] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 978] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 980 attached [pid 980] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 980] creat("./bus", 000) = 3 ./strace-static-x86_64: Process 979 attached [pid 980] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 978] <... futex resumed>) = 0 [pid 978] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] <... futex resumed>) = 1 [pid 980] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 980] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 978] <... futex resumed>) = 0 [pid 978] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] <... futex resumed>) = 1 [pid 980] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 980] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 978] <... futex resumed>) = 0 [pid 978] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 980] <... futex resumed>) = 1 [pid 980] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 980] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 978] <... futex resumed>) = 0 [pid 980] <... futex resumed>) = 1 [pid 980] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 979] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 979] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 979] memfd_create("syzkaller", 0) = 5 [pid 979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 979] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 979] munmap(0x7f9b9c005000, 138412032) = 0 [pid 979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 39.308535][ T976] loop0: detected capacity change from 0 to 256 [ 39.316026][ T976] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.326592][ T976] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 39.337191][ T976] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 979] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 979] close(5) = 0 [pid 979] close(6) = 0 [pid 979] mkdir("./file0", 0777) = 0 [pid 979] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 979] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 979] chdir("./file0") = 0 [pid 979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 979] ioctl(6, LOOP_CLR_FD) = 0 [pid 979] close(6) = 0 [pid 979] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 978] exit_group(0 [pid 979] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 980] <... futex resumed>) = ? [pid 978] <... exit_group resumed>) = ? [pid 980] +++ exited with 0 +++ [pid 979] <... futex resumed>) = ? [pid 979] +++ exited with 0 +++ [pid 978] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=978, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./221", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./221/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./221/binderfs") = 0 umount2("./221/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./221/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./221/bus") = 0 umount2("./221/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./221/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./221/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./221/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./221") = 0 mkdir("./222", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 981 ./strace-static-x86_64: Process 981 attached [pid 981] set_robust_list(0x5555720a9760, 24) = 0 [pid 981] chdir("./222") = 0 [pid 981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 981] setpgid(0, 0) = 0 [pid 981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 981] write(3, "1000", 4) = 4 [pid 981] close(3) = 0 [pid 981] symlink("/dev/binderfs", "./binderfs") = 0 [pid 981] write(1, "executing program\n", 18executing program ) = 18 [pid 981] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 981] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 981] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 981] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 981] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 981] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[982]}, 88) = 982 ./strace-static-x86_64: Process 982 attached [pid 981] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 981] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 981] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 981] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 981] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 981] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[983]}, 88) = 983 [pid 981] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 981] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 981] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 982] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 982] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 982] memfd_create("syzkaller", 0) = 3 [pid 982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 ./strace-static-x86_64: Process 983 attached [pid 983] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 983] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 983] creat("./bus", 000 [pid 982] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 983] <... creat resumed>) = 4 [pid 982] <... write resumed>) = 131072 [pid 982] munmap(0x7f9b9c005000, 138412032 [pid 983] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 982] <... munmap resumed>) = 0 [pid 982] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 983] <... futex resumed>) = 1 [pid 981] <... futex resumed>) = 0 [pid 981] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 981] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 982] <... openat resumed>) = 5 [pid 982] ioctl(5, LOOP_SET_FD, 3 [pid 983] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [ 39.375941][ T979] loop0: detected capacity change from 0 to 256 [ 39.383744][ T979] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.394292][ T979] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 39.404772][ T979] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 983] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 983] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 981] <... futex resumed>) = 0 [pid 981] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 981] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 983] <... futex resumed>) = 0 [pid 983] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 983] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 981] <... futex resumed>) = 0 [pid 981] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 981] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 983] <... futex resumed>) = 1 [pid 983] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 983] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 981] <... futex resumed>) = 0 [pid 983] <... futex resumed>) = 1 [pid 983] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 982] <... ioctl resumed>) = 0 [pid 982] close(3) = 0 [pid 982] close(5) = 0 [pid 982] mkdir("./file0", 0777) = 0 [pid 982] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 982] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 982] chdir("./file0") = 0 [pid 982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 982] ioctl(5, LOOP_CLR_FD) = 0 [pid 982] close(5) = 0 [pid 982] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 982] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 981] exit_group(0 [pid 983] <... futex resumed>) = ? [pid 981] <... exit_group resumed>) = ? [pid 983] +++ exited with 0 +++ [pid 982] <... futex resumed>) = ? [pid 982] +++ exited with 0 +++ [pid 981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=981, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./222", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./222/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./222/binderfs") = 0 umount2("./222/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./222/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./222/bus") = 0 umount2("./222/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./222/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./222/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./222/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./222") = 0 mkdir("./223", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 984 ./strace-static-x86_64: Process 984 attached [pid 984] set_robust_list(0x5555720a9760, 24) = 0 [pid 984] chdir("./223") = 0 [pid 984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 984] setpgid(0, 0) = 0 [pid 984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 984] write(3, "1000", 4) = 4 [pid 984] close(3) = 0 [pid 984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 984] write(1, "executing program\n", 18) = 18 [pid 984] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 984] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 984] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 984] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[985]}, 88) = 985 [pid 984] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 984] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 984] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 984] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 984] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 984] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[986]}, 88) = 986 [pid 984] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 984] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 984] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 986 attached [pid 986] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 986] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 986] creat("./bus", 000) = 3 [pid 986] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 984] <... futex resumed>) = 0 [pid 984] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 984] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] <... futex resumed>) = 1 [pid 986] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 986] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 984] <... futex resumed>) = 0 [pid 984] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 984] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] <... futex resumed>) = 1 [pid 986] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 986] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 984] <... futex resumed>) = 0 [pid 984] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 984] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 986] <... futex resumed>) = 1 [pid 986] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 986] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 984] <... futex resumed>) = 0 [pid 986] <... futex resumed>) = 1 [pid 986] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 985 attached [pid 985] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 985] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 985] memfd_create("syzkaller", 0) = 5 [pid 985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 985] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 985] munmap(0x7f9b9c005000, 138412032) = 0 [pid 985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 39.446128][ T982] loop0: detected capacity change from 0 to 256 [ 39.453525][ T982] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.464125][ T982] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 39.474715][ T982] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 985] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 985] close(5) = 0 [pid 985] close(6) = 0 [pid 985] mkdir("./file0", 0777) = 0 [pid 985] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 985] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 985] chdir("./file0") = 0 [pid 985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 985] ioctl(6, LOOP_CLR_FD) = 0 [pid 985] close(6) = 0 [pid 985] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 985] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 984] exit_group(0) = ? [pid 985] <... futex resumed>) = ? [pid 985] +++ exited with 0 +++ [pid 986] <... futex resumed>) = ? [pid 986] +++ exited with 0 +++ [pid 984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=984, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./223", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./223/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./223/binderfs") = 0 umount2("./223/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./223/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./223/bus") = 0 umount2("./223/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./223/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./223/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./223/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./223") = 0 mkdir("./224", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 987 ./strace-static-x86_64: Process 987 attached [pid 987] set_robust_list(0x5555720a9760, 24) = 0 [pid 987] chdir("./224") = 0 [pid 987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 987] setpgid(0, 0) = 0 [pid 987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 987] write(3, "1000", 4) = 4 [pid 987] close(3) = 0 [pid 987] symlink("/dev/binderfs", "./binderfs") = 0 [pid 987] write(1, "executing program\n", 18) = 18 [pid 987] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 987] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 987] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 987] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 987] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 987] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 988 attached => {parent_tid=[988]}, 88) = 988 [pid 987] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 987] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 987] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 987] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 987] rt_sigprocmask(SIG_BLOCK, ~[], [pid 988] set_robust_list(0x7f9ba44469a0, 24 [pid 987] <... rt_sigprocmask resumed>[], 8) = 0 [pid 987] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 989 attached [pid 988] <... set_robust_list resumed>) = 0 [pid 987] <... clone3 resumed> => {parent_tid=[989]}, 88) = 989 [pid 987] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 988] rt_sigprocmask(SIG_SETMASK, [], [pid 987] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 987] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 989] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 989] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 989] creat("./bus", 000 [pid 988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 989] <... creat resumed>) = 3 [pid 988] memfd_create("syzkaller", 0 [pid 989] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 988] <... memfd_create resumed>) = 4 [pid 987] <... futex resumed>) = 0 [pid 987] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 987] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 989] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 989] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 987] <... futex resumed>) = 0 [pid 987] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 987] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 989] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 989] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 987] <... futex resumed>) = 0 [pid 987] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 987] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 989] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 989] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 987] <... futex resumed>) = 0 [pid 989] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 988] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 988] munmap(0x7f9b9c005000, 138412032) = 0 [pid 988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 39.512784][ T985] loop0: detected capacity change from 0 to 256 [ 39.520316][ T985] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.531122][ T985] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 39.540855][ T985] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 988] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 988] close(4) = 0 [pid 988] close(6) = 0 [pid 988] mkdir("./file0", 0777) = 0 [pid 988] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 988] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 988] chdir("./file0") = 0 [pid 988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 988] ioctl(6, LOOP_CLR_FD) = 0 [pid 988] close(6) = 0 [pid 988] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 988] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 987] exit_group(0) = ? [pid 989] <... futex resumed>) = ? [pid 989] +++ exited with 0 +++ [pid 988] <... futex resumed>) = ? [pid 988] +++ exited with 0 +++ [pid 987] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=987, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./224", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./224/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./224/binderfs") = 0 umount2("./224/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./224/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./224/bus") = 0 umount2("./224/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./224/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./224/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./224/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./224") = 0 mkdir("./225", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 990 ./strace-static-x86_64: Process 990 attached [pid 990] set_robust_list(0x5555720a9760, 24) = 0 [pid 990] chdir("./225") = 0 [pid 990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 990] setpgid(0, 0) = 0 [pid 990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 990] write(3, "1000", 4) = 4 [pid 990] close(3) = 0 [pid 990] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 990] write(1, "executing program\n", 18) = 18 [pid 990] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 990] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 990] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 990] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 990] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 990] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[991]}, 88) = 991 [pid 990] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 990] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 990] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 990] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 990] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 990] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 991 attached => {parent_tid=[992]}, 88) = 992 [pid 990] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 990] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 990] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 992 attached [pid 992] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 992] creat("./bus", 000 [pid 991] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 992] <... creat resumed>) = 3 [pid 991] rt_sigprocmask(SIG_SETMASK, [], [pid 992] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 990] <... futex resumed>) = 0 [pid 990] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 990] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] <... futex resumed>) = 1 [pid 992] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 992] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 990] <... futex resumed>) = 0 [pid 990] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 990] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] <... futex resumed>) = 1 [pid 992] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 992] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 990] <... futex resumed>) = 0 [pid 990] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 990] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 992] <... futex resumed>) = 1 [pid 992] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 992] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 990] <... futex resumed>) = 0 [pid 992] <... futex resumed>) = 1 [pid 992] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 991] memfd_create("syzkaller", 0) = 5 [pid 991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 991] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 991] munmap(0x7f9b9c005000, 138412032) = 0 [pid 991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 39.576575][ T988] loop0: detected capacity change from 0 to 256 [ 39.584458][ T988] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.595193][ T988] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 39.605670][ T988] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 991] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 991] close(5) = 0 [pid 991] close(6) = 0 [pid 991] mkdir("./file0", 0777) = 0 [pid 991] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 991] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 991] chdir("./file0") = 0 [pid 991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 991] ioctl(6, LOOP_CLR_FD) = 0 [pid 991] close(6) = 0 [pid 991] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 991] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 990] exit_group(0) = ? [pid 991] <... futex resumed>) = ? [pid 991] +++ exited with 0 +++ [pid 992] <... futex resumed>) = ? [pid 992] +++ exited with 0 +++ [pid 990] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=990, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./225", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./225/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./225/binderfs") = 0 umount2("./225/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./225/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./225/bus") = 0 umount2("./225/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./225/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./225/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./225/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./225") = 0 mkdir("./226", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 993 ./strace-static-x86_64: Process 993 attached [pid 993] set_robust_list(0x5555720a9760, 24) = 0 [pid 993] chdir("./226") = 0 [pid 993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 993] setpgid(0, 0) = 0 [pid 993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 993] write(3, "1000", 4) = 4 [pid 993] close(3) = 0 [pid 993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 993] write(1, "executing program\n", 18) = 18 [pid 993] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 993] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 993] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 993] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 993] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 993] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[994]}, 88) = 994 [pid 993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 993] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 993] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 993] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 993] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 993] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[995]}, 88) = 995 [pid 993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 993] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 993] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 995 attached [pid 995] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 995] creat("./bus", 000) = 3 [pid 995] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 993] <... futex resumed>) = 0 [pid 993] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 993] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 995] <... futex resumed>) = 1 [pid 995] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 995] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 993] <... futex resumed>) = 0 [pid 993] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 993] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 995] <... futex resumed>) = 1 [pid 995] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 995] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 993] <... futex resumed>) = 0 [pid 993] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 993] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 995] <... futex resumed>) = 1 [pid 995] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 995] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 993] <... futex resumed>) = 0 [pid 995] <... futex resumed>) = 1 [pid 995] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 994 attached [pid 994] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 994] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 994] memfd_create("syzkaller", 0) = 5 [pid 994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 994] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 994] munmap(0x7f9b9c005000, 138412032) = 0 [pid 994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 39.644214][ T991] loop0: detected capacity change from 0 to 256 [ 39.652801][ T991] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.663317][ T991] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 39.674134][ T991] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 994] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 994] close(5) = 0 [pid 994] close(6) = 0 [pid 994] mkdir("./file0", 0777) = 0 [pid 994] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 994] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 994] chdir("./file0") = 0 [pid 994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 994] ioctl(6, LOOP_CLR_FD) = 0 [pid 994] close(6) = 0 [pid 994] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 994] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 993] exit_group(0 [pid 995] <... futex resumed>) = ? [pid 993] <... exit_group resumed>) = ? [pid 995] +++ exited with 0 +++ [pid 994] <... futex resumed>) = ? [pid 994] +++ exited with 0 +++ [pid 993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=993, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./226", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./226/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./226/binderfs") = 0 umount2("./226/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./226/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./226/bus") = 0 umount2("./226/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./226/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./226/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./226/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./226") = 0 mkdir("./227", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 996 ./strace-static-x86_64: Process 996 attached [pid 996] set_robust_list(0x5555720a9760, 24) = 0 [pid 996] chdir("./227") = 0 [pid 996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 996] setpgid(0, 0) = 0 [pid 996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 996] write(3, "1000", 4) = 4 [pid 996] close(3) = 0 [pid 996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 996] write(1, "executing program\n", 18executing program ) = 18 [pid 996] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 996] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 996] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 996] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 996] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 996] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[997]}, 88) = 997 [pid 996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 996] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 996] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 996] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 996] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 996] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[998]}, 88) = 998 [pid 996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 996] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 996] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 998 attached [pid 998] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 998] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 998] creat("./bus", 000) = 3 [pid 998] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 996] <... futex resumed>) = 0 [pid 996] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 996] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] <... futex resumed>) = 1 [pid 998] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 998] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 996] <... futex resumed>) = 0 [pid 996] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 996] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] <... futex resumed>) = 1 [pid 998] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 998] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 996] <... futex resumed>) = 0 [pid 996] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 996] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 998] <... futex resumed>) = 1 [pid 998] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096./strace-static-x86_64: Process 997 attached ) = -1 ENOSPC (No space left on device) [pid 998] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 996] <... futex resumed>) = 0 [pid 998] <... futex resumed>) = 1 [pid 997] set_robust_list(0x7f9ba44469a0, 24 [pid 998] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 997] <... set_robust_list resumed>) = 0 [pid 997] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 997] memfd_create("syzkaller", 0) = 5 [pid 997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 997] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 997] munmap(0x7f9b9c005000, 138412032) = 0 [pid 997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 39.713483][ T994] loop0: detected capacity change from 0 to 256 [ 39.721823][ T994] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.732269][ T994] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 39.743047][ T994] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 997] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 997] close(5) = 0 [pid 997] close(6) = 0 [pid 997] mkdir("./file0", 0777) = 0 [pid 997] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 997] chdir("./file0") = 0 [pid 997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 997] ioctl(6, LOOP_CLR_FD) = 0 [pid 997] close(6) = 0 [pid 997] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 997] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 996] exit_group(0) = ? [pid 997] <... futex resumed>) = ? [pid 997] +++ exited with 0 +++ [pid 998] <... futex resumed>) = ? [pid 998] +++ exited with 0 +++ [pid 996] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=996, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./227", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./227/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./227/binderfs") = 0 umount2("./227/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./227/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./227/bus") = 0 umount2("./227/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./227/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./227/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./227/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./227") = 0 mkdir("./228", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 999 ./strace-static-x86_64: Process 999 attached [pid 999] set_robust_list(0x5555720a9760, 24) = 0 [pid 999] chdir("./228") = 0 [pid 999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 999] setpgid(0, 0) = 0 [pid 999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 999] write(3, "1000", 4) = 4 [pid 999] close(3) = 0 [pid 999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 999] write(1, "executing program\n", 18executing program ) = 18 [pid 999] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 999] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 999] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 999] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 999] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1000]}, 88) = 1000 [pid 999] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 999] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 999] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 999] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 999] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1001]}, 88) = 1001 [pid 999] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 999] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 999] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1001 attached [pid 1001] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1001] creat("./bus", 000) = 3 [pid 1001] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 999] <... futex resumed>) = 0 [pid 999] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 999] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1001] <... futex resumed>) = 1 [pid 1001] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1001] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 999] <... futex resumed>) = 0 [pid 999] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 999] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1001] <... futex resumed>) = 1 [pid 1001] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1001] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 999] <... futex resumed>) = 0 [pid 999] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 999] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1001] <... futex resumed>) = 1 [pid 1001] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1001] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 999] <... futex resumed>) = 0 [pid 1001] <... futex resumed>) = 1 [pid 1001] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1000 attached [pid 1000] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1000] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1000] memfd_create("syzkaller", 0) = 5 [pid 1000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1000] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1000] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 39.783059][ T997] loop0: detected capacity change from 0 to 256 [ 39.790734][ T997] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.801268][ T997] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 39.811693][ T997] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1000] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1000] close(5) = 0 [pid 1000] close(6) = 0 [pid 1000] mkdir("./file0", 0777) = 0 [pid 1000] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1000] chdir("./file0") = 0 [pid 1000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1000] ioctl(6, LOOP_CLR_FD) = 0 [pid 1000] close(6) = 0 [pid 1000] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1000] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 999] exit_group(0 [pid 1001] <... futex resumed>) = ? [pid 999] <... exit_group resumed>) = ? [pid 1001] +++ exited with 0 +++ [pid 1000] <... futex resumed>) = ? [pid 1000] +++ exited with 0 +++ [pid 999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=999, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./228", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./228/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./228/binderfs") = 0 umount2("./228/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./228/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./228/bus") = 0 umount2("./228/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./228/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./228/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./228/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./228") = 0 mkdir("./229", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1003 ./strace-static-x86_64: Process 1003 attached [pid 1003] set_robust_list(0x5555720a9760, 24) = 0 [pid 1003] chdir("./229") = 0 [pid 1003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1003] setpgid(0, 0) = 0 [pid 1003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 1003] write(3, "1000", 4) = 4 [pid 1003] close(3) = 0 [pid 1003] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1003] write(1, "executing program\n", 18) = 18 [pid 1003] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1003] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1003] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1004]}, 88) = 1004 [pid 1003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1003] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1003] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1003] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1003] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1005]}, 88) = 1005 [pid 1003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1003] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1005 attached [pid 1005] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1005] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1005] creat("./bus", 000) = 3 [pid 1005] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1003] <... futex resumed>) = 0 [pid 1003] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1005] <... futex resumed>) = 1 [pid 1005] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 1004 attached ) = 0 [pid 1005] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1003] <... futex resumed>) = 0 [pid 1003] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1005] <... futex resumed>) = 1 [pid 1005] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 1004] set_robust_list(0x7f9ba44469a0, 24 [pid 1005] <... open resumed>) = 4 [pid 1005] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1003] <... futex resumed>) = 0 [pid 1003] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1003] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1005] <... futex resumed>) = 1 [pid 1005] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1005] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1003] <... futex resumed>) = 0 [pid 1005] <... futex resumed>) = 1 [pid 1004] <... set_robust_list resumed>) = 0 [pid 1005] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1004] memfd_create("syzkaller", 0) = 5 [pid 1004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 39.848990][ T1000] loop0: detected capacity change from 0 to 256 [ 39.856659][ T1000] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.867379][ T1000] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 39.878110][ T1000] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1004] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1004] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1004] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1004] close(5) = 0 [pid 1004] close(6) = 0 [pid 1004] mkdir("./file0", 0777) = 0 [pid 1004] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1004] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1004] chdir("./file0") = 0 [pid 1004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1004] ioctl(6, LOOP_CLR_FD) = 0 [pid 1004] close(6) = 0 [pid 1004] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1004] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1003] exit_group(0 [pid 1005] <... futex resumed>) = ? [pid 1003] <... exit_group resumed>) = ? [pid 1005] +++ exited with 0 +++ [pid 1004] <... futex resumed>) = ? [pid 1004] +++ exited with 0 +++ [pid 1003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1003, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./229", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./229/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./229/binderfs") = 0 umount2("./229/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./229/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./229/bus") = 0 umount2("./229/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./229/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./229/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./229/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./229") = 0 mkdir("./230", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1006 ./strace-static-x86_64: Process 1006 attached [pid 1006] set_robust_list(0x5555720a9760, 24) = 0 [pid 1006] chdir("./230") = 0 [pid 1006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1006] setpgid(0, 0) = 0 executing program [pid 1006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1006] write(3, "1000", 4) = 4 [pid 1006] close(3) = 0 [pid 1006] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1006] write(1, "executing program\n", 18) = 18 [pid 1006] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1006] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1006] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1006] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1007]}, 88) = 1007 [pid 1006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1006] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1006] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1006] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1008]}, 88) = 1008 [pid 1006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1006] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1006] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1008 attached [pid 1008] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1008] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1008] creat("./bus", 000) = 3 [pid 1008] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1006] <... futex resumed>) = 0 [pid 1006] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1006] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1008] <... futex resumed>) = 1 [pid 1008] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1008] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1006] <... futex resumed>) = 0 [pid 1006] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1006] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1008] <... futex resumed>) = 1 [pid 1008] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1008] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1006] <... futex resumed>) = 0 [pid 1006] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1006] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1008] <... futex resumed>) = 1 [pid 1008] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1008] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1006] <... futex resumed>) = 0 [pid 1008] <... futex resumed>) = 1 [pid 1008] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1007 attached [pid 1007] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1007] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1007] memfd_create("syzkaller", 0) = 5 [pid 1007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1007] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1007] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 39.919097][ T1004] loop0: detected capacity change from 0 to 256 [ 39.927116][ T1004] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.937748][ T1004] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 39.948246][ T1004] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1007] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1007] close(5) = 0 [pid 1007] close(6) = 0 [pid 1007] mkdir("./file0", 0777) = 0 [pid 1007] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1007] chdir("./file0") = 0 [pid 1007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1007] ioctl(6, LOOP_CLR_FD) = 0 [pid 1007] close(6) = 0 [pid 1007] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1007] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1006] exit_group(0 [pid 1008] <... futex resumed>) = ? [pid 1006] <... exit_group resumed>) = ? [pid 1008] +++ exited with 0 +++ [pid 1007] <... futex resumed>) = ? [pid 1007] +++ exited with 0 +++ [pid 1006] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1006, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./230", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./230/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./230/binderfs") = 0 umount2("./230/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./230/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./230/bus") = 0 umount2("./230/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./230/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./230/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./230/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./230") = 0 mkdir("./231", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1009 ./strace-static-x86_64: Process 1009 attached [pid 1009] set_robust_list(0x5555720a9760, 24) = 0 [pid 1009] chdir("./231") = 0 [pid 1009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1009] setpgid(0, 0) = 0 [pid 1009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1009] write(3, "1000", 4) = 4 [pid 1009] close(3) = 0 [pid 1009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1009] write(1, "executing program\n", 18) = 18 [pid 1009] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1009] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1009] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1010]}, 88) = 1010 [pid 1009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1009] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1009] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1011]}, 88) = 1011 [pid 1009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1009] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1011 attached [pid 1011] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1011] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1011] creat("./bus", 000) = 3 [pid 1011] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1011] <... futex resumed>) = 1 [pid 1011] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1011] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1011] <... futex resumed>) = 1 [pid 1011] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1011] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1009] <... futex resumed>) = 0 [pid 1009] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1009] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1011] <... futex resumed>) = 1 [pid 1011] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1011] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1009] <... futex resumed>) = 0 [pid 1011] <... futex resumed>) = 1 [pid 1011] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1010 attached [pid 1010] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1010] memfd_create("syzkaller", 0) = 5 [pid 1010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1010] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1010] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 39.986841][ T1007] loop0: detected capacity change from 0 to 256 [ 39.994276][ T1007] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.005087][ T1007] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.015313][ T1007] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1010] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1010] close(5) = 0 [pid 1010] close(6) = 0 [pid 1010] mkdir("./file0", 0777) = 0 [pid 1010] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1010] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1010] chdir("./file0") = 0 [pid 1010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1010] ioctl(6, LOOP_CLR_FD) = 0 [pid 1010] close(6) = 0 [pid 1010] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1010] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1009] exit_group(0) = ? [pid 1010] <... futex resumed>) = ? [pid 1010] +++ exited with 0 +++ [pid 1011] <... futex resumed>) = ? [pid 1011] +++ exited with 0 +++ [pid 1009] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1009, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./231", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./231/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./231/binderfs") = 0 umount2("./231/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./231/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./231/bus") = 0 umount2("./231/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./231/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./231/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./231/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./231") = 0 mkdir("./232", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1012 ./strace-static-x86_64: Process 1012 attached [pid 1012] set_robust_list(0x5555720a9760, 24) = 0 [pid 1012] chdir("./232") = 0 [pid 1012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1012] setpgid(0, 0) = 0 [pid 1012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1012] write(3, "1000", 4) = 4 [pid 1012] close(3executing program ) = 0 [pid 1012] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1012] write(1, "executing program\n", 18) = 18 [pid 1012] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1012] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1012] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1012] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1013]}, 88) = 1013 [pid 1012] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1012] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1012] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1012] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1014]}, 88) = 1014 [pid 1012] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1012] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1012] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1014 attached [pid 1014] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1014] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1014] creat("./bus", 000) = 3 [pid 1014] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1012] <... futex resumed>) = 0 [pid 1012] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1012] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1014] <... futex resumed>) = 1 [pid 1014] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1014] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1012] <... futex resumed>) = 0 [pid 1012] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1012] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1014] <... futex resumed>) = 1 [pid 1014] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1014] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1012] <... futex resumed>) = 0 [pid 1012] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1012] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1014] <... futex resumed>) = 1 [pid 1014] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1014] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1012] <... futex resumed>) = 0 [pid 1014] <... futex resumed>) = 1 [pid 1014] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1013 attached [pid 1013] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1013] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1013] memfd_create("syzkaller", 0) = 5 [pid 1013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1013] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1013] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 40.051294][ T1010] loop0: detected capacity change from 0 to 256 [ 40.059384][ T1010] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.069949][ T1010] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.080469][ T1010] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1013] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1013] close(5) = 0 [pid 1013] close(6) = 0 [pid 1013] mkdir("./file0", 0777) = 0 [pid 1013] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1013] chdir("./file0") = 0 [pid 1013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1013] ioctl(6, LOOP_CLR_FD) = 0 [pid 1013] close(6) = 0 [pid 1013] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1013] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1012] exit_group(0 [pid 1014] <... futex resumed>) = ? [pid 1012] <... exit_group resumed>) = ? [pid 1014] +++ exited with 0 +++ [pid 1013] <... futex resumed>) = ? [pid 1013] +++ exited with 0 +++ [pid 1012] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1012, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./232", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./232/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./232/binderfs") = 0 umount2("./232/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./232/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./232/bus") = 0 umount2("./232/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./232/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./232/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./232/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./232") = 0 mkdir("./233", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1015 ./strace-static-x86_64: Process 1015 attached [pid 1015] set_robust_list(0x5555720a9760, 24) = 0 [pid 1015] chdir("./233") = 0 [pid 1015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1015] setpgid(0, 0) = 0 [pid 1015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1015] write(3, "1000", 4) = 4 [pid 1015] close(3) = 0 [pid 1015] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1015] write(1, "executing program\n", 18) = 18 [pid 1015] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1015] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1015] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1016]}, 88) = 1016 [pid 1015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1015] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1015] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1017]}, 88) = 1017 [pid 1015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1015] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1017 attached [pid 1017] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1017] creat("./bus", 000) = 3 [pid 1017] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1015] <... futex resumed>) = 0 [pid 1015] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1017] <... futex resumed>) = 1 [pid 1017] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1017] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1015] <... futex resumed>) = 0 [pid 1015] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1017] <... futex resumed>) = 1 [pid 1017] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1017] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1015] <... futex resumed>) = 0 [pid 1015] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1015] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1017] <... futex resumed>) = 1 [pid 1017] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1017] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1015] <... futex resumed>) = 0 [pid 1017] <... futex resumed>) = 1 [pid 1017] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1016 attached [pid 1016] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1016] memfd_create("syzkaller", 0) = 5 [pid 1016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1016] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 40.119033][ T1013] loop0: detected capacity change from 0 to 256 [ 40.127107][ T1013] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.137601][ T1013] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.147561][ T1013] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1016] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1016] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1016] close(5) = 0 [pid 1016] close(6) = 0 [pid 1016] mkdir("./file0", 0777) = 0 [pid 1016] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1016] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1016] chdir("./file0") = 0 [pid 1016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1016] ioctl(6, LOOP_CLR_FD) = 0 [pid 1016] close(6) = 0 [pid 1016] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1016] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1015] exit_group(0 [pid 1017] <... futex resumed>) = ? [pid 1015] <... exit_group resumed>) = ? [pid 1017] +++ exited with 0 +++ [pid 1016] <... futex resumed>) = ? [pid 1016] +++ exited with 0 +++ [pid 1015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1015, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./233", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./233/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./233/binderfs") = 0 umount2("./233/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./233/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./233/bus") = 0 umount2("./233/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./233/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./233/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./233/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./233") = 0 mkdir("./234", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1018 ./strace-static-x86_64: Process 1018 attached [pid 1018] set_robust_list(0x5555720a9760, 24) = 0 [pid 1018] chdir("./234") = 0 [pid 1018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1018] setpgid(0, 0) = 0 [pid 1018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1018] write(3, "1000", 4) = 4 [pid 1018] close(3) = 0 [pid 1018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1018] write(1, "executing program\n", 18executing program ) = 18 [pid 1018] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1018] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1018] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1018] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1019]}, 88) = 1019 [pid 1018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1018] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1018] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1018] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 1020 attached => {parent_tid=[1020]}, 88) = 1020 [pid 1018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1018] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1018] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1019 attached [pid 1019] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1020] set_robust_list(0x7f9ba44259a0, 24 [pid 1019] memfd_create("syzkaller", 0) = 3 [pid 1019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1020] <... set_robust_list resumed>) = 0 [pid 1020] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1020] creat("./bus", 000) = 4 [pid 1020] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1018] <... futex resumed>) = 0 [pid 1018] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1018] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1020] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1019] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1020] <... mount resumed>) = 0 [pid 1020] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1019] <... write resumed>) = 131072 [pid 1019] munmap(0x7f9b9c005000, 138412032 [pid 1020] <... futex resumed>) = 1 [pid 1018] <... futex resumed>) = 0 [pid 1018] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1018] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1019] <... munmap resumed>) = 0 [pid 1019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 40.185731][ T1016] loop0: detected capacity change from 0 to 256 [ 40.194414][ T1016] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.205373][ T1016] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.216080][ T1016] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1019] ioctl(5, LOOP_SET_FD, 3 [pid 1020] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 1019] <... ioctl resumed>) = 0 [pid 1019] close(3) = 0 [pid 1019] close(5) = 0 [pid 1019] mkdir("./file0", 0777) = 0 [pid 1019] mount("/dev/loop0", "./file0", "exfat", 0, "" [pid 1020] <... open resumed>) = 3 [pid 1020] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1020] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1018] <... futex resumed>) = 0 [pid 1018] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1018] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1020] <... futex resumed>) = 0 [pid 1020] write(3, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = 4096 [pid 1020] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1018] <... futex resumed>) = 0 [pid 1020] <... futex resumed>) = 1 [pid 1020] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1019] <... mount resumed>) = -1 EIO (Input/output error) [pid 1019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1019] ioctl(5, LOOP_CLR_FD) = 0 [pid 1019] close(5) = 0 [pid 1019] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1019] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1018] exit_group(0) = ? [pid 1019] <... futex resumed>) = ? [pid 1019] +++ exited with 0 +++ [pid 1020] <... futex resumed>) = ? [pid 1020] +++ exited with 0 +++ [pid 1018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1018, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./234", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./234/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./234/binderfs") = 0 umount2("./234/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./234/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./234/bus") = 0 umount2("./234/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./234/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./234/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./234") = 0 mkdir("./235", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1021 ./strace-static-x86_64: Process 1021 attached [pid 1021] set_robust_list(0x5555720a9760, 24) = 0 [pid 1021] chdir("./235") = 0 [pid 1021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1021] setpgid(0, 0) = 0 [pid 1021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1021] write(3, "1000", 4) = 4 [pid 1021] close(3) = 0 [pid 1021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1021] write(1, "executing program\n", 18executing program ) = 18 [pid 1021] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1021] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1021] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1021] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1022 attached [pid 1022] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1022] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1021] <... clone3 resumed> => {parent_tid=[1022]}, 88) = 1022 [pid 1021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1021] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1021] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1021] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1023]}, 88) = 1023 [pid 1021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1021] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1021] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1022] <... futex resumed>) = 0 [pid 1022] memfd_create("syzkaller", 0) = 3 [pid 1022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 ./strace-static-x86_64: Process 1023 attached [pid 1023] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1023] creat("./bus", 000) = 4 [pid 1022] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1023] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1021] <... futex resumed>) = 0 [pid 1021] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1021] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] <... futex resumed>) = 1 [pid 1023] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1023] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1021] <... futex resumed>) = 0 [pid 1021] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1021] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] <... futex resumed>) = 1 [pid 1023] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 1023] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1021] <... futex resumed>) = 0 [pid 1021] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1021] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1023] <... futex resumed>) = 1 [pid 1023] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1023] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1021] <... futex resumed>) = 0 [pid 1023] <... futex resumed>) = 1 [pid 1023] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1022] <... write resumed>) = 131072 [pid 1022] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 40.253798][ T1019] loop0: detected capacity change from 0 to 256 [ 40.261124][ T1019] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.271654][ T1019] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.280032][ T1019] exFAT-fs (loop0): unable to set blocksize 33554432 [ 40.286845][ T1019] exFAT-fs (loop0): failed to read boot sector [ 40.293050][ T1019] exFAT-fs (loop0): failed to recognize exfat type [pid 1022] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 1022] close(3) = 0 [pid 1022] close(6) = 0 [pid 1022] mkdir("./file0", 0777) = 0 [pid 1022] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1022] chdir("./file0") = 0 [pid 1022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1022] ioctl(6, LOOP_CLR_FD) = 0 [pid 1022] close(6) = 0 [pid 1022] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1022] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1021] exit_group(0 [pid 1023] <... futex resumed>) = ? [pid 1021] <... exit_group resumed>) = ? [pid 1023] +++ exited with 0 +++ [pid 1022] <... futex resumed>) = ? [pid 1022] +++ exited with 0 +++ [pid 1021] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1021, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./235", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./235/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./235/binderfs") = 0 umount2("./235/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./235/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./235/bus") = 0 umount2("./235/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./235/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./235/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./235/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./235") = 0 mkdir("./236", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1024 ./strace-static-x86_64: Process 1024 attached [pid 1024] set_robust_list(0x5555720a9760, 24) = 0 [pid 1024] chdir("./236") = 0 [pid 1024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1024] setpgid(0, 0) = 0 [pid 1024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1024] write(3, "1000", 4) = 4 [pid 1024] close(3) = 0 [pid 1024] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1024] write(1, "executing program\n", 18) = 18 [pid 1024] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1024] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1024] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1024] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1025]}, 88) = 1025 [pid 1024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1024] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1024] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1024] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1026]}, 88) = 1026 [pid 1024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1024] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1024] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1026 attached [pid 1026] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1026] creat("./bus", 000./strace-static-x86_64: Process 1025 attached ) = 3 [pid 1026] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1024] <... futex resumed>) = 0 [pid 1024] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1024] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1026] <... futex resumed>) = 1 [pid 1026] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1025] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1026] <... mount resumed>) = 0 [pid 1025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1025] memfd_create("syzkaller", 0 [pid 1026] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1025] <... memfd_create resumed>) = 4 [pid 1025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1024] <... futex resumed>) = 0 [pid 1026] <... futex resumed>) = 1 [pid 1026] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 1024] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1026] <... open resumed>) = 5 [pid 1024] <... futex resumed>) = 0 [pid 1026] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1024] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1026] <... futex resumed>) = 0 [pid 1024] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1024] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1026] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 1024] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1026] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 1026] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1024] <... futex resumed>) = 0 [pid 1026] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1025] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1025] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 40.327316][ T1022] loop0: detected capacity change from 0 to 256 [ 40.335967][ T1022] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.346502][ T1022] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.356817][ T1022] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1025] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 1025] close(4) = 0 [pid 1025] close(6) = 0 [pid 1025] mkdir("./file0", 0777) = 0 [pid 1025] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1025] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 1025] chdir("./file0") = 0 [pid 1025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1025] ioctl(6, LOOP_CLR_FD) = 0 [pid 1025] close(6) = 0 [pid 1025] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1025] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1024] exit_group(0) = ? [pid 1025] <... futex resumed>) = ? [pid 1025] +++ exited with 0 +++ [pid 1026] <... futex resumed>) = ? [pid 1026] +++ exited with 0 +++ [pid 1024] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1024, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./236", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./236/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./236/binderfs") = 0 umount2("./236/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./236/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./236/bus") = 0 umount2("./236/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./236/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./236/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./236/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./236") = 0 mkdir("./237", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1027 ./strace-static-x86_64: Process 1027 attached [pid 1027] set_robust_list(0x5555720a9760, 24) = 0 [pid 1027] chdir("./237"executing program ) = 0 [pid 1027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1027] setpgid(0, 0) = 0 [pid 1027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1027] write(3, "1000", 4) = 4 [pid 1027] close(3) = 0 [pid 1027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1027] write(1, "executing program\n", 18) = 18 [pid 1027] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1027] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1027] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1027] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1028]}, 88) = 1028 ./strace-static-x86_64: Process 1028 attached [pid 1027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1027] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1027] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1027] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1029]}, 88) = 1029 [pid 1027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1027] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1027] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1028] set_robust_list(0x7f9ba44469a0, 24./strace-static-x86_64: Process 1029 attached [pid 1029] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1029] creat("./bus", 000) = 3 [pid 1028] <... set_robust_list resumed>) = 0 [pid 1029] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1027] <... futex resumed>) = 0 [pid 1027] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1027] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] <... futex resumed>) = 1 [pid 1029] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1028] rt_sigprocmask(SIG_SETMASK, [], [pid 1029] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1027] <... futex resumed>) = 0 [pid 1027] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1027] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] <... futex resumed>) = 1 [pid 1029] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1029] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1027] <... futex resumed>) = 0 [pid 1027] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1027] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1029] <... futex resumed>) = 1 [pid 1029] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1029] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1027] <... futex resumed>) = 0 [pid 1029] <... futex resumed>) = 1 [pid 1029] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1028] memfd_create("syzkaller", 0) = 5 [pid 1028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1028] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1028] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 40.406832][ T1025] loop0: detected capacity change from 0 to 256 [ 40.415537][ T1025] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.426470][ T1025] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.436986][ T1025] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1028] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1028] close(5) = 0 [pid 1028] close(6) = 0 [pid 1028] mkdir("./file0", 0777) = 0 [pid 1028] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1028] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1028] chdir("./file0") = 0 [pid 1028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1028] ioctl(6, LOOP_CLR_FD) = 0 [pid 1028] close(6) = 0 [pid 1028] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1028] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1027] exit_group(0) = ? [pid 1028] <... futex resumed>) = ? [pid 1028] +++ exited with 0 +++ [pid 1029] <... futex resumed>) = ? [pid 1029] +++ exited with 0 +++ [pid 1027] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1027, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./237", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./237/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./237/binderfs") = 0 umount2("./237/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./237/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./237/bus") = 0 umount2("./237/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./237/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./237/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./237/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./237") = 0 mkdir("./238", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1030 ./strace-static-x86_64: Process 1030 attached [pid 1030] set_robust_list(0x5555720a9760, 24) = 0 [pid 1030] chdir("./238") = 0 [pid 1030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1030] setpgid(0, 0) = 0 [pid 1030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1030] write(3, "1000", 4) = 4 [pid 1030] close(3) = 0 [pid 1030] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1030] write(1, "executing program\n", 18) = 18 [pid 1030] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1030] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1030] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1030] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1030] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1031]}, 88) = 1031 [pid 1030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1030] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1030] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1030] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1030] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1032]}, 88) = 1032 [pid 1030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1030] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1030] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1032 attached [pid 1032] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1032] creat("./bus", 000) = 3 [pid 1032] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1030] <... futex resumed>) = 0 [pid 1030] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1030] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1032] <... futex resumed>) = 1 [pid 1032] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1032] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1030] <... futex resumed>) = 0 [pid 1030] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1030] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1032] <... futex resumed>) = 1 [pid 1032] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1032] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1030] <... futex resumed>) = 0 [pid 1030] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1030] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1032] <... futex resumed>) = 1 [pid 1032] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1032] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1030] <... futex resumed>) = 0 [pid 1032] <... futex resumed>) = 1 [pid 1032] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1031 attached [pid 1031] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1031] memfd_create("syzkaller", 0) = 5 [pid 1031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 40.476720][ T1028] loop0: detected capacity change from 0 to 256 [ 40.485119][ T1028] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.495788][ T1028] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.505556][ T1028] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1031] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1031] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1031] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1031] close(5) = 0 [pid 1031] close(6) = 0 [pid 1031] mkdir("./file0", 0777) = 0 [pid 1031] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1031] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1031] chdir("./file0") = 0 [pid 1031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1031] ioctl(6, LOOP_CLR_FD) = 0 [pid 1031] close(6) = 0 [pid 1031] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1030] exit_group(0) = ? [pid 1031] <... futex resumed>) = ? [pid 1031] +++ exited with 0 +++ [pid 1032] <... futex resumed>) = ? [pid 1032] +++ exited with 0 +++ [pid 1030] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1030, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./238", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./238/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./238/binderfs") = 0 umount2("./238/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./238/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./238/bus") = 0 umount2("./238/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./238/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./238/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./238/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./238") = 0 mkdir("./239", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1033 ./strace-static-x86_64: Process 1033 attached [pid 1033] set_robust_list(0x5555720a9760, 24) = 0 [pid 1033] chdir("./239") = 0 [pid 1033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1033] setpgid(0, 0) = 0 [pid 1033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 1033] write(3, "1000", 4) = 4 [pid 1033] close(3) = 0 [pid 1033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1033] write(1, "executing program\n", 18) = 18 [pid 1033] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1033] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1033] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1034]}, 88) = 1034 [pid 1033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1033] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1033] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1033] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1035]}, 88) = 1035 [pid 1033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1033] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1033] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1035 attached [pid 1035] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1035] creat("./bus", 000) = 3 [pid 1035] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1033] <... futex resumed>) = 0 [pid 1033] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1033] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] <... futex resumed>) = 1 [pid 1035] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1035] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1033] <... futex resumed>) = 0 [pid 1033] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1033] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] <... futex resumed>) = 1 [pid 1035] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1035] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1033] <... futex resumed>) = 0 [pid 1033] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1033] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1035] <... futex resumed>) = 1 [pid 1035] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1035] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1033] <... futex resumed>) = 0 [pid 1035] <... futex resumed>) = 1 [pid 1035] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1034 attached [pid 1034] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1034] memfd_create("syzkaller", 0) = 5 [pid 1034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1034] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1034] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 40.543791][ T1031] loop0: detected capacity change from 0 to 256 [ 40.551465][ T1031] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.561996][ T1031] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.572336][ T1031] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1034] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1034] close(5) = 0 [pid 1034] close(6) = 0 [pid 1034] mkdir("./file0", 0777) = 0 [pid 1034] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1034] chdir("./file0") = 0 [pid 1034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1034] ioctl(6, LOOP_CLR_FD) = 0 [pid 1034] close(6) = 0 [pid 1034] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1034] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1033] exit_group(0 [pid 1035] <... futex resumed>) = ? [pid 1033] <... exit_group resumed>) = ? [pid 1035] +++ exited with 0 +++ [pid 1034] <... futex resumed>) = ? [pid 1034] +++ exited with 0 +++ [pid 1033] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1033, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./239", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./239/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./239/binderfs") = 0 umount2("./239/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./239/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./239/bus") = 0 umount2("./239/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./239/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./239/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./239/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./239") = 0 mkdir("./240", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1036 ./strace-static-x86_64: Process 1036 attached [pid 1036] set_robust_list(0x5555720a9760, 24) = 0 [pid 1036] chdir("./240") = 0 [pid 1036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1036] setpgid(0, 0) = 0 [pid 1036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1036] write(3, "1000", 4) = 4 [pid 1036] close(3) = 0 [pid 1036] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1036] write(1, "executing program\n", 18) = 18 [pid 1036] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1036] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1036] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1036] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1036] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1037]}, 88) = 1037 [pid 1036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1036] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1036] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1036] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1036] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1038]}, 88) = 1038 [pid 1036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1036] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1036] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1038 attached [pid 1038] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1038] creat("./bus", 000) = 3 [pid 1038] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1036] <... futex resumed>) = 0 [pid 1036] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1036] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1038] <... futex resumed>) = 1 [pid 1038] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1038] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1036] <... futex resumed>) = 0 [pid 1036] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1036] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1038] <... futex resumed>) = 1 [pid 1038] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1038] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1036] <... futex resumed>) = 0 [pid 1036] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1036] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1038] <... futex resumed>) = 1 [pid 1038] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1038] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1036] <... futex resumed>) = 0 [pid 1038] <... futex resumed>) = 1 [pid 1038] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1037 attached [pid 1037] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1037] memfd_create("syzkaller", 0) = 5 [pid 1037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 40.609266][ T1034] loop0: detected capacity change from 0 to 256 [ 40.617779][ T1034] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.628247][ T1034] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.638629][ T1034] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1037] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1037] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1037] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1037] close(5) = 0 [pid 1037] close(6) = 0 [pid 1037] mkdir("./file0", 0777) = 0 [pid 1037] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1037] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1037] chdir("./file0") = 0 [pid 1037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1037] ioctl(6, LOOP_CLR_FD) = 0 [pid 1037] close(6) = 0 [pid 1037] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1037] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1036] exit_group(0 [pid 1038] <... futex resumed>) = ? [pid 1036] <... exit_group resumed>) = ? [pid 1038] +++ exited with 0 +++ [pid 1037] <... futex resumed>) = ? [pid 1037] +++ exited with 0 +++ [pid 1036] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1036, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./240", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./240/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./240/binderfs") = 0 umount2("./240/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./240/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./240/bus") = 0 umount2("./240/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./240/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./240/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./240/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./240") = 0 mkdir("./241", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1039 ./strace-static-x86_64: Process 1039 attached [pid 1039] set_robust_list(0x5555720a9760, 24) = 0 [pid 1039] chdir("./241") = 0 [pid 1039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1039] setpgid(0, 0) = 0 [pid 1039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1039] write(3, "1000", 4) = 4 [pid 1039] close(3) = 0 [pid 1039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1039] write(1, "executing program\n", 18) = 18 [pid 1039] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1039] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1039] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1040]}, 88) = 1040 [pid 1039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1039] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1039] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1039] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1041]}, 88) = 1041 [pid 1039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1039] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1039] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1041 attached [pid 1041] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1041] creat("./bus", 000) = 3 [pid 1041] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1039] <... futex resumed>) = 0 [pid 1039] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1039] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1041] <... futex resumed>) = 1 [pid 1041] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1041] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1039] <... futex resumed>) = 0 [pid 1039] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1039] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1041] <... futex resumed>) = 1 [pid 1041] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1041] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1039] <... futex resumed>) = 0 [pid 1039] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1039] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1041] <... futex resumed>) = 1 [pid 1041] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1041] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1039] <... futex resumed>) = 0 [pid 1041] <... futex resumed>) = 1 [pid 1041] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1040 attached [pid 1040] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1040] memfd_create("syzkaller", 0) = 5 [pid 1040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1040] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1040] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 40.675999][ T1037] loop0: detected capacity change from 0 to 256 [ 40.684839][ T1037] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.695358][ T1037] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.705109][ T1037] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1040] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1040] close(5) = 0 [pid 1040] close(6) = 0 [pid 1040] mkdir("./file0", 0777) = 0 [pid 1040] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1040] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1040] chdir("./file0") = 0 [pid 1040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1040] ioctl(6, LOOP_CLR_FD) = 0 [pid 1040] close(6) = 0 [pid 1040] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1040] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1039] exit_group(0) = ? [pid 1041] <... futex resumed>) = ? [pid 1041] +++ exited with 0 +++ [pid 1040] <... futex resumed>) = ? [pid 1040] +++ exited with 0 +++ [pid 1039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1039, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./241", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./241/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./241/binderfs") = 0 umount2("./241/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./241/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./241/bus") = 0 umount2("./241/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./241/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./241/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./241/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./241") = 0 mkdir("./242", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1042 ./strace-static-x86_64: Process 1042 attached [pid 1042] set_robust_list(0x5555720a9760, 24) = 0 [pid 1042] chdir("./242") = 0 [pid 1042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1042] setpgid(0, 0) = 0 [pid 1042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1042] write(3, "1000", 4) = 4 [pid 1042] close(3) = 0 [pid 1042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1042] write(1, "executing program\n", 18executing program ) = 18 [pid 1042] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1042] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1042] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1042] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1043]}, 88) = 1043 ./strace-static-x86_64: Process 1043 attached [pid 1043] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1043] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1042] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1043] <... futex resumed>) = 0 [pid 1043] memfd_create("syzkaller", 0 [pid 1042] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1043] <... memfd_create resumed>) = 3 [pid 1043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1043] <... mmap resumed>) = 0x7f9b9c005000 [pid 1042] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 1043] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1042] <... mprotect resumed>) = 0 [pid 1042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1044]}, 88) = 1044 [pid 1042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1042] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1042] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1044 attached [pid 1044] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1043] <... write resumed>) = 131072 [pid 1044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1044] creat("./bus", 000 [pid 1043] munmap(0x7f9b9c005000, 138412032 [pid 1044] <... creat resumed>) = 4 [pid 1044] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1043] <... munmap resumed>) = 0 [pid 1044] <... futex resumed>) = 1 [pid 1042] <... futex resumed>) = 0 [pid 1042] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1042] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1043] ioctl(5, LOOP_SET_FD, 3 [ 40.743161][ T1040] loop0: detected capacity change from 0 to 256 [ 40.750975][ T1040] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.761583][ T1040] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.772433][ T1040] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1044] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1044] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1042] <... futex resumed>) = 0 [pid 1042] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1042] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1044] <... futex resumed>) = 1 [pid 1044] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 1044] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1042] <... futex resumed>) = 0 [pid 1042] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1042] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1044] <... futex resumed>) = 1 [pid 1044] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 1044] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1042] <... futex resumed>) = 0 [pid 1044] <... futex resumed>) = 1 [pid 1044] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1043] <... ioctl resumed>) = 0 [pid 1043] close(3) = 0 [pid 1043] close(5) = 0 [pid 1043] mkdir("./file0", 0777) = 0 [pid 1043] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1043] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1043] chdir("./file0") = 0 [pid 1043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1043] ioctl(5, LOOP_CLR_FD) = 0 [pid 1043] close(5) = 0 [pid 1043] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1043] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1042] exit_group(0) = ? [pid 1044] <... futex resumed>) = ? [pid 1044] +++ exited with 0 +++ [pid 1043] <... futex resumed>) = ? [pid 1043] +++ exited with 0 +++ [pid 1042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1042, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./242", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./242/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./242/binderfs") = 0 umount2("./242/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./242/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./242/bus") = 0 umount2("./242/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./242/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./242/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./242/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./242") = 0 mkdir("./243", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1046 ./strace-static-x86_64: Process 1046 attached [pid 1046] set_robust_list(0x5555720a9760, 24) = 0 [pid 1046] chdir("./243") = 0 [pid 1046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1046] setpgid(0, 0) = 0 [pid 1046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1046] write(3, "1000", 4) = 4 [pid 1046] close(3) = 0 [pid 1046] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1046] write(1, "executing program\n", 18) = 18 [pid 1046] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1046] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1046] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1046] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1047]}, 88) = 1047 [pid 1046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1046] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1046] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1046] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1048]}, 88) = 1048 [pid 1046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1046] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1046] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1048 attached [pid 1048] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1048] creat("./bus", 000) = 3 [pid 1048] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1046] <... futex resumed>) = 0 [pid 1046] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1046] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1048] <... futex resumed>) = 1 [pid 1048] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1048] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1046] <... futex resumed>) = 0 [pid 1046] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1046] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1048] <... futex resumed>) = 1 [pid 1048] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1048] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1046] <... futex resumed>) = 0 [pid 1046] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1046] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1048] <... futex resumed>) = 1 [pid 1048] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1048] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1046] <... futex resumed>) = 0 [pid 1048] <... futex resumed>) = 1 [pid 1048] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1047 attached [pid 1047] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1047] memfd_create("syzkaller", 0) = 5 [pid 1047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1047] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1047] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 40.812948][ T1043] loop0: detected capacity change from 0 to 256 [ 40.820852][ T1043] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.831423][ T1043] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.842215][ T1043] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1047] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1047] close(5) = 0 [pid 1047] close(6) = 0 [pid 1047] mkdir("./file0", 0777) = 0 [pid 1047] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1047] chdir("./file0") = 0 [pid 1047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1047] ioctl(6, LOOP_CLR_FD) = 0 [pid 1047] close(6) = 0 [pid 1047] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1047] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1046] exit_group(0) = ? [pid 1047] <... futex resumed>) = ? [pid 1047] +++ exited with 0 +++ [pid 1048] <... futex resumed>) = ? [pid 1048] +++ exited with 0 +++ [pid 1046] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1046, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./243", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./243/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./243/binderfs") = 0 umount2("./243/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./243/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./243/bus") = 0 umount2("./243/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./243/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./243/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./243/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./243") = 0 mkdir("./244", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1049 ./strace-static-x86_64: Process 1049 attached [pid 1049] set_robust_list(0x5555720a9760, 24) = 0 [pid 1049] chdir("./244") = 0 [pid 1049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1049] setpgid(0, 0) = 0 [pid 1049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1049] write(3, "1000", 4) = 4 [pid 1049] close(3) = 0 [pid 1049] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1049] write(1, "executing program\n", 18) = 18 [pid 1049] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1049] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1049] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1050 attached => {parent_tid=[1050]}, 88) = 1050 [pid 1050] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1050] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1049] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1050] <... futex resumed>) = 0 [pid 1050] memfd_create("syzkaller", 0 [pid 1049] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1050] <... memfd_create resumed>) = 3 [pid 1050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c026000 [pid 1049] <... futex resumed>) = 0 [pid 1049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9b9c005000 [pid 1049] mprotect(0x7f9b9c006000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9b9c025990, parent_tid=0x7f9b9c025990, exit_signal=0, stack=0x7f9b9c005000, stack_size=0x20240, tls=0x7f9b9c0256c0} [pid 1050] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072./strace-static-x86_64: Process 1051 attached [pid 1049] <... clone3 resumed> => {parent_tid=[1051]}, 88) = 1051 [pid 1051] set_robust_list(0x7f9b9c0259a0, 24) = 0 [pid 1051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1050] <... write resumed>) = 131072 [pid 1049] rt_sigprocmask(SIG_SETMASK, [], [pid 1051] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1050] munmap(0x7f9b9c026000, 138412032 [pid 1049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1050] <... munmap resumed>) = 0 [pid 1049] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1049] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1050] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1051] <... futex resumed>) = 0 [pid 1050] <... openat resumed>) = 4 [pid 1050] ioctl(4, LOOP_SET_FD, 3 [pid 1051] creat("./bus", 000) = 5 [pid 1051] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1051] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1049] <... futex resumed>) = 0 [ 40.880999][ T1047] loop0: detected capacity change from 0 to 256 [ 40.888692][ T1047] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.899493][ T1047] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.910089][ T1047] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1049] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1049] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1051] <... futex resumed>) = 0 [pid 1051] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1051] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1049] <... futex resumed>) = 0 [pid 1049] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1049] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1051] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 1051] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1049] <... futex resumed>) = 0 [pid 1049] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1049] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1051] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 1051] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1049] <... futex resumed>) = 0 [pid 1051] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1050] <... ioctl resumed>) = 0 [pid 1050] close(3) = 0 [pid 1050] close(4) = 0 [pid 1050] mkdir("./file0", 0777) = 0 [pid 1050] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1050] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1050] chdir("./file0") = 0 [pid 1050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1050] ioctl(4, LOOP_CLR_FD) = 0 [pid 1050] close(4) = 0 [pid 1050] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1050] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1049] exit_group(0 [pid 1051] <... futex resumed>) = ? [pid 1049] <... exit_group resumed>) = ? [pid 1051] +++ exited with 0 +++ [pid 1050] <... futex resumed>) = ? [pid 1050] +++ exited with 0 +++ [pid 1049] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1049, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./244", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./244/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./244/binderfs") = 0 umount2("./244/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./244/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./244/bus") = 0 umount2("./244/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./244/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./244/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./244/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./244") = 0 mkdir("./245", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1052 ./strace-static-x86_64: Process 1052 attached [pid 1052] set_robust_list(0x5555720a9760, 24) = 0 [pid 1052] chdir("./245") = 0 [pid 1052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1052] setpgid(0, 0) = 0 [pid 1052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1052] write(3, "1000", 4) = 4 [pid 1052] close(3) = 0 [pid 1052] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1052] write(1, "executing program\n", 18) = 18 [pid 1052] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1052] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1052] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1053 attached [pid 1053] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1053] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1052] <... clone3 resumed> => {parent_tid=[1053]}, 88) = 1053 [pid 1052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1052] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1052] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1052] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1053] <... futex resumed>) = 0 [pid 1052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1054]}, 88) = 1054 ./strace-static-x86_64: Process 1054 attached [pid 1053] memfd_create("syzkaller", 0 [pid 1052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1052] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1054] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1053] <... memfd_create resumed>) = 3 [pid 1054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1054] creat("./bus", 000 [pid 1053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1054] <... creat resumed>) = 4 [pid 1054] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1054] <... futex resumed>) = 1 [pid 1054] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1054] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1054] <... futex resumed>) = 1 [pid 1054] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 1054] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1052] <... futex resumed>) = 0 [pid 1052] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1052] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1054] <... futex resumed>) = 1 [pid 1053] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1054] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1054] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1052] <... futex resumed>) = 0 [pid 1054] <... futex resumed>) = 1 [pid 1054] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1053] <... write resumed>) = 131072 [pid 1053] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 40.949229][ T1050] loop0: detected capacity change from 0 to 256 [ 40.957134][ T1050] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 40.967865][ T1050] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 40.978146][ T1050] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1053] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 1053] close(3) = 0 [pid 1053] close(6) = 0 [pid 1053] mkdir("./file0", 0777) = 0 [pid 1053] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1053] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1053] chdir("./file0") = 0 [pid 1053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1053] ioctl(6, LOOP_CLR_FD) = 0 [pid 1053] close(6) = 0 [pid 1053] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1053] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1052] exit_group(0 [pid 1054] <... futex resumed>) = ? [pid 1052] <... exit_group resumed>) = ? [pid 1054] +++ exited with 0 +++ [pid 1053] <... futex resumed>) = ? [pid 1053] +++ exited with 0 +++ [pid 1052] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1052, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./245", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./245/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./245/binderfs") = 0 umount2("./245/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./245/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./245/bus") = 0 umount2("./245/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./245/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./245/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./245/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./245") = 0 mkdir("./246", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1055 ./strace-static-x86_64: Process 1055 attached [pid 1055] set_robust_list(0x5555720a9760, 24) = 0 [pid 1055] chdir("./246") = 0 [pid 1055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1055] setpgid(0, 0) = 0 [pid 1055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1055] write(3, "1000", 4) = 4 [pid 1055] close(3) = 0 [pid 1055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1055] write(1, "executing program\n", 18) = 18 [pid 1055] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1055] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1055] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1055] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1055] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1056]}, 88) = 1056 [pid 1055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1055] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1056 attached ) = 0 [pid 1056] set_robust_list(0x7f9ba44469a0, 24 [pid 1055] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1056] <... set_robust_list resumed>) = 0 [pid 1055] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 1056] rt_sigprocmask(SIG_SETMASK, [], [pid 1055] <... mprotect resumed>) = 0 [pid 1056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1055] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1057]}, 88) = 1057 [pid 1055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1055] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1055] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1056] memfd_create("syzkaller", 0) = 3 [pid 1056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 ./strace-static-x86_64: Process 1057 attached [pid 1057] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1057] creat("./bus", 000 [pid 1056] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1057] <... creat resumed>) = 4 [pid 1057] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1055] <... futex resumed>) = 0 [pid 1055] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1055] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1057] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1056] <... write resumed>) = 131072 [pid 1056] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1056] ioctl(5, LOOP_SET_FD, 3 [pid 1057] <... mount resumed>) = 0 [ 41.019075][ T1053] loop0: detected capacity change from 0 to 256 [ 41.027561][ T1053] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.038289][ T1053] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 41.048711][ T1053] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1057] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1057] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1055] <... futex resumed>) = 0 [pid 1055] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1055] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1057] <... futex resumed>) = 0 [pid 1057] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 1057] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1055] <... futex resumed>) = 0 [pid 1055] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1055] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1057] <... futex resumed>) = 1 [pid 1057] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 1057] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1055] <... futex resumed>) = 0 [pid 1057] <... futex resumed>) = 1 [pid 1057] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1056] <... ioctl resumed>) = 0 [pid 1056] close(3) = 0 [pid 1056] close(5) = 0 [pid 1056] mkdir("./file0", 0777) = 0 [pid 1056] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1056] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1056] chdir("./file0") = 0 [pid 1056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1056] ioctl(5, LOOP_CLR_FD) = 0 [pid 1056] close(5) = 0 [pid 1056] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1056] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1055] exit_group(0 [pid 1057] <... futex resumed>) = ? [pid 1055] <... exit_group resumed>) = ? [pid 1057] +++ exited with 0 +++ [pid 1056] <... futex resumed>) = ? [pid 1056] +++ exited with 0 +++ [pid 1055] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1055, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./246", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./246/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./246/binderfs") = 0 umount2("./246/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./246/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./246/bus") = 0 umount2("./246/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./246/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./246/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./246/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./246") = 0 mkdir("./247", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1058 ./strace-static-x86_64: Process 1058 attached executing program [pid 1058] set_robust_list(0x5555720a9760, 24) = 0 [pid 1058] chdir("./247") = 0 [pid 1058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1058] setpgid(0, 0) = 0 [pid 1058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1058] write(3, "1000", 4) = 4 [pid 1058] close(3) = 0 [pid 1058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1058] write(1, "executing program\n", 18) = 18 [pid 1058] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1058] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1058] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1059]}, 88) = 1059 [pid 1058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1058] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1058] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1060]}, 88) = 1060 [pid 1058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1058] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1060 attached [pid 1060] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1060] creat("./bus", 000) = 3 [pid 1060] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1058] <... futex resumed>) = 0 [pid 1058] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1060] <... futex resumed>) = 1 [pid 1060] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1060] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1058] <... futex resumed>) = 0 [pid 1058] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1060] <... futex resumed>) = 1 [pid 1060] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1060] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1058] <... futex resumed>) = 0 [pid 1058] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1058] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1060] <... futex resumed>) = 1 [pid 1060] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1060] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1058] <... futex resumed>) = 0 [pid 1060] <... futex resumed>) = 1 [pid 1060] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1059 attached [pid 1059] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1059] memfd_create("syzkaller", 0) = 5 [pid 1059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1059] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1059] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 41.086383][ T1056] loop0: detected capacity change from 0 to 256 [ 41.094176][ T1056] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.104818][ T1056] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 41.115909][ T1056] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1059] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1059] close(5) = 0 [pid 1059] close(6) = 0 [pid 1059] mkdir("./file0", 0777) = 0 [pid 1059] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1059] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1059] chdir("./file0") = 0 [pid 1059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1059] ioctl(6, LOOP_CLR_FD) = 0 [pid 1059] close(6) = 0 [pid 1059] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1059] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1058] exit_group(0) = ? [pid 1059] <... futex resumed>) = ? [pid 1059] +++ exited with 0 +++ [pid 1060] <... futex resumed>) = ? [pid 1060] +++ exited with 0 +++ [pid 1058] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1058, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./247", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./247/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./247/binderfs") = 0 umount2("./247/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./247/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./247/bus") = 0 umount2("./247/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./247/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./247/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./247/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./247") = 0 mkdir("./248", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1061 ./strace-static-x86_64: Process 1061 attached [pid 1061] set_robust_list(0x5555720a9760, 24) = 0 executing program [pid 1061] chdir("./248") = 0 [pid 1061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1061] setpgid(0, 0) = 0 [pid 1061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1061] write(3, "1000", 4) = 4 [pid 1061] close(3) = 0 [pid 1061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1061] write(1, "executing program\n", 18) = 18 [pid 1061] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1061] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1061] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1061] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1061] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1062 attached => {parent_tid=[1062]}, 88) = 1062 [pid 1062] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1062] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1061] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1062] <... futex resumed>) = 0 [pid 1062] memfd_create("syzkaller", 0) = 3 [pid 1061] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c026000 [pid 1061] <... futex resumed>) = 0 [pid 1061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9b9c005000 [pid 1061] mprotect(0x7f9b9c006000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1061] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1062] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1061] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9b9c025990, parent_tid=0x7f9b9c025990, exit_signal=0, stack=0x7f9b9c005000, stack_size=0x20240, tls=0x7f9b9c0256c0}./strace-static-x86_64: Process 1063 attached => {parent_tid=[1063]}, 88) = 1063 [pid 1063] set_robust_list(0x7f9b9c0259a0, 24 [pid 1061] rt_sigprocmask(SIG_SETMASK, [], [pid 1062] <... write resumed>) = 131072 [pid 1063] <... set_robust_list resumed>) = 0 [pid 1063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1063] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1061] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1061] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1063] <... futex resumed>) = 0 [pid 1063] creat("./bus", 000 [pid 1062] munmap(0x7f9b9c026000, 138412032 [pid 1063] <... creat resumed>) = 4 [pid 1063] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1061] <... futex resumed>) = 0 [pid 1061] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1061] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1063] <... futex resumed>) = 1 [pid 1063] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1063] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1061] <... futex resumed>) = 0 [pid 1061] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1061] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1063] <... futex resumed>) = 1 [pid 1063] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 1063] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1061] <... futex resumed>) = 0 [pid 1061] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1061] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1063] <... futex resumed>) = 1 [pid 1063] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1063] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1061] <... futex resumed>) = 0 [pid 1063] <... futex resumed>) = 1 [pid 1063] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1062] <... munmap resumed>) = 0 [pid 1062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 41.155409][ T1059] loop0: detected capacity change from 0 to 256 [ 41.163995][ T1059] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.174727][ T1059] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 41.184999][ T1059] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1062] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 1062] close(3) = 0 [pid 1062] close(6) = 0 [pid 1062] mkdir("./file0", 0777) = 0 [pid 1062] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1062] chdir("./file0") = 0 [pid 1062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1062] ioctl(6, LOOP_CLR_FD) = 0 [pid 1062] close(6) = 0 [pid 1062] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1062] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1061] exit_group(0) = ? [pid 1063] <... futex resumed>) = ? [pid 1063] +++ exited with 0 +++ [pid 1062] <... futex resumed>) = ? [pid 1062] +++ exited with 0 +++ [pid 1061] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1061, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./248", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./248/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./248/binderfs") = 0 umount2("./248/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./248/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./248/bus") = 0 umount2("./248/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./248/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./248/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./248/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./248") = 0 mkdir("./249", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1064 ./strace-static-x86_64: Process 1064 attached [pid 1064] set_robust_list(0x5555720a9760, 24) = 0 [pid 1064] chdir("./249") = 0 [pid 1064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1064] setpgid(0, 0) = 0 [pid 1064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1064] write(3, "1000", 4) = 4 [pid 1064] close(3) = 0 [pid 1064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1064] write(1, "executing program\n", 18executing program ) = 18 [pid 1064] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1064] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1064] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1065]}, 88) = 1065 [pid 1064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1064] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1064] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1066]}, 88) = 1066 [pid 1064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1064] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1066 attached [pid 1066] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1066] creat("./bus", 000) = 3 [pid 1066] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1066] <... futex resumed>) = 1 [pid 1066] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1066] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1066] <... futex resumed>) = 1 [pid 1066] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000./strace-static-x86_64: Process 1065 attached [pid 1065] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1065] memfd_create("syzkaller", 0) = 5 [pid 1065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1065] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1066] <... open resumed>) = 4 [pid 1066] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1064] <... futex resumed>) = 0 [pid 1064] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1064] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1066] <... futex resumed>) = 1 [pid 1066] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1066] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1064] <... futex resumed>) = 0 [pid 1066] <... futex resumed>) = 1 [pid 1066] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1065] <... write resumed>) = 131072 [pid 1065] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 41.224717][ T1062] loop0: detected capacity change from 0 to 256 [ 41.233343][ T1062] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.243839][ T1062] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 41.254315][ T1062] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1065] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1065] close(5) = 0 [pid 1065] close(6) = 0 [pid 1065] mkdir("./file0", 0777) = 0 [pid 1065] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1065] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1065] chdir("./file0") = 0 [pid 1065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1065] ioctl(6, LOOP_CLR_FD) = 0 [pid 1065] close(6) = 0 [pid 1065] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1065] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1064] exit_group(0 [pid 1066] <... futex resumed>) = ? [pid 1064] <... exit_group resumed>) = ? [pid 1066] +++ exited with 0 +++ [pid 1065] <... futex resumed>) = ? [pid 1065] +++ exited with 0 +++ [pid 1064] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1064, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./249", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./249/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./249/binderfs") = 0 umount2("./249/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./249/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./249/bus") = 0 umount2("./249/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./249/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./249/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./249/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./249") = 0 mkdir("./250", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1067 ./strace-static-x86_64: Process 1067 attached [pid 1067] set_robust_list(0x5555720a9760, 24) = 0 [pid 1067] chdir("./250") = 0 [pid 1067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1067] setpgid(0, 0) = 0 [pid 1067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1067] write(3, "1000", 4) = 4 [pid 1067] close(3) = 0 [pid 1067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1067] write(1, "executing program\n", 18executing program ) = 18 [pid 1067] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1067] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1067] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1067] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1068 attached [pid 1068] set_robust_list(0x7f9ba44469a0, 24 [pid 1067] <... clone3 resumed> => {parent_tid=[1068]}, 88) = 1068 [pid 1067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1067] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1067] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1067] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1067] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 1068] <... set_robust_list resumed>) = 0 [pid 1068] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 1069 attached NULL, 8) = 0 [pid 1069] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1069] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1067] <... clone3 resumed> => {parent_tid=[1069]}, 88) = 1069 [pid 1067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1067] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1067] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1069] <... futex resumed>) = 0 [pid 1069] creat("./bus", 000) = 3 [pid 1069] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1067] <... futex resumed>) = 0 [pid 1067] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1067] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1069] <... futex resumed>) = 1 [pid 1069] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1069] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1067] <... futex resumed>) = 0 [pid 1067] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1067] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1069] <... futex resumed>) = 1 [pid 1069] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1069] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1067] <... futex resumed>) = 0 [pid 1067] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1067] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1069] <... futex resumed>) = 1 [pid 1069] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1069] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1067] <... futex resumed>) = 0 [pid 1069] <... futex resumed>) = 1 [pid 1069] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1068] memfd_create("syzkaller", 0) = 5 [pid 1068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1068] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1068] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 41.289905][ T1065] loop0: detected capacity change from 0 to 256 [ 41.297841][ T1065] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.308648][ T1065] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 41.319280][ T1065] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1068] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1068] close(5) = 0 [pid 1068] close(6) = 0 [pid 1068] mkdir("./file0", 0777) = 0 [pid 1068] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1068] chdir("./file0") = 0 [pid 1068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1068] ioctl(6, LOOP_CLR_FD) = 0 [pid 1068] close(6) = 0 [pid 1068] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1068] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1067] exit_group(0) = ? [pid 1068] <... futex resumed>) = ? [pid 1068] +++ exited with 0 +++ [pid 1069] <... futex resumed>) = ? [pid 1069] +++ exited with 0 +++ [pid 1067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1067, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./250", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./250/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./250/binderfs") = 0 umount2("./250/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./250/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./250/bus") = 0 umount2("./250/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./250/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./250/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./250/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./250") = 0 mkdir("./251", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1070 ./strace-static-x86_64: Process 1070 attached [pid 1070] set_robust_list(0x5555720a9760, 24) = 0 [pid 1070] chdir("./251") = 0 [pid 1070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1070] setpgid(0, 0) = 0 [pid 1070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 1070] write(3, "1000", 4) = 4 [pid 1070] close(3) = 0 [pid 1070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1070] write(1, "executing program\n", 18) = 18 [pid 1070] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1070] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1070] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1071]}, 88) = 1071 [pid 1070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1070] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1070] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1070] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1070] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1072]}, 88) = 1072 [pid 1070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1070] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1072 attached [pid 1072] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1072] creat("./bus", 000) = 3 [pid 1072] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1072] <... futex resumed>) = 1 [pid 1072] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1072] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1072] <... futex resumed>) = 1 [pid 1072] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1072] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1070] <... futex resumed>) = 0 [pid 1070] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1070] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1072] <... futex resumed>) = 1 [pid 1072] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1072] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1070] <... futex resumed>) = 0 [pid 1072] <... futex resumed>) = 1 [pid 1072] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1071 attached [pid 1071] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1071] memfd_create("syzkaller", 0) = 5 [pid 1071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1071] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1071] munmap(0x7f9b9c005000, 138412032) = 0 [ 41.358935][ T1068] loop0: detected capacity change from 0 to 256 [ 41.366878][ T1068] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.377424][ T1068] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 41.388044][ T1068] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1071] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1071] close(5) = 0 [pid 1071] close(6) = 0 [pid 1071] mkdir("./file0", 0777) = 0 [pid 1071] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1071] chdir("./file0") = 0 [pid 1071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1071] ioctl(6, LOOP_CLR_FD) = 0 [pid 1071] close(6) = 0 [pid 1071] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1071] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1070] exit_group(0) = ? [pid 1071] <... futex resumed>) = ? [pid 1071] +++ exited with 0 +++ [pid 1072] <... futex resumed>) = ? [pid 1072] +++ exited with 0 +++ [pid 1070] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1070, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./251", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./251/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./251/binderfs") = 0 umount2("./251/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./251/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./251/bus") = 0 umount2("./251/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./251/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./251/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./251/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./251") = 0 mkdir("./252", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1073 ./strace-static-x86_64: Process 1073 attached [pid 1073] set_robust_list(0x5555720a9760, 24) = 0 [pid 1073] chdir("./252") = 0 [pid 1073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1073] setpgid(0, 0) = 0 [pid 1073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1073] write(3, "1000", 4) = 4 [pid 1073] close(3) = 0 [pid 1073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1073] write(1, "executing program\n", 18) = 18 [pid 1073] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1073] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1073] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1073] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1074]}, 88) = 1074 [pid 1073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1073] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1073] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1073] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1075]}, 88) = 1075 [pid 1073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1073] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1073] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1075 attached [pid 1075] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1075] creat("./bus", 000) = 3 [pid 1075] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1073] <... futex resumed>) = 0 [pid 1073] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1073] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1075] <... futex resumed>) = 1 [pid 1075] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1075] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1073] <... futex resumed>) = 0 [pid 1073] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1073] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1075] <... futex resumed>) = 1 [pid 1075] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1075] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1073] <... futex resumed>) = 0 [pid 1073] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1073] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1075] <... futex resumed>) = 1 [pid 1075] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1075] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1073] <... futex resumed>) = 0 [pid 1075] <... futex resumed>) = 1 [pid 1075] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1074 attached [pid 1074] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1074] memfd_create("syzkaller", 0) = 5 [pid 1074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1074] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1074] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 41.426000][ T1071] loop0: detected capacity change from 0 to 256 [ 41.433550][ T1071] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.444303][ T1071] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 41.454667][ T1071] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1074] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1074] close(5) = 0 [pid 1074] close(6) = 0 [pid 1074] mkdir("./file0", 0777) = 0 [pid 1074] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1074] chdir("./file0") = 0 [pid 1074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1074] ioctl(6, LOOP_CLR_FD) = 0 [pid 1074] close(6) = 0 [pid 1074] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1074] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1073] exit_group(0) = ? [pid 1074] <... futex resumed>) = ? [pid 1074] +++ exited with 0 +++ [pid 1075] <... futex resumed>) = ? [pid 1075] +++ exited with 0 +++ [pid 1073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1073, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./252", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./252/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./252/binderfs") = 0 umount2("./252/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./252/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./252/bus") = 0 umount2("./252/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./252/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./252/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./252/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./252") = 0 mkdir("./253", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1076 ./strace-static-x86_64: Process 1076 attached [pid 1076] set_robust_list(0x5555720a9760, 24) = 0 [pid 1076] chdir("./253") = 0 [pid 1076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1076] setpgid(0, 0) = 0 executing program [pid 1076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1076] write(3, "1000", 4) = 4 [pid 1076] close(3) = 0 [pid 1076] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1076] write(1, "executing program\n", 18) = 18 [pid 1076] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1076] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1076] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1076] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1077]}, 88) = 1077 [pid 1076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1076] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1076] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1076] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1078]}, 88) = 1078 [pid 1076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1076] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1076] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1078 attached [pid 1078] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1078] creat("./bus", 000) = 3 [pid 1078] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1076] <... futex resumed>) = 0 [pid 1076] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1076] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1078] <... futex resumed>) = 1 [pid 1078] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1078] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1076] <... futex resumed>) = 0 [pid 1076] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1076] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1078] <... futex resumed>) = 1 [pid 1078] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1078] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1076] <... futex resumed>) = 0 [pid 1076] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1076] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1078] <... futex resumed>) = 1 [pid 1078] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1078] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1076] <... futex resumed>) = 0 [pid 1078] <... futex resumed>) = 1 [pid 1078] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1077 attached [pid 1077] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1077] memfd_create("syzkaller", 0) = 5 [pid 1077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1077] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1077] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 41.492683][ T1074] loop0: detected capacity change from 0 to 256 [ 41.500153][ T1074] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.510721][ T1074] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 41.521145][ T1074] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1077] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1077] close(5) = 0 [pid 1077] close(6) = 0 [pid 1077] mkdir("./file0", 0777) = 0 [pid 1077] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1077] chdir("./file0") = 0 [pid 1077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1077] ioctl(6, LOOP_CLR_FD) = 0 [pid 1077] close(6) = 0 [pid 1077] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1077] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1076] exit_group(0 [pid 1078] <... futex resumed>) = ? [pid 1076] <... exit_group resumed>) = ? [pid 1078] +++ exited with 0 +++ [pid 1077] <... futex resumed>) = ? [pid 1077] +++ exited with 0 +++ [pid 1076] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1076, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./253", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./253/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./253/binderfs") = 0 umount2("./253/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./253/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./253/bus") = 0 umount2("./253/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./253/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./253/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./253/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./253") = 0 mkdir("./254", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1079 ./strace-static-x86_64: Process 1079 attached [pid 1079] set_robust_list(0x5555720a9760, 24) = 0 [pid 1079] chdir("./254") = 0 [pid 1079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1079] setpgid(0, 0) = 0 [pid 1079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1079] write(3, "1000", 4) = 4 [pid 1079] close(3) = 0 [pid 1079] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1079] write(1, "executing program\n", 18) = 18 [pid 1079] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1079] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1079] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1079] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1080]}, 88) = 1080 [pid 1079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1079] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1079] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1079] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1079] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1081]}, 88) = 1081 ./strace-static-x86_64: Process 1080 attached [pid 1079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1079] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1079] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1081 attached [pid 1081] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1081] creat("./bus", 000 [pid 1080] set_robust_list(0x7f9ba44469a0, 24 [pid 1081] <... creat resumed>) = 3 [pid 1080] <... set_robust_list resumed>) = 0 [pid 1080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1080] memfd_create("syzkaller", 0 [pid 1081] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1080] <... memfd_create resumed>) = 4 [pid 1080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1081] <... futex resumed>) = 1 [pid 1079] <... futex resumed>) = 0 [pid 1079] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1079] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1081] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1080] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1081] <... mount resumed>) = 0 [pid 1081] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1081] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1080] <... write resumed>) = 131072 [pid 1079] <... futex resumed>) = 0 [pid 1080] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1079] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1080] ioctl(5, LOOP_SET_FD, 4 [pid 1081] <... futex resumed>) = 0 [pid 1079] <... futex resumed>) = 1 [pid 1079] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1081] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [ 41.561492][ T1077] loop0: detected capacity change from 0 to 256 [ 41.569252][ T1077] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.580069][ T1077] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 41.590958][ T1077] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1081] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1079] <... futex resumed>) = 0 [pid 1079] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1079] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1081] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 1081] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1079] <... futex resumed>) = 0 [pid 1081] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1080] <... ioctl resumed>) = 0 [pid 1080] close(4) = 0 [pid 1080] close(5) = 0 [pid 1080] mkdir("./file0", 0777) = 0 [pid 1080] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 1080] chdir("./file0") = 0 [pid 1080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1080] ioctl(5, LOOP_CLR_FD) = 0 [pid 1080] close(5) = 0 [pid 1080] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1080] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1079] exit_group(0) = ? [pid 1081] <... futex resumed>) = ? [pid 1080] <... futex resumed>) = ? [pid 1081] +++ exited with 0 +++ [pid 1080] +++ exited with 0 +++ [pid 1079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1079, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./254", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./254/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./254/binderfs") = 0 umount2("./254/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./254/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./254/bus") = 0 umount2("./254/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./254/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./254/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./254/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./254") = 0 mkdir("./255", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1082 ./strace-static-x86_64: Process 1082 attached [pid 1082] set_robust_list(0x5555720a9760, 24) = 0 [pid 1082] chdir("./255") = 0 [pid 1082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1082] setpgid(0, 0) = 0 [pid 1082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1082] write(3, "1000", 4) = 4 [pid 1082] close(3) = 0 [pid 1082] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1082] write(1, "executing program\n", 18) = 18 [pid 1082] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1082] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1082] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1083]}, 88) = 1083 [pid 1082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1082] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1082] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1082] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1082] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1084]}, 88) = 1084 [pid 1082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1082] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1084 attached [pid 1084] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1084] creat("./bus", 000) = 3 [pid 1084] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1084] <... futex resumed>) = 1 [pid 1084] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1084] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1084] <... futex resumed>) = 1 [pid 1084] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1084] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1082] <... futex resumed>) = 0 [pid 1082] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1082] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1084] <... futex resumed>) = 1 [pid 1084] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1084] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1082] <... futex resumed>) = 0 [pid 1084] <... futex resumed>) = 1 [pid 1084] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1083 attached [pid 1083] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1083] memfd_create("syzkaller", 0) = 5 [pid 1083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1083] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1083] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 41.626880][ T1080] loop0: detected capacity change from 0 to 256 [ 41.635349][ T1080] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.645883][ T1080] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 41.656289][ T1080] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1083] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1083] close(5) = 0 [pid 1083] close(6) = 0 [pid 1083] mkdir("./file0", 0777) = 0 [pid 1083] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1083] chdir("./file0") = 0 [pid 1083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1083] ioctl(6, LOOP_CLR_FD) = 0 [pid 1083] close(6) = 0 [pid 1083] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1083] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1082] exit_group(0 [pid 1084] <... futex resumed>) = ? [pid 1082] <... exit_group resumed>) = ? [pid 1084] +++ exited with 0 +++ [pid 1083] <... futex resumed>) = ? [pid 1083] +++ exited with 0 +++ [pid 1082] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1082, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./255", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./255/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./255/binderfs") = 0 umount2("./255/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./255/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./255/bus") = 0 umount2("./255/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./255/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./255/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./255/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./255") = 0 mkdir("./256", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1085 ./strace-static-x86_64: Process 1085 attached [pid 1085] set_robust_list(0x5555720a9760, 24) = 0 [pid 1085] chdir("./256") = 0 [pid 1085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1085] setpgid(0, 0) = 0 [pid 1085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1085] write(3, "1000", 4) = 4 [pid 1085] close(3) = 0 [pid 1085] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1085] write(1, "executing program\n", 18) = 18 [pid 1085] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1085] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1085] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1085] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1086]}, 88) = 1086 [pid 1085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 1086 attached [pid 1085] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1085] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1085] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1085] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1085] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1085] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 1086] set_robust_list(0x7f9ba44469a0, 24./strace-static-x86_64: Process 1087 attached [pid 1085] <... clone3 resumed> => {parent_tid=[1087]}, 88) = 1087 [pid 1085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1085] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1085] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1086] <... set_robust_list resumed>) = 0 [pid 1086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1086] memfd_create("syzkaller", 0) = 3 [pid 1086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1087] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1087] creat("./bus", 000) = 4 [pid 1086] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1087] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1087] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1085] <... futex resumed>) = 0 [pid 1085] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1085] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1087] <... futex resumed>) = 0 [pid 1086] <... write resumed>) = 131072 [pid 1087] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1086] munmap(0x7f9b9c005000, 138412032 [pid 1087] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1085] <... futex resumed>) = 0 [pid 1085] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1085] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1087] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 1087] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1085] <... futex resumed>) = 0 [pid 1085] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1085] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1087] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1087] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1085] <... futex resumed>) = 0 [pid 1087] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1086] <... munmap resumed>) = 0 [pid 1086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 41.700166][ T1083] loop0: detected capacity change from 0 to 256 [ 41.708098][ T1083] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.718850][ T1083] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 41.729662][ T1083] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1086] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 1086] close(3) = 0 [pid 1086] close(6) = 0 [pid 1086] mkdir("./file0", 0777) = 0 [pid 1086] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1086] chdir("./file0") = 0 [pid 1086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1086] ioctl(6, LOOP_CLR_FD) = 0 [pid 1086] close(6) = 0 [pid 1086] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1086] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1085] exit_group(0 [pid 1087] <... futex resumed>) = ? [pid 1087] +++ exited with 0 +++ [pid 1085] <... exit_group resumed>) = ? [pid 1086] <... futex resumed>) = ? [pid 1086] +++ exited with 0 +++ [pid 1085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1085, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./256", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./256/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./256/binderfs") = 0 umount2("./256/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./256/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./256/bus") = 0 umount2("./256/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./256/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./256/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./256/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./256") = 0 mkdir("./257", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1088 ./strace-static-x86_64: Process 1088 attached [pid 1088] set_robust_list(0x5555720a9760, 24) = 0 [pid 1088] chdir("./257") = 0 [pid 1088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1088] setpgid(0, 0) = 0 [pid 1088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1088] write(3, "1000", 4) = 4 [pid 1088] close(3) = 0 [pid 1088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1088] write(1, "executing program\n", 18executing program ) = 18 [pid 1088] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1088] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1088] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1089]}, 88) = 1089 [pid 1088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1088] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1088] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 1089 attached [pid 1088] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1090]}, 88) = 1090 [pid 1088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1088] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1090 attached [pid 1090] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1090] creat("./bus", 000) = 3 [pid 1089] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1089] memfd_create("syzkaller", 0 [pid 1090] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1089] <... memfd_create resumed>) = 4 [pid 1088] <... futex resumed>) = 0 [pid 1089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1088] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1088] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1089] <... mmap resumed>) = 0x7f9b9c005000 [pid 1090] <... futex resumed>) = 1 [pid 1090] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1090] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1090] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 1089] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1088] <... futex resumed>) = 0 [pid 1088] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1090] <... open resumed>) = 5 [pid 1090] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1089] <... write resumed>) = 131072 [pid 1088] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1090] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 1088] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1090] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 1090] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1088] <... futex resumed>) = 0 [pid 1090] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1089] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 41.767640][ T1086] loop0: detected capacity change from 0 to 256 [ 41.775105][ T1086] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.785732][ T1086] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 41.796191][ T1086] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1089] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 1089] close(4) = 0 [pid 1089] close(6) = 0 [pid 1089] mkdir("./file0", 0777) = 0 [pid 1089] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 1089] chdir("./file0") = 0 [pid 1089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1089] ioctl(6, LOOP_CLR_FD) = 0 [pid 1089] close(6) = 0 [pid 1089] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1089] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1088] exit_group(0 [pid 1090] <... futex resumed>) = ? [pid 1088] <... exit_group resumed>) = ? [pid 1090] +++ exited with 0 +++ [pid 1089] <... futex resumed>) = ? [pid 1089] +++ exited with 0 +++ [pid 1088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1088, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./257", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./257/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./257/binderfs") = 0 umount2("./257/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./257/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./257/bus") = 0 umount2("./257/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./257/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./257/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./257/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./257") = 0 mkdir("./258", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1092 ./strace-static-x86_64: Process 1092 attached [pid 1092] set_robust_list(0x5555720a9760, 24) = 0 [pid 1092] chdir("./258") = 0 [pid 1092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1092] setpgid(0, 0) = 0 [pid 1092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1092] write(3, "1000", 4) = 4 [pid 1092] close(3) = 0 [pid 1092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1092] write(1, "executing program\n", 18executing program ) = 18 [pid 1092] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1092] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1092] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1092] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1093]}, 88) = 1093 [pid 1092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1092] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1092] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1092] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1094]}, 88) = 1094 [pid 1092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1092] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1092] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1094 attached [pid 1094] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1094] creat("./bus", 000) = 3 [pid 1094] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1092] <... futex resumed>) = 0 [pid 1092] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1092] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1094] <... futex resumed>) = 1 [pid 1094] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1094] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1092] <... futex resumed>) = 0 [pid 1092] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1092] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1094] <... futex resumed>) = 1 [pid 1094] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1094] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1092] <... futex resumed>) = 0 [pid 1092] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1092] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1094] <... futex resumed>) = 1 [pid 1094] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1094] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1092] <... futex resumed>) = 0 [pid 1094] <... futex resumed>) = 1 [pid 1094] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1093 attached [pid 1093] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1093] memfd_create("syzkaller", 0) = 5 [pid 1093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1093] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1093] munmap(0x7f9b9c005000, 138412032) = 0 [ 41.837273][ T1089] loop0: detected capacity change from 0 to 256 [ 41.846272][ T1089] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.856825][ T1089] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 41.867753][ T1089] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1093] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1093] close(5) = 0 [pid 1093] close(6) = 0 [pid 1093] mkdir("./file0", 0777) = 0 [pid 1093] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1093] chdir("./file0") = 0 [pid 1093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1093] ioctl(6, LOOP_CLR_FD) = 0 [pid 1093] close(6) = 0 [pid 1093] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1093] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1092] exit_group(0 [pid 1094] <... futex resumed>) = ? [pid 1092] <... exit_group resumed>) = ? [pid 1094] +++ exited with 0 +++ [pid 1093] <... futex resumed>) = ? [pid 1093] +++ exited with 0 +++ [pid 1092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1092, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./258", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./258/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./258/binderfs") = 0 umount2("./258/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./258/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./258/bus") = 0 umount2("./258/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./258/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./258/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./258/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./258") = 0 mkdir("./259", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1095 ./strace-static-x86_64: Process 1095 attached [pid 1095] set_robust_list(0x5555720a9760, 24) = 0 [pid 1095] chdir("./259") = 0 [pid 1095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1095] setpgid(0, 0) = 0 [pid 1095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 1095] write(3, "1000", 4) = 4 [pid 1095] close(3) = 0 [pid 1095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1095] write(1, "executing program\n", 18) = 18 [pid 1095] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1095] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1095] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1096]}, 88) = 1096 [pid 1095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1095] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1095] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1095] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1095] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1097]}, 88) = 1097 [pid 1095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1095] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1095] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1097 attached [pid 1097] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1097] creat("./bus", 000) = 3 [pid 1097] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1095] <... futex resumed>) = 0 [pid 1095] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1095] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1097] <... futex resumed>) = 1 [pid 1097] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1097] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1095] <... futex resumed>) = 0 [pid 1095] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1095] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1097] <... futex resumed>) = 1 [pid 1097] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1097] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1095] <... futex resumed>) = 0 [pid 1095] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1095] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1097] <... futex resumed>) = 1 [pid 1097] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1097] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1095] <... futex resumed>) = 0 [pid 1097] <... futex resumed>) = 1 [pid 1097] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1096 attached [pid 1096] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1096] memfd_create("syzkaller", 0) = 5 [pid 1096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1096] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1096] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 41.907641][ T1093] loop0: detected capacity change from 0 to 256 [ 41.915574][ T1093] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.926276][ T1093] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 41.936957][ T1093] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1096] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1096] close(5) = 0 [pid 1096] close(6) = 0 [pid 1096] mkdir("./file0", 0777) = 0 [pid 1096] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1096] chdir("./file0") = 0 [pid 1096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1096] ioctl(6, LOOP_CLR_FD) = 0 [pid 1096] close(6) = 0 [pid 1096] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1096] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1095] exit_group(0 [pid 1097] <... futex resumed>) = ? [pid 1095] <... exit_group resumed>) = ? [pid 1097] +++ exited with 0 +++ [pid 1096] <... futex resumed>) = ? [pid 1096] +++ exited with 0 +++ [pid 1095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1095, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./259", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./259/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./259/binderfs") = 0 umount2("./259/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./259/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./259/bus") = 0 umount2("./259/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./259/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./259/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./259/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./259") = 0 mkdir("./260", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1098 ./strace-static-x86_64: Process 1098 attached [pid 1098] set_robust_list(0x5555720a9760, 24) = 0 [pid 1098] chdir("./260") = 0 [pid 1098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1098] setpgid(0, 0) = 0 [pid 1098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1098] write(3, "1000", 4) = 4 [pid 1098] close(3) = 0 executing program [pid 1098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1098] write(1, "executing program\n", 18) = 18 [pid 1098] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1098] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1098] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1098] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1099]}, 88) = 1099 [pid 1098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1098] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1098] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1098] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1100]}, 88) = 1100 [pid 1098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1098] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1098] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1100 attached [pid 1100] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1100] creat("./bus", 000) = 3 [pid 1100] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1098] <... futex resumed>) = 0 [pid 1098] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1098] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1100] <... futex resumed>) = 1 [pid 1100] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1100] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1098] <... futex resumed>) = 0 [pid 1098] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1098] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1100] <... futex resumed>) = 1 [pid 1100] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1100] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1098] <... futex resumed>) = 0 [pid 1098] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1098] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1100] <... futex resumed>) = 1 [pid 1100] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1100] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1098] <... futex resumed>) = 0 [pid 1100] <... futex resumed>) = 1 [pid 1100] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1099 attached [pid 1099] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1099] memfd_create("syzkaller", 0) = 5 [pid 1099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1099] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1099] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1099] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1099] close(5) = 0 [pid 1099] close(6) = 0 [ 41.972856][ T1096] loop0: detected capacity change from 0 to 256 [ 41.982262][ T1096] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 41.992745][ T1096] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 42.004035][ T1096] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1099] mkdir("./file0", 0777) = 0 [ 42.041884][ T1099] loop0: detected capacity change from 0 to 256 [ 42.060560][ T1099] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.071159][ T1099] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [pid 1099] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1099] chdir("./file0") = 0 [pid 1099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1099] ioctl(6, LOOP_CLR_FD) = 0 [pid 1099] close(6) = 0 [pid 1099] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1099] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1098] exit_group(0) = ? [pid 1099] <... futex resumed>) = ? [pid 1099] +++ exited with 0 +++ [pid 1100] <... futex resumed>) = ? [pid 1100] +++ exited with 0 +++ [pid 1098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1098, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./260", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./260/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./260/binderfs") = 0 umount2("./260/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./260/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./260/bus") = 0 umount2("./260/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./260/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./260/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./260/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./260") = 0 mkdir("./261", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1101 ./strace-static-x86_64: Process 1101 attached [pid 1101] set_robust_list(0x5555720a9760, 24) = 0 executing program [pid 1101] chdir("./261") = 0 [pid 1101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1101] setpgid(0, 0) = 0 [pid 1101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1101] write(3, "1000", 4) = 4 [pid 1101] close(3) = 0 [pid 1101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1101] write(1, "executing program\n", 18) = 18 [pid 1101] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1101] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1101] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1101] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1102]}, 88) = 1102 [pid 1101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1101] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1101] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1101] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1101] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1103]}, 88) = 1103 [pid 1101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1101] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1101] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1103 attached [pid 1103] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1103] creat("./bus", 000) = 3 [pid 1103] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1101] <... futex resumed>) = 0 [pid 1101] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1101] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1103] <... futex resumed>) = 1 [pid 1103] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1103] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1101] <... futex resumed>) = 0 [pid 1101] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1101] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1103] <... futex resumed>) = 1 [pid 1103] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1103] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1101] <... futex resumed>) = 0 [pid 1101] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1101] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1103] <... futex resumed>) = 1 [pid 1103] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1103] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1101] <... futex resumed>) = 0 [pid 1103] <... futex resumed>) = 1 [pid 1103] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1102 attached [pid 1102] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1102] memfd_create("syzkaller", 0) = 5 [pid 1102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1102] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1102] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 42.082159][ T1099] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1102] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1102] close(5) = 0 [pid 1102] close(6) = 0 [pid 1102] mkdir("./file0", 0777) = 0 [pid 1102] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1102] chdir("./file0") = 0 [pid 1102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1102] ioctl(6, LOOP_CLR_FD) = 0 [pid 1102] close(6) = 0 [pid 1102] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1102] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1101] exit_group(0 [pid 1103] <... futex resumed>) = ? [pid 1101] <... exit_group resumed>) = ? [pid 1103] +++ exited with 0 +++ [pid 1102] <... futex resumed>) = ? [pid 1102] +++ exited with 0 +++ [pid 1101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1101, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./261", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./261/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./261/binderfs") = 0 umount2("./261/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./261/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./261/bus") = 0 umount2("./261/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./261/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./261/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./261/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./261") = 0 mkdir("./262", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1104 ./strace-static-x86_64: Process 1104 attached [pid 1104] set_robust_list(0x5555720a9760, 24) = 0 [pid 1104] chdir("./262") = 0 [pid 1104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1104] setpgid(0, 0) = 0 [pid 1104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1104] write(3, "1000", 4) = 4 [pid 1104] close(3) = 0 [pid 1104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1104] write(1, "executing program\n", 18) = 18 [pid 1104] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1104] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1104] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1104] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1105]}, 88) = 1105 [pid 1104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1104] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1104] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1104] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1106]}, 88) = 1106 [pid 1104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1104] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1104] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1106 attached [pid 1106] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1106] creat("./bus", 000) = 3 [pid 1106] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1104] <... futex resumed>) = 0 [pid 1104] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1104] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1106] <... futex resumed>) = 1 [pid 1106] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1106] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1104] <... futex resumed>) = 0 [pid 1104] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1104] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1106] <... futex resumed>) = 1 [pid 1106] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1106] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1104] <... futex resumed>) = 0 [pid 1104] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1104] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1106] <... futex resumed>) = 1 [pid 1106] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1106] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1104] <... futex resumed>) = 0 [pid 1106] <... futex resumed>) = 1 [pid 1106] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1105 attached [pid 1105] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1105] memfd_create("syzkaller", 0) = 5 [pid 1105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1105] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1105] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 42.119200][ T1102] loop0: detected capacity change from 0 to 256 [ 42.126768][ T1102] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.137447][ T1102] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 42.148218][ T1102] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1105] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1105] close(5) = 0 [pid 1105] close(6) = 0 [pid 1105] mkdir("./file0", 0777) = 0 [pid 1105] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1105] chdir("./file0") = 0 [pid 1105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1105] ioctl(6, LOOP_CLR_FD) = 0 [pid 1105] close(6) = 0 [pid 1105] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1105] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1104] exit_group(0 [pid 1106] <... futex resumed>) = ? [pid 1104] <... exit_group resumed>) = ? [pid 1106] +++ exited with 0 +++ [pid 1105] <... futex resumed>) = ? [pid 1105] +++ exited with 0 +++ [pid 1104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1104, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./262", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./262/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./262/binderfs") = 0 umount2("./262/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./262/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./262/bus") = 0 umount2("./262/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./262/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./262/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./262/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./262") = 0 mkdir("./263", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1107 ./strace-static-x86_64: Process 1107 attached [pid 1107] set_robust_list(0x5555720a9760, 24) = 0 [pid 1107] chdir("./263") = 0 [pid 1107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1107] setpgid(0, 0) = 0 [pid 1107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1107] write(3, "1000", 4) = 4 [pid 1107] close(3) = 0 [pid 1107] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1107] write(1, "executing program\n", 18) = 18 [pid 1107] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1107] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1107] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1107] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1107] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1108 attached => {parent_tid=[1108]}, 88) = 1108 [pid 1107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1107] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1107] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1108] set_robust_list(0x7f9ba44469a0, 24 [pid 1107] <... mmap resumed>) = 0x7f9ba4405000 [pid 1108] <... set_robust_list resumed>) = 0 [pid 1108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1108] memfd_create("syzkaller", 0 [pid 1107] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 1108] <... memfd_create resumed>) = 3 [pid 1108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1107] <... mprotect resumed>) = 0 [pid 1107] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1107] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 1109 attached => {parent_tid=[1109]}, 88) = 1109 [pid 1109] set_robust_list(0x7f9ba44259a0, 24 [pid 1107] rt_sigprocmask(SIG_SETMASK, [], [pid 1109] <... set_robust_list resumed>) = 0 [pid 1107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1109] rt_sigprocmask(SIG_SETMASK, [], [pid 1108] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1107] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1107] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1109] creat("./bus", 000) = 4 [pid 1109] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1107] <... futex resumed>) = 0 [pid 1107] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1107] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1109] <... futex resumed>) = 1 [pid 1109] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1109] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1107] <... futex resumed>) = 0 [pid 1107] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1107] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1109] <... futex resumed>) = 1 [pid 1109] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 1109] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1107] <... futex resumed>) = 0 [pid 1107] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1107] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1109] <... futex resumed>) = 1 [pid 1109] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1109] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1107] <... futex resumed>) = 0 [pid 1109] <... futex resumed>) = 1 [pid 1109] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1108] <... write resumed>) = 131072 [pid 1108] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 42.186406][ T1105] loop0: detected capacity change from 0 to 256 [ 42.193922][ T1105] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.204492][ T1105] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 42.215148][ T1105] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1108] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 1108] close(3) = 0 [pid 1108] close(6) = 0 [pid 1108] mkdir("./file0", 0777) = 0 [pid 1108] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1108] chdir("./file0") = 0 [pid 1108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1108] ioctl(6, LOOP_CLR_FD) = 0 [pid 1108] close(6) = 0 [pid 1108] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1108] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1107] exit_group(0) = ? [pid 1109] <... futex resumed>) = ? [pid 1109] +++ exited with 0 +++ [pid 1108] <... futex resumed>) = ? [pid 1108] +++ exited with 0 +++ [pid 1107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1107, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./263", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./263/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./263/binderfs") = 0 umount2("./263/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./263/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./263/bus") = 0 umount2("./263/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./263/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./263/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./263/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./263") = 0 mkdir("./264", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1110 ./strace-static-x86_64: Process 1110 attached [pid 1110] set_robust_list(0x5555720a9760, 24) = 0 [pid 1110] chdir("./264") = 0 [pid 1110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1110] setpgid(0, 0) = 0 [pid 1110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1110] write(3, "1000", 4) = 4 [pid 1110] close(3) = 0 [pid 1110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1110] write(1, "executing program\n", 18) = 18 [pid 1110] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1110] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1110] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1110] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1111]}, 88) = 1111 [pid 1110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1110] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1110] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1110] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1112]}, 88) = 1112 [pid 1110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1110] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1110] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1112 attached [pid 1112] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1112] creat("./bus", 000) = 3 [pid 1112] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1110] <... futex resumed>) = 0 [pid 1110] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1110] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1112] <... futex resumed>) = 1 [pid 1112] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1112] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1110] <... futex resumed>) = 0 [pid 1110] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1110] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1112] <... futex resumed>) = 1 [pid 1112] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1112] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1110] <... futex resumed>) = 0 [pid 1110] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1110] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1112] <... futex resumed>) = 1 [pid 1112] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1112] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1110] <... futex resumed>) = 0 [pid 1112] <... futex resumed>) = 1 [pid 1112] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1111 attached [pid 1111] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1111] memfd_create("syzkaller", 0) = 5 [pid 1111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1111] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1111] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 42.251116][ T1108] loop0: detected capacity change from 0 to 256 [ 42.259736][ T1108] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.270333][ T1108] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 42.280995][ T1108] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1111] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1111] close(5) = 0 [pid 1111] close(6) = 0 [pid 1111] mkdir("./file0", 0777) = 0 [pid 1111] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1111] chdir("./file0") = 0 [pid 1111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1111] ioctl(6, LOOP_CLR_FD) = 0 [pid 1111] close(6) = 0 [pid 1111] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1111] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1110] exit_group(0 [pid 1112] <... futex resumed>) = ? [pid 1110] <... exit_group resumed>) = ? [pid 1112] +++ exited with 0 +++ [pid 1111] <... futex resumed>) = ? [pid 1111] +++ exited with 0 +++ [pid 1110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1110, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./264", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./264/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./264/binderfs") = 0 umount2("./264/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./264/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./264/bus") = 0 umount2("./264/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./264/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./264/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./264/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./264") = 0 mkdir("./265", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1113 ./strace-static-x86_64: Process 1113 attached [pid 1113] set_robust_list(0x5555720a9760, 24) = 0 [pid 1113] chdir("./265") = 0 [pid 1113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1113] setpgid(0, 0) = 0 [pid 1113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1113] write(3, "1000", 4) = 4 [pid 1113] close(3) = 0 [pid 1113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1113] write(1, "executing program\n", 18executing program ) = 18 [pid 1113] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1113] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1113] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1113] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1114]}, 88) = 1114 [pid 1113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1113] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1113] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1113] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1115]}, 88) = 1115 [pid 1113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1113] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1113] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1114 attached [pid 1114] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1114] memfd_create("syzkaller", 0./strace-static-x86_64: Process 1115 attached ) = 3 [pid 1114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1115] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1115] creat("./bus", 000) = 4 [pid 1115] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1113] <... futex resumed>) = 0 [pid 1113] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1114] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1113] <... futex resumed>) = 0 [pid 1115] <... futex resumed>) = 1 [pid 1113] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1115] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1114] <... write resumed>) = 131072 [pid 1115] <... mount resumed>) = 0 [pid 1114] munmap(0x7f9b9c005000, 138412032 [pid 1115] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1113] <... futex resumed>) = 0 [pid 1113] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1113] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1115] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 1114] <... munmap resumed>) = 0 [pid 1114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1114] ioctl(5, LOOP_SET_FD, 3 [pid 1115] <... open resumed>) = 6 [pid 1115] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 42.316421][ T1111] loop0: detected capacity change from 0 to 256 [ 42.323978][ T1111] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.334609][ T1111] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 42.345121][ T1111] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1115] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1113] <... futex resumed>) = 0 [pid 1113] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1113] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1115] <... futex resumed>) = 0 [pid 1115] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 1115] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1113] <... futex resumed>) = 0 [pid 1115] <... futex resumed>) = 1 [pid 1115] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1114] <... ioctl resumed>) = 0 [pid 1114] close(3) = 0 [pid 1114] close(5) = 0 [pid 1114] mkdir("./file0", 0777) = 0 [pid 1114] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1114] chdir("./file0") = 0 [pid 1114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1114] ioctl(5, LOOP_CLR_FD) = 0 [pid 1114] close(5) = 0 [pid 1114] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1114] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1113] exit_group(0 [pid 1115] <... futex resumed>) = ? [pid 1113] <... exit_group resumed>) = ? [pid 1115] +++ exited with 0 +++ [pid 1114] <... futex resumed>) = ? [pid 1114] +++ exited with 0 +++ [pid 1113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1113, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./265", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./265/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./265/binderfs") = 0 umount2("./265/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./265/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./265/bus") = 0 umount2("./265/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./265/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./265/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./265/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./265") = 0 mkdir("./266", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1116 ./strace-static-x86_64: Process 1116 attached [pid 1116] set_robust_list(0x5555720a9760, 24) = 0 [pid 1116] chdir("./266") = 0 [pid 1116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1116] setpgid(0, 0) = 0 [pid 1116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1116] write(3, "1000", 4) = 4 [pid 1116] close(3) = 0 [pid 1116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1116] write(1, "executing program\n", 18executing program ) = 18 [pid 1116] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1116] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1116] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1116] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1117]}, 88) = 1117 ./strace-static-x86_64: Process 1117 attached [pid 1116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1116] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1116] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1117] set_robust_list(0x7f9ba44469a0, 24 [pid 1116] <... mmap resumed>) = 0x7f9ba4405000 [pid 1117] <... set_robust_list resumed>) = 0 [pid 1117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1117] memfd_create("syzkaller", 0 [pid 1116] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 1117] <... memfd_create resumed>) = 3 [pid 1117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1116] <... mprotect resumed>) = 0 [pid 1116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1118]}, 88) = 1118 [pid 1116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 1118 attached [pid 1117] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1116] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1118] set_robust_list(0x7f9ba44259a0, 24 [pid 1116] <... futex resumed>) = 0 [pid 1118] <... set_robust_list resumed>) = 0 [pid 1118] rt_sigprocmask(SIG_SETMASK, [], [pid 1116] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1117] <... write resumed>) = 131072 [pid 1118] creat("./bus", 000 [pid 1117] munmap(0x7f9b9c005000, 138412032 [pid 1118] <... creat resumed>) = 4 [pid 1118] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1117] <... munmap resumed>) = 0 [pid 1116] <... futex resumed>) = 0 [pid 1116] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1116] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1118] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1118] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1116] <... futex resumed>) = 0 [pid 1116] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1116] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1118] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 1118] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1117] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1116] <... futex resumed>) = 0 [pid 1118] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1117] <... openat resumed>) = 6 [pid 1116] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1117] ioctl(6, LOOP_SET_FD, 3 [pid 1118] <... futex resumed>) = 0 [pid 1116] <... futex resumed>) = 1 [pid 1116] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 42.382999][ T1114] loop0: detected capacity change from 0 to 256 [ 42.390760][ T1114] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.401259][ T1114] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 42.411856][ T1114] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1118] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 1118] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1116] <... futex resumed>) = 0 [pid 1118] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1117] <... ioctl resumed>) = 0 [pid 1117] close(3) = 0 [pid 1117] close(6) = 0 [pid 1117] mkdir("./file0", 0777) = 0 [pid 1117] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1117] chdir("./file0") = 0 [pid 1117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1117] ioctl(6, LOOP_CLR_FD) = 0 [pid 1117] close(6) = 0 [pid 1117] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1117] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1116] exit_group(0) = ? [pid 1117] <... futex resumed>) = ? [pid 1117] +++ exited with 0 +++ [pid 1118] <... futex resumed>) = ? [pid 1118] +++ exited with 0 +++ [pid 1116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1116, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./266", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./266/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./266/binderfs") = 0 umount2("./266/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./266/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./266/bus") = 0 umount2("./266/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./266/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./266/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./266/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./266") = 0 mkdir("./267", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1119 ./strace-static-x86_64: Process 1119 attached [pid 1119] set_robust_list(0x5555720a9760, 24) = 0 [pid 1119] chdir("./267") = 0 [pid 1119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1119] setpgid(0, 0) = 0 [pid 1119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1119] write(3, "1000", 4) = 4 [pid 1119] close(3) = 0 [pid 1119] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1119] write(1, "executing program\n", 18) = 18 [pid 1119] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1119] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1119] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1120]}, 88) = 1120 [pid 1119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1119] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1119] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1119] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1121]}, 88) = 1121 [pid 1119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1119] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1119] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1120 attached [pid 1120] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1120] memfd_create("syzkaller", 0./strace-static-x86_64: Process 1121 attached ) = 3 [pid 1120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1121] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1121] creat("./bus", 000 [pid 1120] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1121] <... creat resumed>) = 4 [pid 1121] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1119] <... futex resumed>) = 0 [pid 1119] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1121] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1120] <... write resumed>) = 131072 [pid 1119] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1120] munmap(0x7f9b9c005000, 138412032 [pid 1121] <... mount resumed>) = 0 [pid 1121] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] <... futex resumed>) = 0 [pid 1119] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1119] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1121] <... futex resumed>) = 1 [pid 1121] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 1121] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] <... futex resumed>) = 0 [pid 1119] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1119] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1121] <... futex resumed>) = 1 [pid 1121] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1121] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1119] <... futex resumed>) = 0 [pid 1121] <... futex resumed>) = 1 [pid 1121] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1120] <... munmap resumed>) = 0 [pid 1120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 42.450287][ T1117] loop0: detected capacity change from 0 to 256 [ 42.458389][ T1117] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.468990][ T1117] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 42.479520][ T1117] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1120] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 1120] close(3) = 0 [pid 1120] close(6) = 0 [pid 1120] mkdir("./file0", 0777) = 0 [pid 1120] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1120] chdir("./file0") = 0 [pid 1120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1120] ioctl(6, LOOP_CLR_FD) = 0 [pid 1120] close(6) = 0 [pid 1120] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1120] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1119] exit_group(0) = ? [pid 1120] <... futex resumed>) = ? [pid 1120] +++ exited with 0 +++ [pid 1121] <... futex resumed>) = ? [pid 1121] +++ exited with 0 +++ [pid 1119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1119, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./267", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./267/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./267/binderfs") = 0 umount2("./267/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./267/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./267/bus") = 0 umount2("./267/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./267/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./267/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./267/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./267") = 0 mkdir("./268", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1122 attached , child_tidptr=0x5555720a9750) = 1122 [pid 1122] set_robust_list(0x5555720a9760, 24) = 0 [pid 1122] chdir("./268") = 0 [pid 1122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1122] setpgid(0, 0) = 0 [pid 1122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 1122] write(3, "1000", 4) = 4 [pid 1122] close(3) = 0 [pid 1122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1122] write(1, "executing program\n", 18) = 18 [pid 1122] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1122] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1122] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1123]}, 88) = 1123 [pid 1122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1122] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1122] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1122] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 1123 attached ) = 0 [pid 1123] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1122] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1123] memfd_create("syzkaller", 0 [pid 1122] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 1124 attached [pid 1123] <... memfd_create resumed>) = 3 [pid 1122] <... clone3 resumed> => {parent_tid=[1124]}, 88) = 1124 [pid 1122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1122] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1122] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1124] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1124] creat("./bus", 000 [pid 1123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1124] <... creat resumed>) = 4 [pid 1124] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1122] <... futex resumed>) = 0 [pid 1122] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1122] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1124] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1123] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1124] <... mount resumed>) = 0 [pid 1124] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1122] <... futex resumed>) = 0 [pid 1124] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1123] <... write resumed>) = 131072 [pid 1123] munmap(0x7f9b9c005000, 138412032 [pid 1124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1122] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1123] <... munmap resumed>) = 0 [pid 1122] <... futex resumed>) = 0 [pid 1124] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 1123] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1122] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1124] <... open resumed>) = 5 [pid 1124] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1122] <... futex resumed>) = 0 [pid 1123] <... openat resumed>) = 6 [pid 1122] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1122] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 42.522170][ T1120] loop0: detected capacity change from 0 to 256 [ 42.529978][ T1120] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.540658][ T1120] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 42.551199][ T1120] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1124] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1124] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1123] ioctl(6, LOOP_SET_FD, 3 [pid 1122] <... futex resumed>) = 0 [pid 1124] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1123] <... ioctl resumed>) = 0 [pid 1123] close(3) = 0 [pid 1123] close(6) = 0 [pid 1123] mkdir("./file0", 0777) = 0 [pid 1123] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1123] chdir("./file0") = 0 [pid 1123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1123] ioctl(6, LOOP_CLR_FD) = 0 [pid 1123] close(6) = 0 [pid 1123] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1123] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1122] exit_group(0) = ? [pid 1123] <... futex resumed>) = ? [pid 1123] +++ exited with 0 +++ [pid 1124] <... futex resumed>) = ? [pid 1124] +++ exited with 0 +++ [pid 1122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1122, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./268", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./268/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./268/binderfs") = 0 umount2("./268/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./268/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./268/bus") = 0 umount2("./268/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./268/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./268/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./268/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./268") = 0 mkdir("./269", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1125 ./strace-static-x86_64: Process 1125 attached [pid 1125] set_robust_list(0x5555720a9760, 24) = 0 [pid 1125] chdir("./269") = 0 [pid 1125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1125] setpgid(0, 0) = 0 [pid 1125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1125] write(3, "1000", 4) = 4 [pid 1125] close(3) = 0 [pid 1125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1125] write(1, "executing program\n", 18executing program ) = 18 [pid 1125] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1125] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1125] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1126]}, 88) = 1126 [pid 1125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1125] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1125] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1125] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1127]}, 88) = 1127 ./strace-static-x86_64: Process 1127 attached ./strace-static-x86_64: Process 1126 attached [pid 1125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1125] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1125] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1127] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1127] creat("./bus", 000 [pid 1126] set_robust_list(0x7f9ba44469a0, 24 [pid 1127] <... creat resumed>) = 3 [pid 1126] <... set_robust_list resumed>) = 0 [pid 1126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1126] memfd_create("syzkaller", 0 [pid 1127] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1126] <... memfd_create resumed>) = 4 [pid 1126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1127] <... futex resumed>) = 1 [pid 1126] <... mmap resumed>) = 0x7f9b9c005000 [pid 1125] <... futex resumed>) = 0 [pid 1127] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1125] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1127] <... futex resumed>) = 0 [pid 1127] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1127] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1127] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1125] <... futex resumed>) = 1 [pid 1125] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1125] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1127] <... futex resumed>) = 0 [pid 1127] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 1127] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1127] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1125] <... futex resumed>) = 1 [pid 1125] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1125] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1127] <... futex resumed>) = 0 [pid 1127] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1127] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1127] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1125] <... futex resumed>) = 1 [pid 1125] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1126] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1126] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 42.590969][ T1123] loop0: detected capacity change from 0 to 256 [ 42.598749][ T1123] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.609455][ T1123] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 42.619368][ T1123] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1126] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 1126] close(4) = 0 [pid 1126] close(6) = 0 [pid 1126] mkdir("./file0", 0777) = 0 [pid 1126] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 1126] chdir("./file0") = 0 [pid 1126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1126] ioctl(6, LOOP_CLR_FD) = 0 [pid 1126] close(6) = 0 [pid 1126] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1126] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1125] exit_group(0 [pid 1127] <... futex resumed>) = ? [pid 1125] <... exit_group resumed>) = ? [pid 1127] +++ exited with 0 +++ [pid 1126] <... futex resumed>) = ? [pid 1126] +++ exited with 0 +++ [pid 1125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1125, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./269", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./269/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./269/binderfs") = 0 umount2("./269/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./269/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./269/bus") = 0 umount2("./269/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./269/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./269/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./269/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./269") = 0 mkdir("./270", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1128 ./strace-static-x86_64: Process 1128 attached [pid 1128] set_robust_list(0x5555720a9760, 24) = 0 [pid 1128] chdir("./270") = 0 [pid 1128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1128] setpgid(0, 0) = 0 executing program [pid 1128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1128] write(3, "1000", 4) = 4 [pid 1128] close(3) = 0 [pid 1128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1128] write(1, "executing program\n", 18) = 18 [pid 1128] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1128] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1128] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1129]}, 88) = 1129 [pid 1128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1128] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1128] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1128] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1130]}, 88) = 1130 [pid 1128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1128] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1128] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1130 attached [pid 1130] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1130] creat("./bus", 000) = 3 [pid 1130] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1128] <... futex resumed>) = 0 [pid 1128] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1128] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1130] <... futex resumed>) = 1 [pid 1130] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 1129 attached ) = 0 [pid 1129] set_robust_list(0x7f9ba44469a0, 24 [pid 1130] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1128] <... futex resumed>) = 0 [pid 1128] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1128] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1130] <... futex resumed>) = 1 [pid 1130] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 1129] <... set_robust_list resumed>) = 0 [pid 1130] <... open resumed>) = 4 [pid 1129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1129] memfd_create("syzkaller", 0 [pid 1130] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1129] <... memfd_create resumed>) = 5 [pid 1129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1130] <... futex resumed>) = 1 [pid 1128] <... futex resumed>) = 0 [pid 1128] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1130] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 1128] <... futex resumed>) = 0 [pid 1128] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1130] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 1130] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1128] <... futex resumed>) = 0 [pid 1130] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1129] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1129] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 42.659737][ T1126] loop0: detected capacity change from 0 to 256 [ 42.668391][ T1126] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.679017][ T1126] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 42.689667][ T1126] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1129] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1129] close(5) = 0 [pid 1129] close(6) = 0 [pid 1129] mkdir("./file0", 0777) = 0 [pid 1129] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1129] chdir("./file0") = 0 [pid 1129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1129] ioctl(6, LOOP_CLR_FD) = 0 [pid 1129] close(6) = 0 [pid 1129] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1129] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1128] exit_group(0 [pid 1130] <... futex resumed>) = ? [pid 1128] <... exit_group resumed>) = ? [pid 1130] +++ exited with 0 +++ [pid 1129] <... futex resumed>) = ? [pid 1129] +++ exited with 0 +++ [pid 1128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1128, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./270", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./270/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./270/binderfs") = 0 umount2("./270/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./270/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./270/bus") = 0 umount2("./270/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./270/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./270/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./270/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./270") = 0 mkdir("./271", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1131 ./strace-static-x86_64: Process 1131 attached [pid 1131] set_robust_list(0x5555720a9760, 24) = 0 [pid 1131] chdir("./271") = 0 [pid 1131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1131] setpgid(0, 0) = 0 [pid 1131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1131] write(3, "1000", 4) = 4 [pid 1131] close(3) = 0 [pid 1131] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1131] write(1, "executing program\n", 18) = 18 [pid 1131] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1131] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1131] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1131] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1132]}, 88) = 1132 [pid 1131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1131] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1131] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1131] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1133]}, 88) = 1133 [pid 1131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1131] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1131] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1133 attached [pid 1133] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1133] creat("./bus", 000) = 3 [pid 1133] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1131] <... futex resumed>) = 0 [pid 1131] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1131] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1133] <... futex resumed>) = 1 [pid 1133] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1133] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1131] <... futex resumed>) = 0 [pid 1131] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1131] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1133] <... futex resumed>) = 1 [pid 1133] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1133] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1131] <... futex resumed>) = 0 [pid 1131] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1131] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1133] <... futex resumed>) = 1 [pid 1133] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1133] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1131] <... futex resumed>) = 0 [pid 1133] <... futex resumed>) = 1 [pid 1133] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1132 attached [pid 1132] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1132] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1132] memfd_create("syzkaller", 0) = 5 [pid 1132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1132] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1132] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 42.728629][ T1129] loop0: detected capacity change from 0 to 256 [ 42.736154][ T1129] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.746886][ T1129] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 42.757313][ T1129] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1132] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1132] close(5) = 0 [pid 1132] close(6) = 0 [pid 1132] mkdir("./file0", 0777) = 0 [pid 1132] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1132] chdir("./file0") = 0 [pid 1132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1132] ioctl(6, LOOP_CLR_FD) = 0 [pid 1132] close(6) = 0 [pid 1132] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1132] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1131] exit_group(0) = ? [pid 1132] <... futex resumed>) = ? [pid 1132] +++ exited with 0 +++ [pid 1133] <... futex resumed>) = ? [pid 1133] +++ exited with 0 +++ [pid 1131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1131, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./271", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./271/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./271/binderfs") = 0 umount2("./271/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./271/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./271/bus") = 0 umount2("./271/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./271/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./271/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./271/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./271") = 0 mkdir("./272", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1134 ./strace-static-x86_64: Process 1134 attached [pid 1134] set_robust_list(0x5555720a9760, 24) = 0 [pid 1134] chdir("./272") = 0 [pid 1134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1134] setpgid(0, 0) = 0 [pid 1134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1134] write(3, "1000", 4) = 4 [pid 1134] close(3) = 0 [pid 1134] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1134] write(1, "executing program\n", 18) = 18 [pid 1134] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1134] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1134] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1135]}, 88) = 1135 [pid 1134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1134] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1134] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1134] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1136]}, 88) = 1136 [pid 1134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1134] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1134] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1136 attached [pid 1136] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1136] creat("./bus", 000) = 3 [pid 1136] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1134] <... futex resumed>) = 0 [pid 1134] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1134] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1136] <... futex resumed>) = 1 [pid 1136] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1136] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1134] <... futex resumed>) = 0 [pid 1134] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1134] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1136] <... futex resumed>) = 1 [pid 1136] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1136] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1135 attached [pid 1134] <... futex resumed>) = 0 [pid 1136] <... futex resumed>) = 1 [pid 1134] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1134] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1135] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1136] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 1135] memfd_create("syzkaller", 0 [pid 1136] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 1136] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1136] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1134] <... futex resumed>) = 0 [pid 1135] <... memfd_create resumed>) = 5 [pid 1135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1135] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1135] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 42.794006][ T1132] loop0: detected capacity change from 0 to 256 [ 42.801936][ T1132] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.812435][ T1132] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 42.823245][ T1132] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1135] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1135] close(5) = 0 [pid 1135] close(6) = 0 [pid 1135] mkdir("./file0", 0777) = 0 [pid 1135] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1135] chdir("./file0") = 0 [pid 1135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1135] ioctl(6, LOOP_CLR_FD) = 0 [pid 1135] close(6) = 0 [pid 1135] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1135] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1134] exit_group(0 [pid 1136] <... futex resumed>) = ? [pid 1134] <... exit_group resumed>) = ? [pid 1136] +++ exited with 0 +++ [pid 1135] <... futex resumed>) = ? [pid 1135] +++ exited with 0 +++ [pid 1134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1134, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./272", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./272/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./272/binderfs") = 0 umount2("./272/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./272/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./272/bus") = 0 umount2("./272/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./272/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./272/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./272/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./272") = 0 mkdir("./273", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1138 ./strace-static-x86_64: Process 1138 attached [pid 1138] set_robust_list(0x5555720a9760, 24) = 0 executing program [pid 1138] chdir("./273") = 0 [pid 1138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1138] setpgid(0, 0) = 0 [pid 1138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1138] write(3, "1000", 4) = 4 [pid 1138] close(3) = 0 [pid 1138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1138] write(1, "executing program\n", 18) = 18 [pid 1138] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1138] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1138] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1139]}, 88) = 1139 [pid 1138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1138] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1138] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1138] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1140]}, 88) = 1140 [pid 1138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1138] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1138] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1140 attached [pid 1140] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1140] creat("./bus", 000) = 3 [pid 1140] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1138] <... futex resumed>) = 0 [pid 1138] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1138] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1140] <... futex resumed>) = 1 [pid 1140] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1140] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1138] <... futex resumed>) = 0 [pid 1138] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1138] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1140] <... futex resumed>) = 1 [pid 1140] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1140] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1138] <... futex resumed>) = 0 [pid 1138] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1138] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1140] <... futex resumed>) = 1 [pid 1140] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1140] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1138] <... futex resumed>) = 0 [pid 1140] <... futex resumed>) = 1 [pid 1140] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1139 attached [pid 1139] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1139] memfd_create("syzkaller", 0) = 5 [pid 1139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1139] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1139] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 42.859495][ T1135] loop0: detected capacity change from 0 to 256 [ 42.868706][ T1135] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.879411][ T1135] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 42.889878][ T1135] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1139] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1139] close(5) = 0 [pid 1139] close(6) = 0 [pid 1139] mkdir("./file0", 0777) = 0 [pid 1139] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1139] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1139] chdir("./file0") = 0 [pid 1139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1139] ioctl(6, LOOP_CLR_FD) = 0 [pid 1139] close(6) = 0 [pid 1139] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1139] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1138] exit_group(0 [pid 1140] <... futex resumed>) = ? [pid 1138] <... exit_group resumed>) = ? [pid 1140] +++ exited with 0 +++ [pid 1139] <... futex resumed>) = ? [pid 1139] +++ exited with 0 +++ [pid 1138] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1138, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./273", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./273/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./273/binderfs") = 0 umount2("./273/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./273/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./273/bus") = 0 umount2("./273/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./273/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./273/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./273/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./273") = 0 mkdir("./274", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1141 ./strace-static-x86_64: Process 1141 attached [pid 1141] set_robust_list(0x5555720a9760, 24) = 0 [pid 1141] chdir("./274") = 0 [pid 1141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1141] setpgid(0, 0) = 0 [pid 1141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1141] write(3, "1000", 4) = 4 [pid 1141] close(3) = 0 [pid 1141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1141] write(1, "executing program\n", 18) = 18 [pid 1141] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1141] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1141] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1141] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1142]}, 88) = 1142 [pid 1141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1141] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1141] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1141] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1143]}, 88) = 1143 [pid 1141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1141] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1141] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1143 attached [pid 1143] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1143] creat("./bus", 000) = 3 [pid 1143] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1141] <... futex resumed>) = 0 [pid 1141] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1141] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] <... futex resumed>) = 1 [pid 1143] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1143] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1141] <... futex resumed>) = 0 [pid 1141] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1141] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] <... futex resumed>) = 1 [pid 1143] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1143] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1141] <... futex resumed>) = 0 [pid 1141] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1141] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1143] <... futex resumed>) = 1 [pid 1143] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1143] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1141] <... futex resumed>) = 0 [pid 1143] <... futex resumed>) = 1 [pid 1143] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1142 attached [pid 1142] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1142] memfd_create("syzkaller", 0) = 5 [pid 1142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1142] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1142] munmap(0x7f9b9c005000, 138412032) = 0 [ 42.926826][ T1139] loop0: detected capacity change from 0 to 256 [ 42.934931][ T1139] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 42.945482][ T1139] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 42.955783][ T1139] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1142] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1142] close(5) = 0 [pid 1142] close(6) = 0 [pid 1142] mkdir("./file0", 0777) = 0 [pid 1142] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1142] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1142] chdir("./file0") = 0 [pid 1142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1142] ioctl(6, LOOP_CLR_FD) = 0 [pid 1142] close(6) = 0 [pid 1142] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1142] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1141] exit_group(0) = ? [pid 1142] <... futex resumed>) = ? [pid 1142] +++ exited with 0 +++ [pid 1143] <... futex resumed>) = ? [pid 1143] +++ exited with 0 +++ [pid 1141] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1141, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./274", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./274/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./274/binderfs") = 0 umount2("./274/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./274/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./274/bus") = 0 umount2("./274/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./274/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./274/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./274/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./274") = 0 mkdir("./275", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1144 ./strace-static-x86_64: Process 1144 attached [pid 1144] set_robust_list(0x5555720a9760, 24) = 0 [pid 1144] chdir("./275") = 0 [pid 1144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1144] setpgid(0, 0) = 0 [pid 1144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1144] write(3, "1000", 4) = 4 [pid 1144] close(3) = 0 [pid 1144] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1144] write(1, "executing program\n", 18) = 18 [pid 1144] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1144] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1144] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1144] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1145]}, 88) = 1145 [pid 1144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1144] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1144] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1144] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1146]}, 88) = 1146 [pid 1144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1144] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1144] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1146 attached [pid 1146] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1146] creat("./bus", 000) = 3 [pid 1146] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1144] <... futex resumed>) = 0 [pid 1144] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1144] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1146] <... futex resumed>) = 1 [pid 1146] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1146] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1144] <... futex resumed>) = 0 [pid 1144] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1144] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1146] <... futex resumed>) = 1 [pid 1146] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1146] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1144] <... futex resumed>) = 0 [pid 1144] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1144] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1146] <... futex resumed>) = 1 [pid 1146] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1146] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1144] <... futex resumed>) = 0 [pid 1146] <... futex resumed>) = 1 [pid 1146] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1145 attached [pid 1145] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1145] memfd_create("syzkaller", 0) = 5 [pid 1145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1145] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1145] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 43.006581][ T1142] loop0: detected capacity change from 0 to 256 [ 43.014358][ T1142] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.024889][ T1142] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.035481][ T1142] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1145] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1145] close(5) = 0 [pid 1145] close(6) = 0 [pid 1145] mkdir("./file0", 0777) = 0 [pid 1145] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1145] chdir("./file0") = 0 [pid 1145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1145] ioctl(6, LOOP_CLR_FD) = 0 [pid 1145] close(6) = 0 [pid 1145] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1145] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1144] exit_group(0 [pid 1146] <... futex resumed>) = ? [pid 1144] <... exit_group resumed>) = ? [pid 1146] +++ exited with 0 +++ [pid 1145] <... futex resumed>) = ? [pid 1145] +++ exited with 0 +++ [pid 1144] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1144, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./275", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./275/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./275/binderfs") = 0 umount2("./275/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./275/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./275/bus") = 0 umount2("./275/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./275/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./275/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./275/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./275") = 0 mkdir("./276", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1147 ./strace-static-x86_64: Process 1147 attached [pid 1147] set_robust_list(0x5555720a9760, 24) = 0 [pid 1147] chdir("./276") = 0 [pid 1147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1147] setpgid(0, 0) = 0 [pid 1147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1147] write(3, "1000", 4) = 4 [pid 1147] close(3) = 0 [pid 1147] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1147] write(1, "executing program\n", 18) = 18 [pid 1147] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1147] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1147] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1147] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1148]}, 88) = 1148 [pid 1147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1147] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1147] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1147] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 1148 attached => {parent_tid=[1149]}, 88) = 1149 [pid 1147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1147] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1147] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1149 attached [pid 1149] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1149] creat("./bus", 000 [pid 1148] set_robust_list(0x7f9ba44469a0, 24 [pid 1149] <... creat resumed>) = 3 [pid 1149] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1147] <... futex resumed>) = 0 [pid 1147] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1147] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] <... futex resumed>) = 1 [pid 1149] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1149] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1147] <... futex resumed>) = 0 [pid 1147] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1147] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] <... futex resumed>) = 1 [pid 1149] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1149] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1147] <... futex resumed>) = 0 [pid 1147] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1147] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1149] <... futex resumed>) = 1 [pid 1149] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1149] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1147] <... futex resumed>) = 0 [pid 1149] <... futex resumed>) = 1 [pid 1148] <... set_robust_list resumed>) = 0 [pid 1149] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1148] memfd_create("syzkaller", 0) = 5 [pid 1148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1148] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1148] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 43.075855][ T1145] loop0: detected capacity change from 0 to 256 [ 43.083883][ T1145] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.094442][ T1145] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.105070][ T1145] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1148] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1148] close(5) = 0 [pid 1148] close(6) = 0 [pid 1148] mkdir("./file0", 0777) = 0 [pid 1148] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1148] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1148] chdir("./file0") = 0 [pid 1148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1148] ioctl(6, LOOP_CLR_FD) = 0 [pid 1148] close(6) = 0 [pid 1148] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1148] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1147] exit_group(0 [pid 1149] <... futex resumed>) = ? [pid 1147] <... exit_group resumed>) = ? [pid 1149] +++ exited with 0 +++ [pid 1148] <... futex resumed>) = ? [pid 1148] +++ exited with 0 +++ [pid 1147] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1147, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./276", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./276/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./276/binderfs") = 0 umount2("./276/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./276/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./276/bus") = 0 umount2("./276/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./276/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./276/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./276/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./276") = 0 mkdir("./277", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1150 ./strace-static-x86_64: Process 1150 attached [pid 1150] set_robust_list(0x5555720a9760, 24) = 0 [pid 1150] chdir("./277") = 0 [pid 1150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1150] setpgid(0, 0) = 0 [pid 1150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1150] write(3, "1000", 4) = 4 [pid 1150] close(3) = 0 [pid 1150] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1150] write(1, "executing program\n", 18) = 18 [pid 1150] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1150] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1150] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1150] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1150] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1151]}, 88) = 1151 [pid 1150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1150] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1150] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1150] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1150] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1152]}, 88) = 1152 [pid 1150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1150] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1150] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1152 attached [pid 1152] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1152] creat("./bus", 000) = 3 [pid 1152] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1150] <... futex resumed>) = 0 [pid 1150] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1150] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1152] <... futex resumed>) = 1 [pid 1152] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1152] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1150] <... futex resumed>) = 0 [pid 1150] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1150] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1152] <... futex resumed>) = 1 [pid 1152] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1152] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1150] <... futex resumed>) = 0 [pid 1150] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1150] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1152] <... futex resumed>) = 1 [pid 1152] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1152] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1150] <... futex resumed>) = 0 [pid 1152] <... futex resumed>) = 1 [pid 1152] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1151 attached [pid 1151] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1151] memfd_create("syzkaller", 0) = 5 [pid 1151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1151] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1151] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 43.145150][ T1148] loop0: detected capacity change from 0 to 256 [ 43.153293][ T1148] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.163825][ T1148] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.174552][ T1148] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1151] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1151] close(5) = 0 [pid 1151] close(6) = 0 [pid 1151] mkdir("./file0", 0777) = 0 [pid 1151] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1151] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1151] chdir("./file0") = 0 [pid 1151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1151] ioctl(6, LOOP_CLR_FD) = 0 [pid 1151] close(6) = 0 [pid 1151] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1151] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1150] exit_group(0 [pid 1152] <... futex resumed>) = ? [pid 1150] <... exit_group resumed>) = ? [pid 1152] +++ exited with 0 +++ [pid 1151] <... futex resumed>) = ? [pid 1151] +++ exited with 0 +++ [pid 1150] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1150, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./277", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./277/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./277/binderfs") = 0 umount2("./277/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./277/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./277/bus") = 0 umount2("./277/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./277/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./277/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./277/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./277") = 0 mkdir("./278", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1153 ./strace-static-x86_64: Process 1153 attached [pid 1153] set_robust_list(0x5555720a9760, 24) = 0 [pid 1153] chdir("./278") = 0 [pid 1153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1153] setpgid(0, 0) = 0 [pid 1153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1153] write(3, "1000", 4) = 4 [pid 1153] close(3) = 0 [pid 1153] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1153] write(1, "executing program\n", 18) = 18 [pid 1153] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1153] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1153] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1153] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1154]}, 88) = 1154 [pid 1153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1153] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1153] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1153] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1155]}, 88) = 1155 [pid 1153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1153] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1153] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1155 attached [pid 1155] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1155] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1155] creat("./bus", 000) = 3 [pid 1155] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1153] <... futex resumed>) = 0 [pid 1153] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1153] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] <... futex resumed>) = 1 [pid 1155] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1155] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1153] <... futex resumed>) = 0 [pid 1153] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1153] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1155] <... futex resumed>) = 1 [pid 1155] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1155] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1153] <... futex resumed>) = 0 [pid 1153] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1153] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1154 attached [pid 1155] <... futex resumed>) = 1 [pid 1155] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1155] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1153] <... futex resumed>) = 0 [pid 1154] set_robust_list(0x7f9ba44469a0, 24 [pid 1155] <... futex resumed>) = 1 [pid 1154] <... set_robust_list resumed>) = 0 [pid 1154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1154] memfd_create("syzkaller", 0 [pid 1155] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1154] <... memfd_create resumed>) = 5 [pid 1154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1154] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1154] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 43.213010][ T1151] loop0: detected capacity change from 0 to 256 [ 43.221129][ T1151] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.231746][ T1151] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.242998][ T1151] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1154] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1154] close(5) = 0 [pid 1154] close(6) = 0 [pid 1154] mkdir("./file0", 0777) = 0 [pid 1154] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1154] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1154] chdir("./file0") = 0 [pid 1154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1154] ioctl(6, LOOP_CLR_FD) = 0 [pid 1154] close(6) = 0 [pid 1154] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1154] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1153] exit_group(0) = ? [pid 1154] <... futex resumed>) = ? [pid 1154] +++ exited with 0 +++ [pid 1155] <... futex resumed>) = ? [pid 1155] +++ exited with 0 +++ [pid 1153] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1153, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./278", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./278/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./278/binderfs") = 0 umount2("./278/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./278/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./278/bus") = 0 umount2("./278/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./278/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./278/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./278/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./278") = 0 mkdir("./279", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1156 ./strace-static-x86_64: Process 1156 attached [pid 1156] set_robust_list(0x5555720a9760, 24) = 0 [pid 1156] chdir("./279") = 0 [pid 1156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1156] setpgid(0, 0) = 0 [pid 1156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 1156] write(3, "1000", 4) = 4 [pid 1156] close(3) = 0 [pid 1156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1156] write(1, "executing program\n", 18) = 18 [pid 1156] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1156] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1156] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1157 attached => {parent_tid=[1157]}, 88) = 1157 [pid 1156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1156] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1156] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1157] set_robust_list(0x7f9ba44469a0, 24 [pid 1156] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1158]}, 88) = 1158 [pid 1156] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1156] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1156] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1157] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 1158 attached [pid 1158] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1158] creat("./bus", 000 [pid 1157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1157] memfd_create("syzkaller", 0 [pid 1158] <... creat resumed>) = 3 [pid 1157] <... memfd_create resumed>) = 4 [pid 1157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1158] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1157] <... mmap resumed>) = 0x7f9b9c005000 [pid 1156] <... futex resumed>) = 0 [pid 1158] <... futex resumed>) = 1 [pid 1156] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1158] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1156] <... futex resumed>) = 0 [pid 1156] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1158] <... mount resumed>) = 0 [pid 1158] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1156] <... futex resumed>) = 0 [pid 1156] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1156] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1158] <... futex resumed>) = 1 [pid 1158] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 1157] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1158] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1156] <... futex resumed>) = 0 [pid 1156] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1156] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1158] <... futex resumed>) = 1 [pid 1157] <... write resumed>) = 131072 [pid 1158] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1158] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1156] <... futex resumed>) = 0 [pid 1158] <... futex resumed>) = 1 [pid 1158] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1157] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 43.289581][ T1154] loop0: detected capacity change from 0 to 256 [ 43.298841][ T1154] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.309459][ T1154] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.319641][ T1154] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1157] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 1157] close(4) = 0 [pid 1157] close(6) = 0 [pid 1157] mkdir("./file0", 0777) = 0 [pid 1157] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1157] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 1157] chdir("./file0") = 0 [pid 1157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1157] ioctl(6, LOOP_CLR_FD) = 0 [pid 1157] close(6) = 0 [pid 1157] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1157] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1156] exit_group(0) = ? [pid 1157] <... futex resumed>) = ? [pid 1157] +++ exited with 0 +++ [pid 1158] <... futex resumed>) = ? [pid 1158] +++ exited with 0 +++ [pid 1156] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1156, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./279", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./279/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./279/binderfs") = 0 umount2("./279/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./279/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./279/bus") = 0 umount2("./279/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./279/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./279/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./279/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./279") = 0 mkdir("./280", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1159 ./strace-static-x86_64: Process 1159 attached [pid 1159] set_robust_list(0x5555720a9760, 24) = 0 [pid 1159] chdir("./280") = 0 [pid 1159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1159] setpgid(0, 0) = 0 [pid 1159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1159] write(3, "1000", 4) = 4 [pid 1159] close(3) = 0 [pid 1159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1159] write(1, "executing program\n", 18) = 18 [pid 1159] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1159] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1159] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1159] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1160]}, 88) = 1160 [pid 1159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1159] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1159] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1159] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1161]}, 88) = 1161 [pid 1159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1159] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1159] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1161 attached [pid 1161] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1161] creat("./bus", 000) = 3 [pid 1161] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1159] <... futex resumed>) = 0 [pid 1159] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1159] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1161] <... futex resumed>) = 1 [pid 1161] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1161] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1159] <... futex resumed>) = 0 [pid 1159] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1159] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1161] <... futex resumed>) = 1 [pid 1161] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1161] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1159] <... futex resumed>) = 0 [pid 1159] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1159] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1161] <... futex resumed>) = 1 [pid 1161] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1161] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1159] <... futex resumed>) = 0 [pid 1161] <... futex resumed>) = 1 [pid 1161] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1160 attached [pid 1160] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1160] memfd_create("syzkaller", 0) = 5 [pid 1160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1160] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1160] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 43.359188][ T1157] loop0: detected capacity change from 0 to 256 [ 43.368077][ T1157] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.379011][ T1157] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.389439][ T1157] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1160] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1160] close(5) = 0 [pid 1160] close(6) = 0 [pid 1160] mkdir("./file0", 0777) = 0 [pid 1160] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1160] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1160] chdir("./file0") = 0 [pid 1160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1160] ioctl(6, LOOP_CLR_FD) = 0 [pid 1160] close(6) = 0 [pid 1160] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1160] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1159] exit_group(0 [pid 1161] <... futex resumed>) = ? [pid 1159] <... exit_group resumed>) = ? [pid 1161] +++ exited with 0 +++ [pid 1160] <... futex resumed>) = ? [pid 1160] +++ exited with 0 +++ [pid 1159] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1159, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./280", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./280/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./280/binderfs") = 0 umount2("./280/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./280/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./280/bus") = 0 umount2("./280/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./280/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./280/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./280/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./280") = 0 mkdir("./281", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1162 ./strace-static-x86_64: Process 1162 attached [pid 1162] set_robust_list(0x5555720a9760, 24) = 0 [pid 1162] chdir("./281") = 0 [pid 1162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1162] setpgid(0, 0) = 0 [pid 1162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1162] write(3, "1000", 4) = 4 [pid 1162] close(3) = 0 [pid 1162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1162] write(1, "executing program\n", 18) = 18 [pid 1162] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1162] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1162] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1162] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1163]}, 88) = 1163 [pid 1162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1162] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1162] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1162] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1164]}, 88) = 1164 [pid 1162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1162] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1162] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1164 attached [pid 1164] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1164] creat("./bus", 000) = 3 [pid 1164] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1162] <... futex resumed>) = 0 [pid 1162] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1162] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1164] <... futex resumed>) = 1 [pid 1164] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1164] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1162] <... futex resumed>) = 0 [pid 1162] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1162] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1164] <... futex resumed>) = 1 [pid 1164] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1164] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1162] <... futex resumed>) = 0 [pid 1162] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1162] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1164] <... futex resumed>) = 1 [pid 1164] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1164] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1162] <... futex resumed>) = 0 [pid 1164] <... futex resumed>) = 1 [pid 1164] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1163 attached [pid 1163] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1163] memfd_create("syzkaller", 0) = 5 [pid 1163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 43.428597][ T1160] loop0: detected capacity change from 0 to 256 [ 43.436759][ T1160] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.447407][ T1160] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.457684][ T1160] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1163] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1163] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1163] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1163] close(5) = 0 [pid 1163] close(6) = 0 [pid 1163] mkdir("./file0", 0777) = 0 [pid 1163] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1163] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1163] chdir("./file0") = 0 [pid 1163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1163] ioctl(6, LOOP_CLR_FD) = 0 [pid 1163] close(6) = 0 [pid 1163] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1163] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1162] exit_group(0 [pid 1164] <... futex resumed>) = ? [pid 1163] <... futex resumed>) = ? [pid 1162] <... exit_group resumed>) = ? [pid 1164] +++ exited with 0 +++ [pid 1163] +++ exited with 0 +++ [pid 1162] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1162, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./281", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./281/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./281/binderfs") = 0 umount2("./281/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./281/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./281/bus") = 0 umount2("./281/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./281/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./281/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./281/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./281") = 0 mkdir("./282", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1165 ./strace-static-x86_64: Process 1165 attached [pid 1165] set_robust_list(0x5555720a9760, 24) = 0 [pid 1165] chdir("./282") = 0 [pid 1165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1165] setpgid(0, 0) = 0 [pid 1165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1165] write(3, "1000", 4) = 4 [pid 1165] close(3) = 0 [pid 1165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1165] write(1, "executing program\n", 18) = 18 [pid 1165] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1165] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1165] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1165] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1166]}, 88) = 1166 [pid 1165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1165] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1165] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1165] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1167]}, 88) = 1167 [pid 1165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1165] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1165] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1167 attached [pid 1167] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1167] creat("./bus", 000) = 3 [pid 1167] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1165] <... futex resumed>) = 0 [pid 1165] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1165] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] <... futex resumed>) = 1 [pid 1167] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1167] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1165] <... futex resumed>) = 0 [pid 1165] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1165] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] <... futex resumed>) = 1 [pid 1167] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1167] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1165] <... futex resumed>) = 0 [pid 1165] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1165] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1167] <... futex resumed>) = 1 [pid 1167] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1167] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1165] <... futex resumed>) = 0 [pid 1167] <... futex resumed>) = 1 [pid 1167] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1166 attached [pid 1166] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1166] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1166] memfd_create("syzkaller", 0) = 5 [pid 1166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1166] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1166] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 43.496979][ T1163] loop0: detected capacity change from 0 to 256 [ 43.504811][ T1163] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.515404][ T1163] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.526101][ T1163] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1166] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1166] close(5) = 0 [pid 1166] close(6) = 0 [pid 1166] mkdir("./file0", 0777) = 0 [pid 1166] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1166] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1166] chdir("./file0") = 0 [pid 1166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1166] ioctl(6, LOOP_CLR_FD) = 0 [pid 1166] close(6) = 0 [pid 1166] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1166] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1165] exit_group(0 [pid 1167] <... futex resumed>) = ? [pid 1165] <... exit_group resumed>) = ? [pid 1167] +++ exited with 0 +++ [pid 1166] <... futex resumed>) = ? [pid 1166] +++ exited with 0 +++ [pid 1165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1165, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./282", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./282/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./282/binderfs") = 0 umount2("./282/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./282/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./282/bus") = 0 umount2("./282/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./282/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./282/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./282/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./282") = 0 mkdir("./283", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1168 ./strace-static-x86_64: Process 1168 attached [pid 1168] set_robust_list(0x5555720a9760, 24) = 0 [pid 1168] chdir("./283") = 0 [pid 1168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1168] setpgid(0, 0) = 0 [pid 1168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1168] write(3, "1000", 4) = 4 [pid 1168] close(3) = 0 [pid 1168] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1168] write(1, "executing program\n", 18) = 18 [pid 1168] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1168] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1168] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1168] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1169]}, 88) = 1169 [pid 1168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1168] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1168] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1168] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1170]}, 88) = 1170 [pid 1168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1168] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1168] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1170 attached [pid 1170] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1170] creat("./bus", 000) = 3 [pid 1170] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1168] <... futex resumed>) = 0 [pid 1168] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1168] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1170] <... futex resumed>) = 1 [pid 1170] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1170] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1168] <... futex resumed>) = 0 [pid 1168] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1168] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1170] <... futex resumed>) = 1 [pid 1170] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1170] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1168] <... futex resumed>) = 0 [pid 1168] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1168] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1170] <... futex resumed>) = 1 [pid 1170] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1170] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1168] <... futex resumed>) = 0 [pid 1170] <... futex resumed>) = 1 [pid 1170] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1169 attached [pid 1169] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1169] memfd_create("syzkaller", 0) = 5 [pid 1169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 43.560655][ T1166] loop0: detected capacity change from 0 to 256 [ 43.568330][ T1166] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.578963][ T1166] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.589230][ T1166] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1169] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1169] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1169] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1169] close(5) = 0 [pid 1169] close(6) = 0 [pid 1169] mkdir("./file0", 0777) = 0 [pid 1169] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1169] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1169] chdir("./file0") = 0 [pid 1169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1169] ioctl(6, LOOP_CLR_FD) = 0 [pid 1169] close(6) = 0 [pid 1169] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1169] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1168] exit_group(0) = ? [pid 1169] <... futex resumed>) = ? [pid 1169] +++ exited with 0 +++ [pid 1170] <... futex resumed>) = ? [pid 1170] +++ exited with 0 +++ [pid 1168] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1168, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./283", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./283/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./283/binderfs") = 0 umount2("./283/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./283/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./283/bus") = 0 umount2("./283/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./283/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./283/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./283/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./283") = 0 mkdir("./284", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1171 ./strace-static-x86_64: Process 1171 attached [pid 1171] set_robust_list(0x5555720a9760, 24) = 0 [pid 1171] chdir("./284") = 0 [pid 1171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1171] setpgid(0, 0) = 0 [pid 1171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1171] write(3, "1000", 4) = 4 [pid 1171] close(3) = 0 [pid 1171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1171] write(1, "executing program\n", 18executing program ) = 18 [pid 1171] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1171] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1171] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1171] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1172]}, 88) = 1172 ./strace-static-x86_64: Process 1172 attached [pid 1171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1171] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1171] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1172] set_robust_list(0x7f9ba44469a0, 24 [pid 1171] <... mmap resumed>) = 0x7f9ba4405000 [pid 1172] <... set_robust_list resumed>) = 0 [pid 1172] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1171] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 1172] memfd_create("syzkaller", 0 [pid 1171] <... mprotect resumed>) = 0 [pid 1171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 1172] <... memfd_create resumed>) = 3 [pid 1172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 1173 attached [pid 1171] <... clone3 resumed> => {parent_tid=[1173]}, 88) = 1173 [pid 1172] <... mmap resumed>) = 0x7f9b9c005000 [pid 1173] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1173] rt_sigprocmask(SIG_SETMASK, [], [pid 1171] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1171] <... futex resumed>) = 0 [pid 1173] creat("./bus", 000) = 4 [pid 1172] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1171] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1173] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1172] <... write resumed>) = 131072 [pid 1171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1172] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1171] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1173] <... futex resumed>) = 0 [pid 1172] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1171] <... futex resumed>) = 1 [pid 1172] <... openat resumed>) = 5 [pid 1172] ioctl(5, LOOP_SET_FD, 3 [pid 1173] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1171] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] <... mount resumed>) = 0 [ 43.622804][ T1169] loop0: detected capacity change from 0 to 256 [ 43.632540][ T1169] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.643125][ T1169] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.654346][ T1169] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1173] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1171] <... futex resumed>) = 0 [pid 1171] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1171] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 1173] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1171] <... futex resumed>) = 0 [pid 1171] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1171] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1173] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 1173] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1171] <... futex resumed>) = 0 [pid 1173] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1172] <... ioctl resumed>) = 0 [pid 1172] close(3) = 0 [pid 1172] close(5) = 0 [pid 1172] mkdir("./file0", 0777) = 0 [pid 1172] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1172] chdir("./file0") = 0 [pid 1172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1172] ioctl(5, LOOP_CLR_FD) = 0 [pid 1172] close(5) = 0 [pid 1172] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1172] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1171] exit_group(0 [pid 1173] <... futex resumed>) = ? [pid 1171] <... exit_group resumed>) = ? [pid 1173] +++ exited with 0 +++ [pid 1172] <... futex resumed>) = ? [pid 1172] +++ exited with 0 +++ [pid 1171] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1171, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./284", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./284/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./284/binderfs") = 0 umount2("./284/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./284/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./284/bus") = 0 umount2("./284/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./284/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./284/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./284/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./284") = 0 mkdir("./285", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1174 ./strace-static-x86_64: Process 1174 attached [pid 1174] set_robust_list(0x5555720a9760, 24) = 0 [pid 1174] chdir("./285") = 0 [pid 1174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1174] setpgid(0, 0) = 0 [pid 1174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1174] write(3, "1000", 4) = 4 [pid 1174] close(3) = 0 [pid 1174] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1174] write(1, "executing program\n", 18) = 18 [pid 1174] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1174] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1174] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1175]}, 88) = 1175 [pid 1174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1174] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1174] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1174] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1176]}, 88) = 1176 [pid 1174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1174] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1174] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1176 attached [pid 1176] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1176] creat("./bus", 000) = 3 [pid 1176] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1174] <... futex resumed>) = 0 [pid 1174] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1174] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1176] <... futex resumed>) = 1 [pid 1176] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1176] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1174] <... futex resumed>) = 0 [pid 1174] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1174] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1176] <... futex resumed>) = 1 [pid 1176] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1176] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1174] <... futex resumed>) = 0 [pid 1174] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1174] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1176] <... futex resumed>) = 1 [pid 1176] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1176] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1174] <... futex resumed>) = 0 [pid 1176] <... futex resumed>) = 1 [pid 1176] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1175 attached [pid 1175] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1175] memfd_create("syzkaller", 0) = 5 [pid 1175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1175] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1175] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 43.695196][ T1172] loop0: detected capacity change from 0 to 256 [ 43.703285][ T1172] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.713772][ T1172] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.724476][ T1172] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1175] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1175] close(5) = 0 [pid 1175] close(6) = 0 [pid 1175] mkdir("./file0", 0777) = 0 [pid 1175] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1175] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1175] chdir("./file0") = 0 [pid 1175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1175] ioctl(6, LOOP_CLR_FD) = 0 [pid 1175] close(6) = 0 [pid 1175] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1175] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1174] exit_group(0) = ? [pid 1175] <... futex resumed>) = ? [pid 1175] +++ exited with 0 +++ [pid 1176] <... futex resumed>) = ? [pid 1176] +++ exited with 0 +++ [pid 1174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1174, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./285", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./285/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./285/binderfs") = 0 umount2("./285/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./285/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./285/bus") = 0 umount2("./285/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./285/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./285/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./285/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./285") = 0 mkdir("./286", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1177 ./strace-static-x86_64: Process 1177 attached [pid 1177] set_robust_list(0x5555720a9760, 24) = 0 [pid 1177] chdir("./286") = 0 [pid 1177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1177] setpgid(0, 0) = 0 [pid 1177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1177] write(3, "1000", 4) = 4 [pid 1177] close(3) = 0 [pid 1177] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1177] write(1, "executing program\n", 18) = 18 [pid 1177] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1177] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1177] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1177] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1178]}, 88) = 1178 [pid 1177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1177] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1177] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1177] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1179]}, 88) = 1179 [pid 1177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1177] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1177] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1179 attached [pid 1179] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1179] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1179] creat("./bus", 000) = 3 [pid 1179] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1177] <... futex resumed>) = 0 [pid 1177] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1177] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1179] <... futex resumed>) = 1 [pid 1179] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1179] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1177] <... futex resumed>) = 0 [pid 1177] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1177] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1179] <... futex resumed>) = 1 [pid 1179] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1179] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1177] <... futex resumed>) = 0 [pid 1177] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1177] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1179] <... futex resumed>) = 1 [pid 1179] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1179] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1177] <... futex resumed>) = 0 [pid 1179] <... futex resumed>) = 1 [pid 1179] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1178 attached [pid 1178] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1178] memfd_create("syzkaller", 0) = 5 [pid 1178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1178] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1178] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 43.764385][ T1175] loop0: detected capacity change from 0 to 256 [ 43.772402][ T1175] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.783038][ T1175] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.793596][ T1175] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1178] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1178] close(5) = 0 [pid 1178] close(6) = 0 [pid 1178] mkdir("./file0", 0777) = 0 [pid 1178] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1178] chdir("./file0") = 0 [pid 1178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1178] ioctl(6, LOOP_CLR_FD) = 0 [pid 1178] close(6) = 0 [pid 1178] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1177] exit_group(0 [pid 1179] <... futex resumed>) = ? [pid 1177] <... exit_group resumed>) = ? [pid 1179] +++ exited with 0 +++ [pid 1178] +++ exited with 0 +++ [pid 1177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1177, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./286", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./286/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./286/binderfs") = 0 umount2("./286/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./286/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./286/bus") = 0 umount2("./286/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./286/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./286/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./286/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./286") = 0 mkdir("./287", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1181 ./strace-static-x86_64: Process 1181 attached [pid 1181] set_robust_list(0x5555720a9760, 24) = 0 [pid 1181] chdir("./287") = 0 [pid 1181] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1181] setpgid(0, 0) = 0 [pid 1181] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1181] write(3, "1000", 4) = 4 [pid 1181] close(3) = 0 [pid 1181] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1181] write(1, "executing program\n", 18) = 18 [pid 1181] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1181] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1181] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1181] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1181] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1182]}, 88) = 1182 [pid 1181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1181] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1181] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1181] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1181] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1181] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1181] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1183]}, 88) = 1183 [pid 1181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1181] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1181] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1183 attached [pid 1183] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1183] creat("./bus", 000) = 3 [pid 1183] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1181] <... futex resumed>) = 0 [pid 1181] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1181] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1183] <... futex resumed>) = 1 [pid 1183] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1183] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1181] <... futex resumed>) = 0 [pid 1181] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1181] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1183] <... futex resumed>) = 1 [pid 1183] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1183] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1181] <... futex resumed>) = 0 [pid 1181] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1181] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1183] <... futex resumed>) = 1 [pid 1183] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1183] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1181] <... futex resumed>) = 0 [pid 1183] <... futex resumed>) = 1 [pid 1183] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1182 attached [pid 1182] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1182] memfd_create("syzkaller", 0) = 5 [pid 1182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1182] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1182] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 43.831855][ T1178] loop0: detected capacity change from 0 to 256 [ 43.839422][ T1178] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.850096][ T1178] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.860399][ T1178] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1182] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1182] close(5) = 0 [pid 1182] close(6) = 0 [pid 1182] mkdir("./file0", 0777) = 0 [pid 1182] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1182] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1182] chdir("./file0") = 0 [pid 1182] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1182] ioctl(6, LOOP_CLR_FD) = 0 [pid 1182] close(6) = 0 [pid 1182] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1182] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1181] exit_group(0 [pid 1183] <... futex resumed>) = ? [pid 1181] <... exit_group resumed>) = ? [pid 1183] +++ exited with 0 +++ [pid 1182] <... futex resumed>) = ? [pid 1182] +++ exited with 0 +++ [pid 1181] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1181, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./287", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./287/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./287/binderfs") = 0 umount2("./287/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./287/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./287/bus") = 0 umount2("./287/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./287/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./287/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./287/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./287") = 0 mkdir("./288", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1184 ./strace-static-x86_64: Process 1184 attached [pid 1184] set_robust_list(0x5555720a9760, 24) = 0 [pid 1184] chdir("./288") = 0 [pid 1184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1184] setpgid(0, 0) = 0 [pid 1184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1184] write(3, "1000", 4) = 4 [pid 1184] close(3) = 0 [pid 1184] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1184] write(1, "executing program\n", 18) = 18 [pid 1184] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1184] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1184] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1184] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1185 attached => {parent_tid=[1185]}, 88) = 1185 [pid 1184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1184] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1184] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1185] set_robust_list(0x7f9ba44469a0, 24 [pid 1184] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 1185] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 1186 attached [pid 1185] rt_sigprocmask(SIG_SETMASK, [], [pid 1184] <... clone3 resumed> => {parent_tid=[1186]}, 88) = 1186 [pid 1184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1184] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1186] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1186] creat("./bus", 000 [pid 1185] memfd_create("syzkaller", 0) = 4 [pid 1185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1186] <... creat resumed>) = 3 [pid 1186] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1185] <... mmap resumed>) = 0x7f9b9c005000 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1186] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1186] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1186] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 1186] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1184] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1184] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1186] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1186] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1184] <... futex resumed>) = 0 [pid 1186] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 43.899189][ T1182] loop0: detected capacity change from 0 to 256 [ 43.906698][ T1182] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.917253][ T1182] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.928077][ T1182] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1185] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1185] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1185] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 1185] close(4) = 0 [pid 1185] close(6) = 0 [pid 1185] mkdir("./file0", 0777) = 0 [pid 1185] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1185] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 1185] chdir("./file0") = 0 [pid 1185] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1185] ioctl(6, LOOP_CLR_FD) = 0 [pid 1185] close(6) = 0 [pid 1185] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1185] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1184] exit_group(0) = ? [pid 1186] <... futex resumed>) = ? [pid 1186] +++ exited with 0 +++ [pid 1185] <... futex resumed>) = ? [pid 1185] +++ exited with 0 +++ [pid 1184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1184, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./288", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./288/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./288/binderfs") = 0 umount2("./288/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./288/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./288/bus") = 0 umount2("./288/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./288/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./288/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./288/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./288") = 0 mkdir("./289", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1187 ./strace-static-x86_64: Process 1187 attached [pid 1187] set_robust_list(0x5555720a9760, 24) = 0 [pid 1187] chdir("./289") = 0 [pid 1187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1187] setpgid(0, 0) = 0 [pid 1187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1187] write(3, "1000", 4) = 4 [pid 1187] close(3) = 0 [pid 1187] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1187] write(1, "executing program\n", 18) = 18 [pid 1187] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1187] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1187] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1187] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1187] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1187] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1188]}, 88) = 1188 [pid 1187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1187] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1187] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1187] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1187] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1187] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1189]}, 88) = 1189 [pid 1187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1187] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1187] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1189 attached [pid 1189] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1189] creat("./bus", 000) = 3 [pid 1189] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1187] <... futex resumed>) = 0 [pid 1187] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1187] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1189] <... futex resumed>) = 1 [pid 1189] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1189] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1187] <... futex resumed>) = 0 [pid 1187] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1187] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1189] <... futex resumed>) = 1 [pid 1189] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1189] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1187] <... futex resumed>) = 0 [pid 1187] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1187] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1189] <... futex resumed>) = 1 [pid 1189] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1189] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1187] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1188 attached [pid 1189] <... futex resumed>) = 1 [pid 1189] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1188] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1188] memfd_create("syzkaller", 0) = 5 [pid 1188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1188] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1188] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 43.967188][ T1185] loop0: detected capacity change from 0 to 256 [ 43.975801][ T1185] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.986299][ T1185] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 43.996867][ T1185] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1188] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1188] close(5) = 0 [pid 1188] close(6) = 0 [pid 1188] mkdir("./file0", 0777) = 0 [pid 1188] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1188] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1188] chdir("./file0") = 0 [pid 1188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1188] ioctl(6, LOOP_CLR_FD) = 0 [pid 1188] close(6) = 0 [pid 1188] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1188] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1187] exit_group(0 [pid 1189] <... futex resumed>) = ? [pid 1187] <... exit_group resumed>) = ? [pid 1189] +++ exited with 0 +++ [pid 1188] <... futex resumed>) = ? [pid 1188] +++ exited with 0 +++ [pid 1187] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1187, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./289", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./289/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./289/binderfs") = 0 umount2("./289/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./289/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./289/bus") = 0 umount2("./289/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./289/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./289/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./289/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./289") = 0 mkdir("./290", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1190 ./strace-static-x86_64: Process 1190 attached [pid 1190] set_robust_list(0x5555720a9760, 24) = 0 [pid 1190] chdir("./290") = 0 [pid 1190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1190] setpgid(0, 0) = 0 [pid 1190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1190] write(3, "1000", 4) = 4 [pid 1190] close(3) = 0 [pid 1190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1190] write(1, "executing program\n", 18) = 18 [pid 1190] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1190] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1190] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1190] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1190] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1191]}, 88) = 1191 [pid 1190] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 1191 attached NULL, 8) = 0 [pid 1191] set_robust_list(0x7f9ba44469a0, 24 [pid 1190] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1191] <... set_robust_list resumed>) = 0 [pid 1190] <... futex resumed>) = 0 [pid 1191] rt_sigprocmask(SIG_SETMASK, [], [pid 1190] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1190] <... futex resumed>) = 0 [pid 1191] memfd_create("syzkaller", 0 [pid 1190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1191] <... memfd_create resumed>) = 3 [pid 1191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c026000 [pid 1190] <... mmap resumed>) = 0x7f9b9c005000 [pid 1190] mprotect(0x7f9b9c006000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1190] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1190] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9b9c025990, parent_tid=0x7f9b9c025990, exit_signal=0, stack=0x7f9b9c005000, stack_size=0x20240, tls=0x7f9b9c0256c0} => {parent_tid=[1192]}, 88) = 1192 [pid 1190] rt_sigprocmask(SIG_SETMASK, [], [pid 1191] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072./strace-static-x86_64: Process 1192 attached [pid 1190] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1190] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1192] set_robust_list(0x7f9b9c0259a0, 24) = 0 [pid 1192] rt_sigprocmask(SIG_SETMASK, [], [pid 1191] <... write resumed>) = 131072 [pid 1192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1192] creat("./bus", 000 [pid 1191] munmap(0x7f9b9c026000, 138412032 [pid 1192] <... creat resumed>) = 4 [pid 1191] <... munmap resumed>) = 0 [pid 1191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1191] ioctl(5, LOOP_SET_FD, 3 [pid 1192] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 44.037075][ T1188] loop0: detected capacity change from 0 to 256 [ 44.044536][ T1188] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.055043][ T1188] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 44.065420][ T1188] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1192] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1192] <... futex resumed>) = 0 [pid 1192] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1190] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1192] <... mount resumed>) = 0 [pid 1192] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1192] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 1192] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1190] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1190] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1192] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 1192] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1190] <... futex resumed>) = 0 [pid 1192] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1191] <... ioctl resumed>) = 0 [pid 1191] close(3) = 0 [pid 1191] close(5) = 0 [pid 1191] mkdir("./file0", 0777) = 0 [pid 1191] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1191] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1191] chdir("./file0") = 0 [pid 1191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1191] ioctl(5, LOOP_CLR_FD) = 0 [pid 1191] close(5) = 0 [pid 1191] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1191] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1190] exit_group(0) = ? [pid 1191] <... futex resumed>) = ? [pid 1191] +++ exited with 0 +++ [pid 1192] <... futex resumed>) = ? [pid 1192] +++ exited with 0 +++ [pid 1190] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1190, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./290", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./290/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./290/binderfs") = 0 umount2("./290/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./290/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./290/bus") = 0 umount2("./290/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./290/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./290/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./290/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./290") = 0 mkdir("./291", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1193 ./strace-static-x86_64: Process 1193 attached [pid 1193] set_robust_list(0x5555720a9760, 24) = 0 [pid 1193] chdir("./291") = 0 [pid 1193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1193] setpgid(0, 0) = 0 [pid 1193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1193] write(3, "1000", 4) = 4 [pid 1193] close(3) = 0 [pid 1193] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1193] write(1, "executing program\n", 18) = 18 [pid 1193] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1193] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1193] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1193] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1193] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1193] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1194]}, 88) = 1194 [pid 1193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1193] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1193] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1193] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1193] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1193] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1195]}, 88) = 1195 [pid 1193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1193] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1193] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1195 attached [pid 1195] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1195] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1195] creat("./bus", 000) = 3 [pid 1195] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1193] <... futex resumed>) = 0 [pid 1193] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1193] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1195] <... futex resumed>) = 1 [pid 1195] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1195] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1193] <... futex resumed>) = 0 [pid 1193] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1193] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1195] <... futex resumed>) = 1 [pid 1195] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1195] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1193] <... futex resumed>) = 0 [pid 1193] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1193] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1195] <... futex resumed>) = 1 [pid 1195] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1195] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1193] <... futex resumed>) = 0 [pid 1195] <... futex resumed>) = 1 [pid 1195] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1194 attached [pid 1194] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1194] memfd_create("syzkaller", 0) = 5 [pid 1194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1194] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1194] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 44.102900][ T1191] loop0: detected capacity change from 0 to 256 [ 44.111069][ T1191] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.121657][ T1191] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 44.131859][ T1191] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1194] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1194] close(5) = 0 [pid 1194] close(6) = 0 [pid 1194] mkdir("./file0", 0777) = 0 [pid 1194] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1194] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1194] chdir("./file0") = 0 [pid 1194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1194] ioctl(6, LOOP_CLR_FD) = 0 [pid 1194] close(6) = 0 [pid 1194] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1194] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1193] exit_group(0 [pid 1195] <... futex resumed>) = ? [pid 1193] <... exit_group resumed>) = ? [pid 1195] +++ exited with 0 +++ [pid 1194] <... futex resumed>) = ? [pid 1194] +++ exited with 0 +++ [pid 1193] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1193, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./291", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./291/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./291/binderfs") = 0 umount2("./291/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./291/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./291/bus") = 0 umount2("./291/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./291/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./291/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./291/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./291") = 0 mkdir("./292", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1196 ./strace-static-x86_64: Process 1196 attached [pid 1196] set_robust_list(0x5555720a9760, 24) = 0 [pid 1196] chdir("./292") = 0 [pid 1196] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 1196] setpgid(0, 0) = 0 [pid 1196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1196] write(3, "1000", 4) = 4 [pid 1196] close(3) = 0 [pid 1196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1196] write(1, "executing program\n", 18) = 18 [pid 1196] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1196] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1196] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1196] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1197]}, 88) = 1197 ./strace-static-x86_64: Process 1197 attached [pid 1196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1196] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1196] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1197] set_robust_list(0x7f9ba44469a0, 24 [pid 1196] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1198]}, 88) = 1198 [pid 1197] <... set_robust_list resumed>) = 0 [pid 1196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1196] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1198 attached [pid 1198] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1198] creat("./bus", 000 [pid 1197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1198] <... creat resumed>) = 3 [pid 1198] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1198] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1198] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1198] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1198] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1196] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1196] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1198] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1198] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1196] <... futex resumed>) = 0 [pid 1198] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1197] memfd_create("syzkaller", 0) = 5 [pid 1197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1197] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1197] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 44.170527][ T1194] loop0: detected capacity change from 0 to 256 [ 44.178582][ T1194] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.189176][ T1194] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 44.200209][ T1194] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1197] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1197] close(5) = 0 [pid 1197] close(6) = 0 [pid 1197] mkdir("./file0", 0777) = 0 [pid 1197] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1197] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1197] chdir("./file0") = 0 [pid 1197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1197] ioctl(6, LOOP_CLR_FD) = 0 [pid 1197] close(6) = 0 [pid 1197] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1197] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1196] exit_group(0) = ? [pid 1197] <... futex resumed>) = ? [pid 1197] +++ exited with 0 +++ [pid 1198] <... futex resumed>) = ? [pid 1198] +++ exited with 0 +++ [pid 1196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1196, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./292", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./292/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./292/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./292/binderfs") = 0 umount2("./292/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./292/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./292/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./292/bus") = 0 umount2("./292/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./292/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./292/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./292/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./292/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./292") = 0 mkdir("./293", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1199 ./strace-static-x86_64: Process 1199 attached [pid 1199] set_robust_list(0x5555720a9760, 24) = 0 [pid 1199] chdir("./293") = 0 [pid 1199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1199] setpgid(0, 0) = 0 [pid 1199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 1199] write(3, "1000", 4) = 4 [pid 1199] close(3) = 0 [pid 1199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1199] write(1, "executing program\n", 18) = 18 [pid 1199] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1199] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1199] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1199] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1200]}, 88) = 1200 [pid 1199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1199] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1199] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1199] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1201]}, 88) = 1201 [pid 1199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1199] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1199] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1201 attached [pid 1201] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1201] creat("./bus", 000) = 3 [pid 1201] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1199] <... futex resumed>) = 0 [pid 1199] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1199] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1201] <... futex resumed>) = 1 [pid 1201] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1201] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1199] <... futex resumed>) = 0 [pid 1199] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1199] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1201] <... futex resumed>) = 1 [pid 1201] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1201] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1199] <... futex resumed>) = 0 [pid 1199] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1199] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1201] <... futex resumed>) = 1 [pid 1201] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1201] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1199] <... futex resumed>) = 0 [pid 1201] <... futex resumed>) = 1 [pid 1201] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1200 attached [pid 1200] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1200] memfd_create("syzkaller", 0) = 5 [pid 1200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 44.241189][ T1197] loop0: detected capacity change from 0 to 256 [ 44.249876][ T1197] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.260500][ T1197] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 44.271086][ T1197] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1200] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1200] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1200] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1200] close(5) = 0 [pid 1200] close(6) = 0 [pid 1200] mkdir("./file0", 0777) = 0 [pid 1200] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1200] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1200] chdir("./file0") = 0 [pid 1200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1200] ioctl(6, LOOP_CLR_FD) = 0 [pid 1200] close(6) = 0 [pid 1200] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1200] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1199] exit_group(0 [pid 1201] <... futex resumed>) = ? [pid 1199] <... exit_group resumed>) = ? [pid 1201] +++ exited with 0 +++ [pid 1200] <... futex resumed>) = ? [pid 1200] +++ exited with 0 +++ [pid 1199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1199, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./293", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./293/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./293/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./293/binderfs") = 0 umount2("./293/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./293/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./293/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./293/bus") = 0 umount2("./293/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./293/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./293/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./293/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./293/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./293") = 0 mkdir("./294", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1202 ./strace-static-x86_64: Process 1202 attached [pid 1202] set_robust_list(0x5555720a9760, 24) = 0 [pid 1202] chdir("./294") = 0 [pid 1202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1202] setpgid(0, 0) = 0 [pid 1202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1202] write(3, "1000", 4) = 4 [pid 1202] close(3) = 0 [pid 1202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1202] write(1, "executing program\n", 18) = 18 [pid 1202] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1202] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1202] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1203]}, 88) = 1203 [pid 1202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1202] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1202] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1204]}, 88) = 1204 [pid 1202] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1202] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1204 attached [pid 1204] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1204] creat("./bus", 000) = 3 [pid 1204] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1202] <... futex resumed>) = 0 [pid 1202] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1204] <... futex resumed>) = 1 [pid 1204] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1204] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1202] <... futex resumed>) = 0 [pid 1202] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1204] <... futex resumed>) = 1 [pid 1204] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1204] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1202] <... futex resumed>) = 0 [pid 1202] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1202] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1204] <... futex resumed>) = 1 [pid 1204] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1204] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1202] <... futex resumed>) = 0 [pid 1204] <... futex resumed>) = 1 [pid 1204] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1203 attached [pid 1203] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1203] memfd_create("syzkaller", 0) = 5 [pid 1203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1203] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1203] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 44.308606][ T1200] loop0: detected capacity change from 0 to 256 [ 44.317356][ T1200] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.327876][ T1200] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 44.338597][ T1200] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1203] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1203] close(5) = 0 [pid 1203] close(6) = 0 [pid 1203] mkdir("./file0", 0777) = 0 [pid 1203] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1203] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1203] chdir("./file0") = 0 [pid 1203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1203] ioctl(6, LOOP_CLR_FD) = 0 [pid 1203] close(6) = 0 [pid 1203] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1203] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1202] exit_group(0 [pid 1204] <... futex resumed>) = ? [pid 1202] <... exit_group resumed>) = ? [pid 1204] +++ exited with 0 +++ [pid 1203] <... futex resumed>) = ? [pid 1203] +++ exited with 0 +++ [pid 1202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1202, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./294", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./294/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./294/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./294/binderfs") = 0 umount2("./294/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./294/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./294/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./294/bus") = 0 umount2("./294/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./294/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./294/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./294/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./294/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./294") = 0 mkdir("./295", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1205 ./strace-static-x86_64: Process 1205 attached [pid 1205] set_robust_list(0x5555720a9760, 24) = 0 [pid 1205] chdir("./295") = 0 [pid 1205] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 1205] setpgid(0, 0) = 0 [pid 1205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1205] write(3, "1000", 4) = 4 [pid 1205] close(3) = 0 [pid 1205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1205] write(1, "executing program\n", 18) = 18 [pid 1205] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1205] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1205] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1205] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1206 attached => {parent_tid=[1206]}, 88) = 1206 [pid 1205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1205] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1205] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1206] set_robust_list(0x7f9ba44469a0, 24 [pid 1205] <... mmap resumed>) = 0x7f9ba4405000 [pid 1205] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1206] <... set_robust_list resumed>) = 0 [pid 1205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 1206] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 1207 attached [pid 1205] <... clone3 resumed> => {parent_tid=[1207]}, 88) = 1207 [pid 1207] set_robust_list(0x7f9ba44259a0, 24 [pid 1205] rt_sigprocmask(SIG_SETMASK, [], [pid 1207] <... set_robust_list resumed>) = 0 [pid 1206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1207] rt_sigprocmask(SIG_SETMASK, [], [pid 1206] memfd_create("syzkaller", 0 [pid 1205] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1205] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1207] creat("./bus", 000) = 3 [pid 1206] <... memfd_create resumed>) = 4 [pid 1207] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1205] <... futex resumed>) = 0 [pid 1205] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1205] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1207] <... futex resumed>) = 1 [pid 1207] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1207] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1205] <... futex resumed>) = 0 [pid 1205] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1205] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1207] <... futex resumed>) = 1 [pid 1207] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 1207] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1205] <... futex resumed>) = 0 [pid 1205] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1206] <... mmap resumed>) = 0x7f9b9c005000 [pid 1205] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1207] <... futex resumed>) = 1 [pid 1207] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1207] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1205] <... futex resumed>) = 0 [pid 1207] <... futex resumed>) = 1 [pid 1207] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1206] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1206] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 44.375416][ T1203] loop0: detected capacity change from 0 to 256 [ 44.383907][ T1203] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.394543][ T1203] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 44.405291][ T1203] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1206] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 1206] close(4) = 0 [pid 1206] close(6) = 0 [pid 1206] mkdir("./file0", 0777) = 0 [pid 1206] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1206] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 1206] chdir("./file0") = 0 [pid 1206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1206] ioctl(6, LOOP_CLR_FD) = 0 [pid 1206] close(6) = 0 [pid 1206] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1206] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1205] exit_group(0) = ? [pid 1206] <... futex resumed>) = ? [pid 1206] +++ exited with 0 +++ [pid 1207] <... futex resumed>) = ? [pid 1207] +++ exited with 0 +++ [pid 1205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1205, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./295", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./295/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./295/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./295/binderfs") = 0 umount2("./295/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./295/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./295/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./295/bus") = 0 umount2("./295/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./295/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./295/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./295/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./295/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./295") = 0 mkdir("./296", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1208 ./strace-static-x86_64: Process 1208 attached [pid 1208] set_robust_list(0x5555720a9760, 24) = 0 [pid 1208] chdir("./296") = 0 [pid 1208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1208] setpgid(0, 0) = 0 [pid 1208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1208] write(3, "1000", 4) = 4 [pid 1208] close(3) = 0 [pid 1208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1208] write(1, "executing program\n", 18) = 18 [pid 1208] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1208] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1208] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1208] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1209]}, 88) = 1209 [pid 1208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1208] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1208] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1208] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1210]}, 88) = 1210 [pid 1208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1208] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1208] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1210 attached [pid 1210] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1210] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1210] creat("./bus", 000) = 3 [pid 1210] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1208] <... futex resumed>) = 0 [pid 1208] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1208] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1210] <... futex resumed>) = 1 [pid 1210] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1210] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1208] <... futex resumed>) = 0 [pid 1208] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1208] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1210] <... futex resumed>) = 1 [pid 1210] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1210] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1208] <... futex resumed>) = 0 [pid 1208] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1208] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1210] <... futex resumed>) = 1 [pid 1210] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1210] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1208] <... futex resumed>) = 0 [pid 1210] <... futex resumed>) = 1 [pid 1210] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1209 attached [pid 1209] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1209] memfd_create("syzkaller", 0) = 5 [pid 1209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1209] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1209] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 44.444111][ T1206] loop0: detected capacity change from 0 to 256 [ 44.452907][ T1206] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.463471][ T1206] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 44.474504][ T1206] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1209] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1209] close(5) = 0 [pid 1209] close(6) = 0 [pid 1209] mkdir("./file0", 0777) = 0 [pid 1209] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1209] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1209] chdir("./file0") = 0 [pid 1209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1209] ioctl(6, LOOP_CLR_FD) = 0 [pid 1209] close(6) = 0 [pid 1209] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1209] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1208] exit_group(0 [pid 1210] <... futex resumed>) = ? [pid 1208] <... exit_group resumed>) = ? [pid 1210] +++ exited with 0 +++ [pid 1209] <... futex resumed>) = ? [pid 1209] +++ exited with 0 +++ [pid 1208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1208, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./296", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./296/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./296/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./296/binderfs") = 0 umount2("./296/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./296/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./296/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./296/bus") = 0 umount2("./296/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./296/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./296/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./296/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./296/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./296") = 0 mkdir("./297", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1211 ./strace-static-x86_64: Process 1211 attached [pid 1211] set_robust_list(0x5555720a9760, 24) = 0 [pid 1211] chdir("./297") = 0 [pid 1211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1211] setpgid(0, 0) = 0 [pid 1211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1211] write(3, "1000", 4) = 4 [pid 1211] close(3) = 0 [pid 1211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1211] write(1, "executing program\n", 18) = 18 [pid 1211] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1211] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1211] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1211] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1212]}, 88) = 1212 [pid 1211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1211] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1211] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1211] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1213]}, 88) = 1213 [pid 1211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1211] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1211] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1213 attached [pid 1213] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1213] creat("./bus", 000) = 3 [pid 1213] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1211] <... futex resumed>) = 0 [pid 1211] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1211] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1213] <... futex resumed>) = 1 [pid 1213] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1213] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1211] <... futex resumed>) = 0 [pid 1211] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1211] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1213] <... futex resumed>) = 1 [pid 1213] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1213] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1211] <... futex resumed>) = 0 [pid 1211] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1211] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1213] <... futex resumed>) = 1 [pid 1213] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1213] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1211] <... futex resumed>) = 0 [pid 1213] <... futex resumed>) = 1 [pid 1213] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1212 attached [pid 1212] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1212] memfd_create("syzkaller", 0) = 5 [pid 1212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1212] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1212] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 44.514392][ T1209] loop0: detected capacity change from 0 to 256 [ 44.522925][ T1209] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.533380][ T1209] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 44.544072][ T1209] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1212] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1212] close(5) = 0 [pid 1212] close(6) = 0 [pid 1212] mkdir("./file0", 0777) = 0 [pid 1212] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1212] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1212] chdir("./file0") = 0 [pid 1212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1212] ioctl(6, LOOP_CLR_FD) = 0 [pid 1212] close(6) = 0 [pid 1212] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1212] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1211] exit_group(0) = ? [pid 1212] <... futex resumed>) = ? [pid 1212] +++ exited with 0 +++ [pid 1213] <... futex resumed>) = ? [pid 1213] +++ exited with 0 +++ [pid 1211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1211, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./297", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./297/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./297/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./297/binderfs") = 0 umount2("./297/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./297/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./297/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./297/bus") = 0 umount2("./297/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./297/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./297/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./297/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./297/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./297") = 0 mkdir("./298", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1214 ./strace-static-x86_64: Process 1214 attached [pid 1214] set_robust_list(0x5555720a9760, 24) = 0 [pid 1214] chdir("./298") = 0 [pid 1214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 executing program [pid 1214] setpgid(0, 0) = 0 [pid 1214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1214] write(3, "1000", 4) = 4 [pid 1214] close(3) = 0 [pid 1214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1214] write(1, "executing program\n", 18) = 18 [pid 1214] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1214] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1215 attached [pid 1215] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1215] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1214] <... clone3 resumed> => {parent_tid=[1215]}, 88) = 1215 [pid 1214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1214] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1215] <... futex resumed>) = 0 [pid 1215] memfd_create("syzkaller", 0 [pid 1214] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1215] <... memfd_create resumed>) = 3 [pid 1215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c026000 [pid 1214] <... futex resumed>) = 0 [pid 1214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9b9c005000 [pid 1214] mprotect(0x7f9b9c006000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1215] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9b9c025990, parent_tid=0x7f9b9c025990, exit_signal=0, stack=0x7f9b9c005000, stack_size=0x20240, tls=0x7f9b9c0256c0} => {parent_tid=[1216]}, 88) = 1216 [pid 1214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1214] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1216 attached [pid 1216] set_robust_list(0x7f9b9c0259a0, 24) = 0 [pid 1216] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1216] creat("./bus", 000) = 4 [pid 1216] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1216] <... futex resumed>) = 1 [pid 1216] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1216] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1216] <... futex resumed>) = 1 [pid 1216] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 1216] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1214] <... futex resumed>) = 0 [pid 1214] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1214] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1216] <... futex resumed>) = 1 [pid 1216] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1216] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1214] <... futex resumed>) = 0 [pid 1216] <... futex resumed>) = 1 [pid 1216] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1215] <... write resumed>) = 131072 [pid 1215] munmap(0x7f9b9c026000, 138412032) = 0 [pid 1215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 44.582922][ T1212] loop0: detected capacity change from 0 to 256 [ 44.590508][ T1212] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.601221][ T1212] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 44.612295][ T1212] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1215] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 1215] close(3) = 0 [pid 1215] close(6) = 0 [pid 1215] mkdir("./file0", 0777) = 0 [pid 1215] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1215] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1215] chdir("./file0") = 0 [pid 1215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1215] ioctl(6, LOOP_CLR_FD) = 0 [pid 1215] close(6) = 0 [pid 1215] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1215] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1214] exit_group(0) = ? [pid 1215] <... futex resumed>) = ? [pid 1216] <... futex resumed>) = ? [pid 1215] +++ exited with 0 +++ [pid 1216] +++ exited with 0 +++ [pid 1214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1214, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./298", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./298/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./298/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./298/binderfs") = 0 umount2("./298/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./298/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./298/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./298/bus") = 0 umount2("./298/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./298/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./298/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./298/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./298/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./298") = 0 mkdir("./299", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1217 ./strace-static-x86_64: Process 1217 attached [pid 1217] set_robust_list(0x5555720a9760, 24) = 0 [pid 1217] chdir("./299") = 0 [pid 1217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1217] setpgid(0, 0) = 0 [pid 1217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1217] write(3, "1000", 4) = 4 [pid 1217] close(3) = 0 [pid 1217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1217] write(1, "executing program\n", 18executing program ) = 18 [pid 1217] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 44.651694][ T1215] loop0: detected capacity change from 0 to 256 [ 44.659999][ T1215] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.670845][ T1215] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 44.681410][ T1215] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1217] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1217] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1217] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1218]}, 88) = 1218 [pid 1217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1217] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1217] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1217] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1219]}, 88) = 1219 [pid 1217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1217] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1217] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1218 attached [pid 1218] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1218] memfd_create("syzkaller", 0) = 3 [pid 1218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1218] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1218] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1218] close(3) = 0 [pid 1218] close(4) = 0 [pid 1218] mkdir("./file0", 0777) = 0 [pid 1218] mount("/dev/loop0", "./file0", "exfat", 0, ""./strace-static-x86_64: Process 1219 attached [pid 1219] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1219] creat("./bus", 000) = 3 [pid 1219] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1217] <... futex resumed>) = 0 [pid 1217] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1217] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1219] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1219] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1217] <... futex resumed>) = 0 [pid 1217] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1217] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1219] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1219] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1217] <... futex resumed>) = 0 [pid 1217] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1217] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 44.739788][ T1218] loop0: detected capacity change from 0 to 256 [ 44.747785][ T1218] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.762547][ T1218] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [pid 1219] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = 4096 [pid 1219] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1217] <... futex resumed>) = 0 [pid 1219] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1218] <... mount resumed>) = 0 [pid 1218] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1218] chdir("./file0") = 0 [pid 1218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1218] ioctl(6, LOOP_CLR_FD) = 0 [pid 1218] close(6) = 0 [pid 1218] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1218] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1217] exit_group(0 [pid 1219] <... futex resumed>) = ? [pid 1218] <... futex resumed>) = ? [pid 1217] <... exit_group resumed>) = ? [pid 1219] +++ exited with 0 +++ [pid 1218] +++ exited with 0 +++ [pid 1217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1217, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./299", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./299/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./299/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./299/binderfs") = 0 umount2("./299/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./299/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./299/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./299/bus") = 0 umount2("./299/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./299/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./299/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./299/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./299/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./299") = 0 mkdir("./300", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1220 ./strace-static-x86_64: Process 1220 attached [pid 1220] set_robust_list(0x5555720a9760, 24) = 0 [pid 1220] chdir("./300") = 0 [pid 1220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1220] setpgid(0, 0) = 0 [pid 1220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1220] write(3, "1000", 4) = 4 [pid 1220] close(3) = 0 [pid 1220] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1220] write(1, "executing program\n", 18) = 18 [pid 1220] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1220] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1220] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1221 attached => {parent_tid=[1221]}, 88) = 1221 [pid 1220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1220] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1220] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1220] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1221] set_robust_list(0x7f9ba44469a0, 24 [pid 1220] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 1221] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 1222 attached [pid 1220] <... clone3 resumed> => {parent_tid=[1222]}, 88) = 1222 [pid 1220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1220] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1221] memfd_create("syzkaller", 0 [pid 1222] set_robust_list(0x7f9ba44259a0, 24 [pid 1221] <... memfd_create resumed>) = 3 [pid 1221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1222] <... set_robust_list resumed>) = 0 [pid 1221] <... mmap resumed>) = 0x7f9b9c005000 [pid 1222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1222] creat("./bus", 000) = 4 [pid 1221] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1222] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1222] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1220] <... futex resumed>) = 0 [pid 1221] <... write resumed>) = 131072 [pid 1220] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1221] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1222] <... mount resumed>) = 0 [ 44.780970][ T1218] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1221] ioctl(5, LOOP_SET_FD, 3 [pid 1222] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1222] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1222] <... futex resumed>) = 0 [pid 1222] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 1220] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1222] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1220] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1220] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1222] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 1222] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1220] <... futex resumed>) = 0 [pid 1222] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1221] <... ioctl resumed>) = 0 [pid 1221] close(3) = 0 [pid 1221] close(5) = 0 [pid 1221] mkdir("./file0", 0777) = 0 [pid 1221] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1221] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1221] chdir("./file0") = 0 [pid 1221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1221] ioctl(5, LOOP_CLR_FD) = 0 [pid 1221] close(5) = 0 [pid 1221] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1221] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1220] exit_group(0) = ? [pid 1222] <... futex resumed>) = ? [pid 1222] +++ exited with 0 +++ [pid 1221] <... futex resumed>) = ? [pid 1221] +++ exited with 0 +++ [pid 1220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1220, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./300", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./300/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./300/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./300/binderfs") = 0 umount2("./300/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./300/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./300/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./300/bus") = 0 umount2("./300/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./300/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./300/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./300/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./300/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./300") = 0 mkdir("./301", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 executing program clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1224 ./strace-static-x86_64: Process 1224 attached [pid 1224] set_robust_list(0x5555720a9760, 24) = 0 [pid 1224] chdir("./301") = 0 [pid 1224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1224] setpgid(0, 0) = 0 [pid 1224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1224] write(3, "1000", 4) = 4 [pid 1224] close(3) = 0 [pid 1224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1224] write(1, "executing program\n", 18) = 18 [pid 1224] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1224] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1224] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1224] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1224] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1225]}, 88) = 1225 [pid 1224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1224] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1224] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1224] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1224] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1226]}, 88) = 1226 [pid 1224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1224] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1224] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1225 attached [pid 1225] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1225] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1225] memfd_create("syzkaller", 0) = 3 [pid 1225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 44.830915][ T1221] loop0: detected capacity change from 0 to 256 [ 44.839277][ T1221] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.849849][ T1221] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 44.860388][ T1221] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1225] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1225] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1225] close(3) = 0 [pid 1225] close(4) = 0 [pid 1225] mkdir("./file0", 0777) = 0 [pid 1225] mount("/dev/loop0", "./file0", "exfat", 0, ""./strace-static-x86_64: Process 1226 attached [pid 1226] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1226] creat("./bus", 000) = 3 [pid 1226] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1226] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1224] <... futex resumed>) = 0 [pid 1224] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1224] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1226] <... futex resumed>) = 0 [pid 1226] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1226] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1224] <... futex resumed>) = 0 [pid 1224] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1224] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1226] <... futex resumed>) = 1 [pid 1226] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1226] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1224] <... futex resumed>) = 0 [pid 1224] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1224] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1226] <... futex resumed>) = 1 [pid 1226] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = 4096 [pid 1226] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1224] <... futex resumed>) = 0 [pid 1226] <... futex resumed>) = 1 [pid 1226] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1225] <... mount resumed>) = -1 EIO (Input/output error) [pid 1225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1225] ioctl(5, LOOP_CLR_FD) = 0 [pid 1225] close(5) = 0 [pid 1225] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1225] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1224] exit_group(0) = ? [pid 1225] <... futex resumed>) = ? [pid 1225] +++ exited with 0 +++ [pid 1226] <... futex resumed>) = ? [pid 1226] +++ exited with 0 +++ [pid 1224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1224, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./301", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./301/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./301/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./301/binderfs") = 0 umount2("./301/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./301/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./301/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./301/bus") = 0 umount2("./301/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./301/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./301/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./301/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./301") = 0 mkdir("./302", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1227 ./strace-static-x86_64: Process 1227 attached [pid 1227] set_robust_list(0x5555720a9760, 24) = 0 [pid 1227] chdir("./302") = 0 [pid 1227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1227] setpgid(0, 0) = 0 [pid 1227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1227] write(3, "1000", 4) = 4 [pid 1227] close(3) = 0 [pid 1227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1227] write(1, "executing program\n", 18executing program ) = 18 [pid 1227] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1227] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1227] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1228 attached => {parent_tid=[1228]}, 88) = 1228 [pid 1228] set_robust_list(0x7f9ba44469a0, 24 [pid 1227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1227] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1227] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1228] <... set_robust_list resumed>) = 0 [pid 1227] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1228] rt_sigprocmask(SIG_SETMASK, [], [pid 1227] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} [pid 1228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1227] <... clone3 resumed> => {parent_tid=[1229]}, 88) = 1229 [pid 1227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1227] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1229 attached [pid 1229] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1229] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1229] creat("./bus", 000 [pid 1228] memfd_create("syzkaller", 0 [pid 1229] <... creat resumed>) = 3 [pid 1228] <... memfd_create resumed>) = 4 [pid 1229] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1229] <... futex resumed>) = 1 [pid 1227] <... futex resumed>) = 0 [pid 1227] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1229] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1229] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1228] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1229] <... futex resumed>) = 1 [pid 1227] <... futex resumed>) = 0 [pid 1227] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1229] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 1229] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1228] <... write resumed>) = 131072 [pid 1229] <... futex resumed>) = 1 [pid 1227] <... futex resumed>) = 0 [pid 1229] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 1228] munmap(0x7f9b9c005000, 138412032 [pid 1227] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1229] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 1229] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1227] <... futex resumed>) = 0 [pid 1228] <... munmap resumed>) = 0 [pid 1229] <... futex resumed>) = 1 [pid 1228] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1229] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1228] <... openat resumed>) = 6 [ 44.913408][ T1225] loop0: detected capacity change from 0 to 256 [ 44.921285][ T1225] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.932219][ T1225] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 44.940660][ T1225] exFAT-fs (loop0): unable to set blocksize 33554432 [ 44.947733][ T1225] exFAT-fs (loop0): failed to read boot sector [ 44.953928][ T1225] exFAT-fs (loop0): failed to recognize exfat type [pid 1228] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 1228] close(4) = 0 [pid 1228] close(6) = 0 [pid 1228] mkdir("./file0", 0777) = 0 [pid 1228] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1228] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 1228] chdir("./file0") = 0 [pid 1228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1228] ioctl(6, LOOP_CLR_FD) = 0 [pid 1228] close(6) = 0 [pid 1228] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1227] exit_group(0) = ? [pid 1228] +++ exited with 0 +++ [pid 1229] <... futex resumed>) = ? [pid 1229] +++ exited with 0 +++ [pid 1227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1227, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./302", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./302/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./302/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./302/binderfs") = 0 umount2("./302/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./302/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./302/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./302/bus") = 0 umount2("./302/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./302/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./302/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./302/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./302/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./302") = 0 mkdir("./303", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1230 executing program ./strace-static-x86_64: Process 1230 attached [pid 1230] set_robust_list(0x5555720a9760, 24) = 0 [pid 1230] chdir("./303") = 0 [pid 1230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1230] setpgid(0, 0) = 0 [pid 1230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1230] write(3, "1000", 4) = 4 [pid 1230] close(3) = 0 [pid 1230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1230] write(1, "executing program\n", 18) = 18 [pid 1230] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1230] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1230] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1230] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1231]}, 88) = 1231 [pid 1230] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1230] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1230] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1230] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1232]}, 88) = 1232 [pid 1230] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1230] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1230] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1232 attached [pid 1232] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1232] creat("./bus", 000) = 3 [pid 1232] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] <... futex resumed>) = 0 [pid 1230] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1230] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1232] <... futex resumed>) = 1 [pid 1232] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1232] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] <... futex resumed>) = 0 [pid 1230] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1230] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1232] <... futex resumed>) = 1 [pid 1232] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1232] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] <... futex resumed>) = 0 [pid 1230] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1230] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1232] <... futex resumed>) = 1 [pid 1232] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1232] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] <... futex resumed>) = 0 [pid 1232] <... futex resumed>) = 1 [pid 1232] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1231 attached [pid 1231] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1231] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1231] memfd_create("syzkaller", 0) = 5 [pid 1231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1231] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1231] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 44.990731][ T1228] loop0: detected capacity change from 0 to 256 [ 44.999344][ T1228] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.009848][ T1228] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.019592][ T1228] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1231] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1231] close(5) = 0 [pid 1231] close(6) = 0 [pid 1231] mkdir("./file0", 0777) = 0 [pid 1231] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1231] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1231] chdir("./file0") = 0 [pid 1231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1231] ioctl(6, LOOP_CLR_FD) = 0 [pid 1231] close(6) = 0 [pid 1231] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1231] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1230] exit_group(0 [pid 1232] <... futex resumed>) = ? [pid 1230] <... exit_group resumed>) = ? [pid 1232] +++ exited with 0 +++ [pid 1231] <... futex resumed>) = ? [pid 1231] +++ exited with 0 +++ [pid 1230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1230, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./303", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./303/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./303/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./303/binderfs") = 0 umount2("./303/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./303/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./303/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./303/bus") = 0 umount2("./303/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./303/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./303/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./303/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./303/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./303") = 0 mkdir("./304", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1233 ./strace-static-x86_64: Process 1233 attached [pid 1233] set_robust_list(0x5555720a9760, 24) = 0 [pid 1233] chdir("./304") = 0 [pid 1233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1233] setpgid(0, 0) = 0 [pid 1233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1233] write(3, "1000", 4) = 4 [pid 1233] close(3) = 0 [pid 1233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1233] write(1, "executing program\n", 18executing program ) = 18 [pid 1233] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1233] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1233] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1233] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1234]}, 88) = 1234 [pid 1233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1233] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1233] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1233] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1235]}, 88) = 1235 [pid 1233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1233] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1233] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1234 attached [pid 1234] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1234] memfd_create("syzkaller", 0) = 3 [pid 1234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1234] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1234] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 45.058515][ T1231] loop0: detected capacity change from 0 to 256 [ 45.065928][ T1231] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.076449][ T1231] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.086979][ T1231] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1234] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1235 attached [pid 1235] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1235] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1235] creat("./bus", 000) = 5 [pid 1235] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1235] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1233] <... futex resumed>) = 0 [pid 1233] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1233] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1235] <... futex resumed>) = 0 [pid 1235] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1235] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1233] <... futex resumed>) = 0 [pid 1233] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1233] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1235] <... futex resumed>) = 1 [pid 1235] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 1235] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1233] <... futex resumed>) = 0 [pid 1233] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1233] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1234] <... ioctl resumed>) = 0 [pid 1235] <... futex resumed>) = 1 [pid 1234] close(3) = 0 [pid 1234] close(4 [pid 1235] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 1234] <... close resumed>) = 0 [pid 1235] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 1235] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1233] <... futex resumed>) = 0 [pid 1235] <... futex resumed>) = 1 [pid 1235] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1234] mkdir("./file0", 0777) = 0 [pid 1234] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1234] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1234] chdir("./file0") = 0 [pid 1234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1234] ioctl(4, LOOP_CLR_FD) = 0 [pid 1234] close(4) = 0 [pid 1234] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1234] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1233] exit_group(0) = ? [pid 1234] <... futex resumed>) = ? [pid 1234] +++ exited with 0 +++ [pid 1235] <... futex resumed>) = ? [pid 1235] +++ exited with 0 +++ [pid 1233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1233, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./304", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./304/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./304/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./304/binderfs") = 0 umount2("./304/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./304/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./304/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./304/bus") = 0 umount2("./304/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./304/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./304/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./304/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./304/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./304") = 0 mkdir("./305", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1236 ./strace-static-x86_64: Process 1236 attached [pid 1236] set_robust_list(0x5555720a9760, 24) = 0 [pid 1236] chdir("./305") = 0 [pid 1236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1236] setpgid(0, 0) = 0 [pid 1236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1236] write(3, "1000", 4) = 4 [pid 1236] close(3) = 0 [pid 1236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1236] write(1, "executing program\n", 18) = 18 [pid 1236] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1236] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1236] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1236] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1236] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1236] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1237]}, 88) = 1237 [pid 1236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1236] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1236] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1236] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1236] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1236] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1238]}, 88) = 1238 [pid 1236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1236] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1236] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1238 attached [pid 1238] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1238] creat("./bus", 000) = 3 [pid 1238] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1236] <... futex resumed>) = 0 [pid 1236] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1236] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1238] <... futex resumed>) = 1 [pid 1238] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1238] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1236] <... futex resumed>) = 0 [pid 1236] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1236] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1238] <... futex resumed>) = 1 [pid 1238] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1238] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1236] <... futex resumed>) = 0 [pid 1236] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1236] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1238] <... futex resumed>) = 1 [pid 1238] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1238] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1236] <... futex resumed>) = 0 [pid 1238] <... futex resumed>) = 1 [pid 1238] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1237 attached [pid 1237] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1237] memfd_create("syzkaller", 0) = 5 [pid 1237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1237] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1237] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 45.123398][ T1234] loop0: detected capacity change from 0 to 256 [ 45.133062][ T1234] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.143698][ T1234] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.153624][ T1234] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1237] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1237] close(5) = 0 [pid 1237] close(6) = 0 [pid 1237] mkdir("./file0", 0777) = 0 [pid 1237] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1237] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1237] chdir("./file0") = 0 [pid 1237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1237] ioctl(6, LOOP_CLR_FD) = 0 [pid 1237] close(6) = 0 [pid 1237] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1237] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1236] exit_group(0) = ? [pid 1237] <... futex resumed>) = ? [pid 1237] +++ exited with 0 +++ [pid 1238] <... futex resumed>) = ? [pid 1238] +++ exited with 0 +++ [pid 1236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1236, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./305", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./305/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./305/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./305/binderfs") = 0 umount2("./305/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./305/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./305/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./305/bus") = 0 umount2("./305/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./305/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./305/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./305/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./305/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./305") = 0 mkdir("./306", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1239 ./strace-static-x86_64: Process 1239 attached [pid 1239] set_robust_list(0x5555720a9760, 24) = 0 [pid 1239] chdir("./306") = 0 [pid 1239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1239] setpgid(0, 0) = 0 [pid 1239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1239] write(3, "1000", 4) = 4 [pid 1239] close(3) = 0 [pid 1239] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1239] write(1, "executing program\n", 18) = 18 [pid 1239] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1239] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1239] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1239] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1240]}, 88) = 1240 [pid 1239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1239] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1239] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1239] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1241]}, 88) = 1241 [pid 1239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1239] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1239] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1241 attached [pid 1241] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1241] creat("./bus", 000) = 3 [pid 1241] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = 0 [pid 1239] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1239] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1241] <... futex resumed>) = 1 [pid 1241] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1241] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = 0 [pid 1239] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1239] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1241] <... futex resumed>) = 1 [pid 1241] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1241] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = 0 [pid 1239] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1239] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1241] <... futex resumed>) = 1 [pid 1241] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1241] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = 0 [pid 1241] <... futex resumed>) = 1 [pid 1241] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1240 attached [pid 1240] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1240] memfd_create("syzkaller", 0) = 5 [pid 1240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1240] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1240] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 45.193166][ T1237] loop0: detected capacity change from 0 to 256 [ 45.200789][ T1237] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.211431][ T1237] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.222381][ T1237] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1240] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1240] close(5) = 0 [pid 1240] close(6) = 0 [pid 1240] mkdir("./file0", 0777) = 0 [pid 1240] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1240] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1240] chdir("./file0") = 0 [pid 1240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1240] ioctl(6, LOOP_CLR_FD) = 0 [pid 1240] close(6) = 0 [pid 1240] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1240] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1239] exit_group(0) = ? [pid 1240] <... futex resumed>) = ? [pid 1240] +++ exited with 0 +++ [pid 1241] <... futex resumed>) = ? [pid 1241] +++ exited with 0 +++ [pid 1239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1239, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./306", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./306/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./306/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./306/binderfs") = 0 umount2("./306/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./306/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./306/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./306/bus") = 0 umount2("./306/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./306/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./306/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./306/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./306/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./306") = 0 mkdir("./307", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1242 ./strace-static-x86_64: Process 1242 attached [pid 1242] set_robust_list(0x5555720a9760, 24) = 0 [pid 1242] chdir("./307") = 0 [pid 1242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1242] setpgid(0, 0) = 0 [pid 1242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 1242] write(3, "1000", 4) = 4 [pid 1242] close(3) = 0 [pid 1242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1242] write(1, "executing program\n", 18) = 18 [pid 1242] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1242] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1242] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1242] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1242] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1242] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1243]}, 88) = 1243 ./strace-static-x86_64: Process 1243 attached [pid 1242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1242] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1242] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1242] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 1243] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1242] <... mprotect resumed>) = 0 [pid 1243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1242] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1243] memfd_create("syzkaller", 0 [pid 1242] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1242] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1244]}, 88) = 1244 [pid 1242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1242] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1242] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1244 attached [pid 1244] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1244] creat("./bus", 000 [pid 1243] <... memfd_create resumed>) = 4 [pid 1244] <... creat resumed>) = 3 [pid 1243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1244] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1242] <... futex resumed>) = 0 [pid 1242] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1242] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1244] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1244] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1242] <... futex resumed>) = 0 [pid 1242] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1242] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1244] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 1244] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1243] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1242] <... futex resumed>) = 0 [pid 1242] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1242] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1244] <... futex resumed>) = 1 [pid 1244] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1244] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1242] <... futex resumed>) = 0 [pid 1244] <... futex resumed>) = 1 [pid 1244] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1243] <... write resumed>) = 131072 [pid 1243] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 45.257339][ T1240] loop0: detected capacity change from 0 to 256 [ 45.265218][ T1240] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.275892][ T1240] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.286526][ T1240] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1243] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 1243] close(4) = 0 [pid 1243] close(6) = 0 [pid 1243] mkdir("./file0", 0777) = 0 [pid 1243] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1243] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 1243] chdir("./file0") = 0 [pid 1243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1243] ioctl(6, LOOP_CLR_FD) = 0 [pid 1243] close(6) = 0 [pid 1243] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1243] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1242] exit_group(0) = ? [pid 1243] <... futex resumed>) = ? [pid 1243] +++ exited with 0 +++ [pid 1244] <... futex resumed>) = ? [pid 1244] +++ exited with 0 +++ [pid 1242] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1242, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./307", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./307/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./307/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./307/binderfs") = 0 umount2("./307/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./307/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./307/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./307/bus") = 0 umount2("./307/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./307/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./307/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./307/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./307/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./307") = 0 mkdir("./308", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1245 ./strace-static-x86_64: Process 1245 attached [pid 1245] set_robust_list(0x5555720a9760, 24) = 0 [pid 1245] chdir("./308") = 0 [pid 1245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1245] setpgid(0, 0) = 0 [pid 1245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1245] write(3, "1000", 4) = 4 [pid 1245] close(3) = 0 [pid 1245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1245] write(1, "executing program\n", 18executing program ) = 18 [pid 1245] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1245] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1245] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1245] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1246 attached [pid 1246] set_robust_list(0x7f9ba44469a0, 24 [pid 1245] <... clone3 resumed> => {parent_tid=[1246]}, 88) = 1246 [pid 1246] <... set_robust_list resumed>) = 0 [pid 1246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1246] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1245] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1246] <... futex resumed>) = 0 [ 45.321325][ T1243] loop0: detected capacity change from 0 to 256 [ 45.330004][ T1243] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.340508][ T1243] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.350899][ T1243] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1246] memfd_create("syzkaller", 0 [pid 1245] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1246] <... memfd_create resumed>) = 3 [pid 1246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c026000 [pid 1245] <... futex resumed>) = 0 [pid 1245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9b9c005000 [pid 1245] mprotect(0x7f9b9c006000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1246] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1245] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1245] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9b9c025990, parent_tid=0x7f9b9c025990, exit_signal=0, stack=0x7f9b9c005000, stack_size=0x20240, tls=0x7f9b9c0256c0} [pid 1246] <... write resumed>) = 131072 [pid 1246] munmap(0x7f9b9c026000, 138412032./strace-static-x86_64: Process 1247 attached ) = 0 [pid 1246] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1245] <... clone3 resumed> => {parent_tid=[1247]}, 88) = 1247 [pid 1247] set_robust_list(0x7f9b9c0259a0, 24 [pid 1246] <... openat resumed>) = 4 [pid 1246] ioctl(4, LOOP_SET_FD, 3 [pid 1247] <... set_robust_list resumed>) = 0 [pid 1245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1245] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1245] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1247] creat("./bus", 000) = 5 [pid 1247] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1245] <... futex resumed>) = 0 [pid 1245] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1245] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1247] <... futex resumed>) = 1 [pid 1247] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1247] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1245] <... futex resumed>) = 0 [pid 1245] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1245] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1247] <... futex resumed>) = 1 [pid 1247] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 1247] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1245] <... futex resumed>) = 0 [pid 1245] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1245] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1247] <... futex resumed>) = 1 [pid 1247] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 1247] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1245] <... futex resumed>) = 0 [pid 1247] <... futex resumed>) = 1 [pid 1246] <... ioctl resumed>) = 0 [pid 1247] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1246] close(3) = 0 [pid 1246] close(4) = 0 [pid 1246] mkdir("./file0", 0777) = 0 [pid 1246] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1246] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1246] chdir("./file0") = 0 [pid 1246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1246] ioctl(4, LOOP_CLR_FD) = 0 [pid 1246] close(4) = 0 [pid 1246] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1246] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1245] exit_group(0) = ? [pid 1246] <... futex resumed>) = ? [pid 1246] +++ exited with 0 +++ [pid 1247] <... futex resumed>) = ? [pid 1247] +++ exited with 0 +++ [pid 1245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1245, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./308", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./308/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./308/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./308/binderfs") = 0 umount2("./308/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./308/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./308/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./308/bus") = 0 umount2("./308/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./308/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./308/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./308/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./308/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./308") = 0 mkdir("./309", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1248 ./strace-static-x86_64: Process 1248 attached [pid 1248] set_robust_list(0x5555720a9760, 24) = 0 [pid 1248] chdir("./309") = 0 [pid 1248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1248] setpgid(0, 0) = 0 [pid 1248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1248] write(3, "1000", 4) = 4 [pid 1248] close(3) = 0 [pid 1248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1248] write(1, "executing program\n", 18) = 18 [pid 1248] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1248] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1248] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1248] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1249]}, 88) = 1249 [pid 1248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1248] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1248] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1248] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1250]}, 88) = 1250 [pid 1248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1248] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1248] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1250 attached [pid 1250] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1250] creat("./bus", 000) = 3 [pid 1250] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1248] <... futex resumed>) = 0 [pid 1248] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1248] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1250] <... futex resumed>) = 1 [pid 1250] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1250] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1248] <... futex resumed>) = 0 [pid 1248] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1248] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1250] <... futex resumed>) = 1 [pid 1250] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1250] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1248] <... futex resumed>) = 0 [pid 1248] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1248] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1250] <... futex resumed>) = 1 [pid 1250] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1250] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1248] <... futex resumed>) = 0 [pid 1250] <... futex resumed>) = 1 [pid 1250] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1249 attached [pid 1249] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1249] memfd_create("syzkaller", 0) = 5 [pid 1249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1249] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1249] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 45.408002][ T1246] loop0: detected capacity change from 0 to 256 [ 45.417041][ T1246] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.427590][ T1246] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.437980][ T1246] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1249] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1249] close(5) = 0 [pid 1249] close(6) = 0 [pid 1249] mkdir("./file0", 0777) = 0 [pid 1249] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1249] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1249] chdir("./file0") = 0 [pid 1249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1249] ioctl(6, LOOP_CLR_FD) = 0 [pid 1249] close(6) = 0 [pid 1249] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1249] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1248] exit_group(0) = ? [pid 1249] <... futex resumed>) = ? [pid 1249] +++ exited with 0 +++ [pid 1250] <... futex resumed>) = ? [pid 1250] +++ exited with 0 +++ [pid 1248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1248, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./309", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./309/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./309/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./309/binderfs") = 0 umount2("./309/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./309/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./309/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./309/bus") = 0 umount2("./309/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./309/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./309/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./309/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./309/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./309") = 0 mkdir("./310", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1251 ./strace-static-x86_64: Process 1251 attached [pid 1251] set_robust_list(0x5555720a9760, 24) = 0 [pid 1251] chdir("./310") = 0 [pid 1251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1251] setpgid(0, 0) = 0 [pid 1251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1251] write(3, "1000", 4) = 4 [pid 1251] close(3) = 0 [pid 1251] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1251] write(1, "executing program\n", 18) = 18 [pid 1251] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1251] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1251] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1251] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1251] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1251] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1252]}, 88) = 1252 [pid 1251] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1251] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1251] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1251] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1251] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1251] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1253]}, 88) = 1253 ./strace-static-x86_64: Process 1252 attached [pid 1251] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1251] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1251] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1253 attached [pid 1253] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1253] creat("./bus", 000 [pid 1252] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1253] <... creat resumed>) = 3 [pid 1252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1252] memfd_create("syzkaller", 0 [pid 1253] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1252] <... memfd_create resumed>) = 4 [pid 1252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1253] <... futex resumed>) = 1 [pid 1251] <... futex resumed>) = 0 [pid 1251] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1251] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1253] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1253] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1252] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1253] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1251] <... futex resumed>) = 0 [pid 1253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1251] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1253] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 1252] <... write resumed>) = 131072 [pid 1251] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1252] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1253] <... open resumed>) = 5 [pid 1252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1252] ioctl(6, LOOP_SET_FD, 4 [pid 1253] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1251] <... futex resumed>) = 0 [ 45.476113][ T1249] loop0: detected capacity change from 0 to 256 [ 45.483646][ T1249] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.494351][ T1249] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.504657][ T1249] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1251] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1251] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1253] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 1253] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1251] <... futex resumed>) = 0 [pid 1253] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1252] <... ioctl resumed>) = 0 [pid 1252] close(4) = 0 [pid 1252] close(6) = 0 [pid 1252] mkdir("./file0", 0777) = 0 [pid 1252] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1252] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 1252] chdir("./file0") = 0 [pid 1252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1252] ioctl(6, LOOP_CLR_FD) = 0 [pid 1252] close(6) = 0 [pid 1252] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1252] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1251] exit_group(0 [pid 1253] <... futex resumed>) = ? [pid 1251] <... exit_group resumed>) = ? [pid 1253] +++ exited with 0 +++ [pid 1252] <... futex resumed>) = ? [pid 1252] +++ exited with 0 +++ [pid 1251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1251, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./310", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./310/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./310/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./310/binderfs") = 0 umount2("./310/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./310/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./310/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./310/bus") = 0 umount2("./310/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./310/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./310/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./310/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./310/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./310") = 0 mkdir("./311", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1254 ./strace-static-x86_64: Process 1254 attached [pid 1254] set_robust_list(0x5555720a9760, 24) = 0 [pid 1254] chdir("./311") = 0 [pid 1254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1254] setpgid(0, 0) = 0 [pid 1254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1254] write(3, "1000", 4) = 4 [pid 1254] close(3) = 0 [pid 1254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1254] write(1, "executing program\n", 18) = 18 [pid 1254] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1254] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1254] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1254] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1255]}, 88) = 1255 [pid 1254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1254] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1254] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1254] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1256]}, 88) = 1256 [pid 1254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1254] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 45.541350][ T1252] loop0: detected capacity change from 0 to 256 [ 45.549201][ T1252] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.559727][ T1252] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.570521][ T1252] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1254] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1256 attached [pid 1256] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1256] creat("./bus", 000) = 3 [pid 1256] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1254] <... futex resumed>) = 0 [pid 1254] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1254] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1256] <... futex resumed>) = 1 [pid 1256] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1256] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1254] <... futex resumed>) = 0 [pid 1254] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1254] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1256] <... futex resumed>) = 1 [pid 1256] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1256] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1254] <... futex resumed>) = 0 [pid 1254] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1254] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1256] <... futex resumed>) = 1 [pid 1256] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1256] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1254] <... futex resumed>) = 0 [pid 1256] <... futex resumed>) = 1 [pid 1256] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1255 attached [pid 1255] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1255] memfd_create("syzkaller", 0) = 5 [pid 1255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1255] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1255] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1255] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1255] close(5) = 0 [pid 1255] close(6) = 0 [pid 1255] mkdir("./file0", 0777) = 0 [pid 1255] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1255] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1255] chdir("./file0") = 0 [pid 1255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1255] ioctl(6, LOOP_CLR_FD) = 0 [pid 1255] close(6) = 0 [pid 1255] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1255] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1254] exit_group(0) = ? [pid 1255] <... futex resumed>) = ? [pid 1255] +++ exited with 0 +++ [pid 1256] <... futex resumed>) = ? [pid 1256] +++ exited with 0 +++ [pid 1254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1254, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./311", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./311/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./311/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./311/binderfs") = 0 umount2("./311/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./311/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./311/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./311/bus") = 0 umount2("./311/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./311/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./311/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./311/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./311/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./311") = 0 mkdir("./312", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1257 ./strace-static-x86_64: Process 1257 attached [pid 1257] set_robust_list(0x5555720a9760, 24) = 0 [pid 1257] chdir("./312") = 0 [pid 1257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1257] setpgid(0, 0) = 0 [pid 1257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1257] write(3, "1000", 4) = 4 [pid 1257] close(3) = 0 [pid 1257] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1257] write(1, "executing program\n", 18) = 18 [pid 1257] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1257] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1257] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1257] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1257] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1257] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1258]}, 88) = 1258 [pid 1257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1257] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1257] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1257] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1257] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1257] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1259]}, 88) = 1259 [pid 1257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1257] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1257] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1259 attached [pid 1259] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1259] creat("./bus", 000) = 3 [pid 1259] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1257] <... futex resumed>) = 0 [pid 1257] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1257] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1259] <... futex resumed>) = 1 [pid 1259] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1259] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1257] <... futex resumed>) = 0 [pid 1257] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1257] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1259] <... futex resumed>) = 1 [pid 1259] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1259] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1257] <... futex resumed>) = 0 [pid 1257] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1257] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1259] <... futex resumed>) = 1 [pid 1259] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1259] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1257] <... futex resumed>) = 0 [pid 1259] <... futex resumed>) = 1 [pid 1259] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1258 attached [pid 1258] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1258] memfd_create("syzkaller", 0) = 5 [pid 1258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1258] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1258] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 45.606168][ T1255] loop0: detected capacity change from 0 to 256 [ 45.614860][ T1255] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.625654][ T1255] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.635636][ T1255] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1258] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1258] close(5) = 0 [pid 1258] close(6) = 0 [pid 1258] mkdir("./file0", 0777) = 0 [pid 1258] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1258] chdir("./file0") = 0 [pid 1258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1258] ioctl(6, LOOP_CLR_FD) = 0 [pid 1258] close(6) = 0 [pid 1258] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1258] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1257] exit_group(0 [pid 1259] <... futex resumed>) = ? [pid 1257] <... exit_group resumed>) = ? [pid 1259] +++ exited with 0 +++ [pid 1258] <... futex resumed>) = ? [pid 1258] +++ exited with 0 +++ [pid 1257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1257, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./312", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./312/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./312/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./312/binderfs") = 0 umount2("./312/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./312/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./312/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./312/bus") = 0 umount2("./312/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./312/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./312/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./312/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./312/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./312") = 0 mkdir("./313", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1260 ./strace-static-x86_64: Process 1260 attached [pid 1260] set_robust_list(0x5555720a9760, 24) = 0 [pid 1260] chdir("./313") = 0 [pid 1260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1260] setpgid(0, 0) = 0 [pid 1260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1260] write(3, "1000", 4) = 4 [pid 1260] close(3) = 0 [pid 1260] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1260] write(1, "executing program\n", 18) = 18 [pid 1260] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1260] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1260] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1260] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1261]}, 88) = 1261 [pid 1260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1260] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1260] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1260] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1262]}, 88) = 1262 [pid 1260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1260] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1260] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1262 attached [pid 1262] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1262] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1262] creat("./bus", 000) = 3 [pid 1262] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1260] <... futex resumed>) = 0 [pid 1260] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1260] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1262] <... futex resumed>) = 1 [pid 1262] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1262] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1260] <... futex resumed>) = 0 [pid 1260] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1260] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1262] <... futex resumed>) = 1 [pid 1262] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1262] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1260] <... futex resumed>) = 0 [pid 1260] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1260] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1262] <... futex resumed>) = 1 [pid 1262] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1262] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1260] <... futex resumed>) = 0 [pid 1262] <... futex resumed>) = 1 [pid 1262] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1261 attached [pid 1261] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1261] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1261] memfd_create("syzkaller", 0) = 5 [pid 1261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1261] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1261] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 45.676438][ T1258] loop0: detected capacity change from 0 to 256 [ 45.684184][ T1258] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.694953][ T1258] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.705465][ T1258] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1261] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1261] close(5) = 0 [pid 1261] close(6) = 0 [pid 1261] mkdir("./file0", 0777) = 0 [pid 1261] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1261] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1261] chdir("./file0") = 0 [pid 1261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1261] ioctl(6, LOOP_CLR_FD) = 0 [pid 1261] close(6) = 0 [pid 1261] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1261] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1260] exit_group(0) = ? [pid 1261] <... futex resumed>) = ? [pid 1261] +++ exited with 0 +++ [pid 1262] <... futex resumed>) = ? [pid 1262] +++ exited with 0 +++ [pid 1260] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1260, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./313", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./313/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./313/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./313/binderfs") = 0 umount2("./313/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./313/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./313/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./313/bus") = 0 umount2("./313/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./313/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./313/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./313/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./313/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./313") = 0 mkdir("./314", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1263 ./strace-static-x86_64: Process 1263 attached [pid 1263] set_robust_list(0x5555720a9760, 24) = 0 [pid 1263] chdir("./314") = 0 [pid 1263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1263] setpgid(0, 0) = 0 [pid 1263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 1263] write(3, "1000", 4) = 4 [pid 1263] close(3) = 0 [pid 1263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1263] write(1, "executing program\n", 18) = 18 [pid 1263] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1263] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1263] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1264]}, 88) = 1264 [pid 1263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1263] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1263] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1263] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1265]}, 88) = 1265 [pid 1263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1263] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1263] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1265 attached [pid 1265] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1265] creat("./bus", 000) = 3 [pid 1265] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] <... futex resumed>) = 0 [pid 1263] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1263] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1265] <... futex resumed>) = 1 [pid 1265] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1265] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] <... futex resumed>) = 0 [pid 1263] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1263] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1265] <... futex resumed>) = 1 [pid 1265] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1265] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] <... futex resumed>) = 0 [pid 1263] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1263] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1265] <... futex resumed>) = 1 [pid 1265] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1265] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] <... futex resumed>) = 0 [pid 1265] <... futex resumed>) = 1 [pid 1265] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1264 attached [pid 1264] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1264] memfd_create("syzkaller", 0) = 5 [pid 1264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1264] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1264] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 45.743303][ T1261] loop0: detected capacity change from 0 to 256 [ 45.750804][ T1261] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.761363][ T1261] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.771208][ T1261] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1264] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1264] close(5) = 0 [pid 1264] close(6) = 0 [pid 1264] mkdir("./file0", 0777) = 0 [pid 1264] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1264] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1264] chdir("./file0") = 0 [pid 1264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1264] ioctl(6, LOOP_CLR_FD) = 0 [pid 1264] close(6) = 0 [pid 1264] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1264] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1263] exit_group(0) = ? [pid 1264] <... futex resumed>) = ? [pid 1264] +++ exited with 0 +++ [pid 1265] <... futex resumed>) = ? [pid 1265] +++ exited with 0 +++ [pid 1263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1263, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./314", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./314/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./314/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./314/binderfs") = 0 umount2("./314/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./314/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./314/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./314/bus") = 0 umount2("./314/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./314/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./314/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./314/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./314/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./314") = 0 mkdir("./315", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1266 executing program ./strace-static-x86_64: Process 1266 attached [pid 1266] set_robust_list(0x5555720a9760, 24) = 0 [pid 1266] chdir("./315") = 0 [pid 1266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1266] setpgid(0, 0) = 0 [pid 1266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1266] write(3, "1000", 4) = 4 [pid 1266] close(3) = 0 [pid 1266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1266] write(1, "executing program\n", 18) = 18 [pid 1266] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1266] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1266] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1266] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1266] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1267]}, 88) = 1267 [pid 1266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1266] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1266] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1266] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1266] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1268]}, 88) = 1268 [pid 1266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1266] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1266] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1268 attached [pid 1268] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1268] creat("./bus", 000) = 3 [pid 1268] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1266] <... futex resumed>) = 0 [pid 1266] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1266] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1268] <... futex resumed>) = 1 [pid 1268] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1268] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1266] <... futex resumed>) = 0 [pid 1266] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1266] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1268] <... futex resumed>) = 1 [pid 1268] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1268] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1266] <... futex resumed>) = 0 [pid 1266] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1266] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1268] <... futex resumed>) = 1 [pid 1268] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1268] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1266] <... futex resumed>) = 0 [pid 1268] <... futex resumed>) = 1 [pid 1268] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1267 attached [pid 1267] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1267] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1267] memfd_create("syzkaller", 0) = 5 [pid 1267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1267] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1267] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 45.809871][ T1264] loop0: detected capacity change from 0 to 256 [ 45.818167][ T1264] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.828732][ T1264] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.839330][ T1264] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1267] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1267] close(5) = 0 [pid 1267] close(6) = 0 [pid 1267] mkdir("./file0", 0777) = 0 [pid 1267] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1267] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1267] chdir("./file0") = 0 [pid 1267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1267] ioctl(6, LOOP_CLR_FD) = 0 [pid 1267] close(6) = 0 [pid 1267] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1267] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1266] exit_group(0 [pid 1268] <... futex resumed>) = ? [pid 1266] <... exit_group resumed>) = ? [pid 1268] +++ exited with 0 +++ [pid 1267] <... futex resumed>) = ? [pid 1267] +++ exited with 0 +++ [pid 1266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1266, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./315", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./315/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./315/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./315/binderfs") = 0 umount2("./315/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./315/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./315/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./315/bus") = 0 umount2("./315/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./315/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./315/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./315/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./315/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./315") = 0 mkdir("./316", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1270 ./strace-static-x86_64: Process 1270 attached [pid 1270] set_robust_list(0x5555720a9760, 24) = 0 executing program [pid 1270] chdir("./316") = 0 [pid 1270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1270] setpgid(0, 0) = 0 [pid 1270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1270] write(3, "1000", 4) = 4 [pid 1270] close(3) = 0 [pid 1270] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1270] write(1, "executing program\n", 18) = 18 [pid 1270] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1270] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1270] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1270] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1271 attached [pid 1271] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1271] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1270] <... clone3 resumed> => {parent_tid=[1271]}, 88) = 1271 [pid 1270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1270] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1271] <... futex resumed>) = 0 [pid 1271] memfd_create("syzkaller", 0 [pid 1270] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1270] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1270] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 1271] <... memfd_create resumed>) = 3 [pid 1270] <... mprotect resumed>) = 0 [pid 1271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1270] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1270] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 1272 attached [pid 1272] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1272] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1270] <... clone3 resumed> => {parent_tid=[1272]}, 88) = 1272 [pid 1270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1271] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1270] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1272] <... futex resumed>) = 0 [pid 1272] creat("./bus", 000 [pid 1270] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1272] <... creat resumed>) = 4 [pid 1272] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1272] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1271] <... write resumed>) = 131072 [pid 1271] munmap(0x7f9b9c005000, 138412032 [pid 1270] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1271] <... munmap resumed>) = 0 [pid 1270] <... futex resumed>) = 1 [pid 1272] <... futex resumed>) = 0 [pid 1271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1271] ioctl(5, LOOP_SET_FD, 3 [pid 1272] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1270] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1272] <... mount resumed>) = 0 [ 45.876960][ T1267] loop0: detected capacity change from 0 to 256 [ 45.884313][ T1267] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.894948][ T1267] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.905658][ T1267] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1272] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1272] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1270] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1272] <... futex resumed>) = 0 [pid 1272] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 1272] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1272] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1270] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1270] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1272] <... futex resumed>) = 0 [pid 1272] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 1272] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1272] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1270] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1271] <... ioctl resumed>) = 0 [pid 1271] close(3) = 0 [pid 1271] close(5) = 0 [pid 1271] mkdir("./file0", 0777) = 0 [pid 1271] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1271] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1271] chdir("./file0") = 0 [pid 1271] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1271] ioctl(5, LOOP_CLR_FD) = 0 [pid 1271] close(5) = 0 [pid 1271] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1271] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1270] exit_group(0) = ? [pid 1271] <... futex resumed>) = ? [pid 1271] +++ exited with 0 +++ [pid 1272] <... futex resumed>) = ? [pid 1272] +++ exited with 0 +++ [pid 1270] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1270, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./316", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./316/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./316/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./316/binderfs") = 0 umount2("./316/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./316/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./316/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./316/bus") = 0 umount2("./316/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./316/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./316/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./316/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./316/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./316") = 0 mkdir("./317", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1273 ./strace-static-x86_64: Process 1273 attached [pid 1273] set_robust_list(0x5555720a9760, 24) = 0 [pid 1273] chdir("./317") = 0 [pid 1273] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1273] setpgid(0, 0) = 0 [pid 1273] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1273] write(3, "1000", 4) = 4 [pid 1273] close(3) = 0 [pid 1273] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1273] write(1, "executing program\n", 18executing program ) = 18 [pid 1273] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1273] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1273] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1273] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1274]}, 88) = 1274 ./strace-static-x86_64: Process 1274 attached [pid 1273] rt_sigprocmask(SIG_SETMASK, [], [pid 1274] set_robust_list(0x7f9ba44469a0, 24 [pid 1273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1273] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1273] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1273] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1273] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1273] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1273] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1275]}, 88) = 1275 [pid 1273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1273] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1273] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1275 attached [pid 1275] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1275] creat("./bus", 000 [pid 1274] <... set_robust_list resumed>) = 0 [pid 1274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1275] <... creat resumed>) = 3 [pid 1275] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1273] <... futex resumed>) = 0 [pid 1273] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1273] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] <... futex resumed>) = 1 [pid 1275] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1275] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1273] <... futex resumed>) = 0 [pid 1273] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1273] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] <... futex resumed>) = 1 [pid 1275] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1275] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1273] <... futex resumed>) = 0 [pid 1273] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1273] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1275] <... futex resumed>) = 1 [pid 1275] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1275] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1273] <... futex resumed>) = 0 [pid 1275] <... futex resumed>) = 1 [pid 1275] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1274] memfd_create("syzkaller", 0) = 5 [pid 1274] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1274] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1274] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 45.938750][ T1271] loop0: detected capacity change from 0 to 256 [ 45.946693][ T1271] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.957360][ T1271] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 45.967781][ T1271] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1274] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1274] close(5) = 0 [pid 1274] close(6) = 0 [pid 1274] mkdir("./file0", 0777) = 0 [pid 1274] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1274] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1274] chdir("./file0") = 0 [pid 1274] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1274] ioctl(6, LOOP_CLR_FD) = 0 [pid 1274] close(6) = 0 [pid 1274] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1274] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1273] exit_group(0 [pid 1275] <... futex resumed>) = ? [pid 1273] <... exit_group resumed>) = ? [pid 1275] +++ exited with 0 +++ [pid 1274] <... futex resumed>) = ? [pid 1274] +++ exited with 0 +++ [pid 1273] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1273, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./317", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./317/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./317/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./317/binderfs") = 0 umount2("./317/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./317/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./317/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./317/bus") = 0 umount2("./317/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./317/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./317/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./317/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./317/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./317") = 0 mkdir("./318", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1276 ./strace-static-x86_64: Process 1276 attached [pid 1276] set_robust_list(0x5555720a9760, 24) = 0 [pid 1276] chdir("./318") = 0 [pid 1276] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1276] setpgid(0, 0) = 0 executing program [pid 1276] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1276] write(3, "1000", 4) = 4 [pid 1276] close(3) = 0 [pid 1276] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1276] write(1, "executing program\n", 18) = 18 [pid 1276] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1276] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1276] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1276] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1277]}, 88) = 1277 [pid 1276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1276] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1276] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1276] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1276] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1276] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1276] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1278]}, 88) = 1278 [pid 1276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1276] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1276] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1278 attached [pid 1278] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1278] creat("./bus", 000) = 3 [pid 1278] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1276] <... futex resumed>) = 0 [pid 1276] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1276] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1278] <... futex resumed>) = 1 [pid 1278] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1278] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1276] <... futex resumed>) = 0 [pid 1276] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1276] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1278] <... futex resumed>) = 1 [pid 1278] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1278] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1276] <... futex resumed>) = 0 [pid 1276] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1276] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1278] <... futex resumed>) = 1 [pid 1278] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1278] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1276] <... futex resumed>) = 0 [pid 1278] <... futex resumed>) = 1 [pid 1278] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1277 attached [pid 1277] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1277] memfd_create("syzkaller", 0) = 5 [pid 1277] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1277] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1277] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 46.015190][ T1274] loop0: detected capacity change from 0 to 256 [ 46.023735][ T1274] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 46.034277][ T1274] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 46.044905][ T1274] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1277] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1277] close(5) = 0 [pid 1277] close(6) = 0 [pid 1277] mkdir("./file0", 0777) = 0 [pid 1277] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1277] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1277] chdir("./file0") = 0 [pid 1277] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1277] ioctl(6, LOOP_CLR_FD) = 0 [pid 1277] close(6) = 0 [pid 1277] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1277] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1276] exit_group(0 [pid 1278] <... futex resumed>) = ? [pid 1276] <... exit_group resumed>) = ? [pid 1278] +++ exited with 0 +++ [pid 1277] <... futex resumed>) = ? [pid 1277] +++ exited with 0 +++ [pid 1276] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1276, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./318", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./318/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./318/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./318/binderfs") = 0 umount2("./318/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./318/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./318/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./318/bus") = 0 umount2("./318/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./318/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./318/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./318/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./318/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./318") = 0 mkdir("./319", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1279 ./strace-static-x86_64: Process 1279 attached [pid 1279] set_robust_list(0x5555720a9760, 24) = 0 [pid 1279] chdir("./319") = 0 [pid 1279] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1279] setpgid(0, 0) = 0 [pid 1279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1279] write(3, "1000", 4) = 4 [pid 1279] close(3) = 0 [pid 1279] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1279] write(1, "executing program\n", 18executing program ) = 18 [pid 1279] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1279] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1279] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1279] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1279] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0}./strace-static-x86_64: Process 1280 attached => {parent_tid=[1280]}, 88) = 1280 [pid 1280] set_robust_list(0x7f9ba44469a0, 24 [pid 1279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1279] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1279] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1280] <... set_robust_list resumed>) = 0 [pid 1279] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE [pid 1280] rt_sigprocmask(SIG_SETMASK, [], [pid 1279] <... mprotect resumed>) = 0 [pid 1280] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1279] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1280] memfd_create("syzkaller", 0 [pid 1279] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1280] <... memfd_create resumed>) = 3 [pid 1280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1279] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1281]}, 88) = 1281 [pid 1279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1279] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1279] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1281 attached [pid 1280] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 1281] set_robust_list(0x7f9ba44259a0, 24 [pid 1280] <... write resumed>) = 131072 [pid 1281] <... set_robust_list resumed>) = 0 [pid 1281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1281] creat("./bus", 000 [pid 1280] munmap(0x7f9b9c005000, 138412032 [pid 1281] <... creat resumed>) = 4 [pid 1281] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1279] <... futex resumed>) = 0 [pid 1279] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] <... munmap resumed>) = 0 [pid 1279] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] <... futex resumed>) = 1 [pid 1281] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 1280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1281] <... mount resumed>) = 0 [pid 1280] ioctl(5, LOOP_SET_FD, 3 [pid 1281] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 46.083839][ T1277] loop0: detected capacity change from 0 to 256 [ 46.091949][ T1277] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 46.102517][ T1277] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 46.113051][ T1277] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1281] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1279] <... futex resumed>) = 0 [pid 1279] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1279] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] <... futex resumed>) = 0 [pid 1281] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 1281] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1279] <... futex resumed>) = 0 [pid 1279] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1279] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1281] <... futex resumed>) = 1 [pid 1281] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 1281] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1279] <... futex resumed>) = 0 [pid 1281] <... futex resumed>) = 1 [pid 1281] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1280] <... ioctl resumed>) = 0 [pid 1280] close(3) = 0 [pid 1280] close(5) = 0 [pid 1280] mkdir("./file0", 0777) = 0 [pid 1280] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1280] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 1280] chdir("./file0") = 0 [pid 1280] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 1280] ioctl(5, LOOP_CLR_FD) = 0 [pid 1280] close(5) = 0 [pid 1280] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1280] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1279] exit_group(0 [pid 1281] <... futex resumed>) = ? [pid 1279] <... exit_group resumed>) = ? [pid 1281] +++ exited with 0 +++ [pid 1280] <... futex resumed>) = ? [pid 1280] +++ exited with 0 +++ [pid 1279] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1279, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./319", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./319/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./319/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./319/binderfs") = 0 umount2("./319/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./319/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./319/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./319/bus") = 0 umount2("./319/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./319/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./319/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./319/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./319/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./319") = 0 mkdir("./320", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1282 ./strace-static-x86_64: Process 1282 attached [pid 1282] set_robust_list(0x5555720a9760, 24) = 0 [pid 1282] chdir("./320") = 0 [pid 1282] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1282] setpgid(0, 0) = 0 [pid 1282] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1282] write(3, "1000", 4) = 4 [pid 1282] close(3) = 0 [pid 1282] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1282] write(1, "executing program\n", 18) = 18 [pid 1282] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1282] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1282] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1282] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1282] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1283]}, 88) = 1283 [pid 1282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1282] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1282] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1282] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1282] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1282] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1282] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1284]}, 88) = 1284 [pid 1282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1282] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1282] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1284 attached [pid 1284] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1284] creat("./bus", 000) = 3 [pid 1284] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1282] <... futex resumed>) = 0 [pid 1282] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1282] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1284] <... futex resumed>) = 1 [pid 1284] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1284] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1282] <... futex resumed>) = 0 [pid 1282] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1282] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1284] <... futex resumed>) = 1 [pid 1284] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1284] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1282] <... futex resumed>) = 0 [pid 1282] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1282] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1284] <... futex resumed>) = 1 [pid 1284] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1284] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1282] <... futex resumed>) = 0 [pid 1284] <... futex resumed>) = 1 [pid 1284] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1283 attached [pid 1283] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1283] memfd_create("syzkaller", 0) = 5 [pid 1283] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [ 46.150622][ T1280] loop0: detected capacity change from 0 to 256 [ 46.158472][ T1280] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 46.169333][ T1280] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 46.179570][ T1280] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1283] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1283] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1283] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1283] close(5) = 0 [pid 1283] close(6) = 0 [pid 1283] mkdir("./file0", 0777) = 0 [pid 1283] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1283] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1283] chdir("./file0") = 0 [pid 1283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1283] ioctl(6, LOOP_CLR_FD) = 0 [pid 1283] close(6) = 0 [pid 1283] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1283] futex(0x7f9ba45136c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1282] exit_group(0 [pid 1284] <... futex resumed>) = ? [pid 1282] <... exit_group resumed>) = ? [pid 1284] +++ exited with 0 +++ [pid 1283] <... futex resumed>) = ? [pid 1283] +++ exited with 0 +++ [pid 1282] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1282, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./320", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./320/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./320/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./320/binderfs") = 0 umount2("./320/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./320/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./320/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./320/bus") = 0 umount2("./320/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./320/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./320/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./320/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./320/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./320") = 0 mkdir("./321", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555720a9750) = 1285 ./strace-static-x86_64: Process 1285 attached [pid 1285] set_robust_list(0x5555720a9760, 24) = 0 [pid 1285] chdir("./321") = 0 [pid 1285] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1285] setpgid(0, 0) = 0 [pid 1285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1285] write(3, "1000", 4) = 4 [pid 1285] close(3) = 0 [pid 1285] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1285] write(1, "executing program\n", 18executing program ) = 18 [pid 1285] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1285] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1285] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1285] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1285] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1285] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1286]}, 88) = 1286 [pid 1285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1285] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1285] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1285] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1285] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1285] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0}./strace-static-x86_64: Process 1286 attached => {parent_tid=[1287]}, 88) = 1287 [pid 1285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1285] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1285] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1287 attached [pid 1287] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1287] creat("./bus", 000 [pid 1286] set_robust_list(0x7f9ba44469a0, 24 [pid 1287] <... creat resumed>) = 3 [pid 1286] <... set_robust_list resumed>) = 0 [pid 1287] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1285] <... futex resumed>) = 0 [pid 1285] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1285] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] <... futex resumed>) = 1 [pid 1287] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1286] rt_sigprocmask(SIG_SETMASK, [], [pid 1287] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1285] <... futex resumed>) = 0 [pid 1285] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1285] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] <... futex resumed>) = 1 [pid 1287] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1287] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1285] <... futex resumed>) = 0 [pid 1285] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1285] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] <... futex resumed>) = 1 [pid 1287] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1287] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1285] <... futex resumed>) = 0 [pid 1287] <... futex resumed>) = 1 [pid 1287] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1286] memfd_create("syzkaller", 0) = 5 [pid 1286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1286] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1286] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 46.217055][ T1283] loop0: detected capacity change from 0 to 256 [ 46.224552][ T1283] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 46.235290][ T1283] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 46.245643][ T1283] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1286] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1286] close(5) = 0 [pid 1286] close(6) = 0 [pid 1286] mkdir("./file0", 0777) = 0 [pid 1286] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 1286] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 1286] chdir("./file0") = 0 [pid 1286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 1286] ioctl(6, LOOP_CLR_FD) = 0 [pid 1286] close(6) = 0 [pid 1286] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1285] exit_group(0 [pid 1287] <... futex resumed>) = ? [pid 1285] <... exit_group resumed>) = ? [pid 1287] +++ exited with 0 +++ [pid 1286] <... futex resumed>) = ? [pid 1286] +++ exited with 0 +++ [pid 1285] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1285, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./321", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555720aa7f0 /* 5 entries */, 32768) = 136 umount2("./321/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./321/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./321/binderfs") = 0 umount2("./321/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./321/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./321/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./321/bus") = 0 umount2("./321/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./321/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./321/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./321/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555720b2830 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555720b2830 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./321/file0") = 0 getdents64(3, 0x5555720aa7f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./321") = 0 mkdir("./322", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x5555720a9750) = 1288 ./strace-static-x86_64: Process 1288 attached [pid 1288] set_robust_list(0x5555720a9760, 24) = 0 [pid 1288] chdir("./322") = 0 [pid 1288] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1288] setpgid(0, 0) = 0 [pid 1288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1288] write(3, "1000", 4) = 4 [pid 1288] close(3) = 0 [pid 1288] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1288] write(1, "executing program\n", 18) = 18 [pid 1288] futex(0x7f9ba45136cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1288] rt_sigaction(SIGRT_1, {sa_handler=0x7f9ba44b0310, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f9ba44597e0}, NULL, 8) = 0 [pid 1288] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4426000 [pid 1288] mprotect(0x7f9ba4427000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4446990, parent_tid=0x7f9ba4446990, exit_signal=0, stack=0x7f9ba4426000, stack_size=0x20240, tls=0x7f9ba44466c0} => {parent_tid=[1289]}, 88) = 1289 [pid 1288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1288] futex(0x7f9ba45136c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1288] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f9ba4405000 [pid 1288] mprotect(0x7f9ba4406000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f9ba4425990, parent_tid=0x7f9ba4425990, exit_signal=0, stack=0x7f9ba4405000, stack_size=0x20240, tls=0x7f9ba44256c0} => {parent_tid=[1290]}, 88) = 1290 [pid 1288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1288] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1288] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1290 attached [pid 1290] set_robust_list(0x7f9ba44259a0, 24) = 0 [pid 1290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1290] creat("./bus", 000) = 3 [pid 1290] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1288] <... futex resumed>) = 0 [pid 1288] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1288] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1290] <... futex resumed>) = 1 [pid 1290] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 1290] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1288] <... futex resumed>) = 0 [pid 1288] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1288] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1290] <... futex resumed>) = 1 [pid 1290] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 1290] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1288] <... futex resumed>) = 0 [pid 1288] futex(0x7f9ba45136d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1288] futex(0x7f9ba45136dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1290] <... futex resumed>) = 1 [pid 1290] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 1290] futex(0x7f9ba45136dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1288] <... futex resumed>) = 0 [pid 1290] <... futex resumed>) = 1 [pid 1290] futex(0x7f9ba45136d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1289 attached [pid 1289] set_robust_list(0x7f9ba44469a0, 24) = 0 [pid 1289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1289] memfd_create("syzkaller", 0) = 5 [pid 1289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b9c005000 [pid 1289] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 1289] munmap(0x7f9b9c005000, 138412032) = 0 [pid 1289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 46.287702][ T1286] loop0: detected capacity change from 0 to 256 [ 46.295475][ T1286] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 46.306219][ T1286] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 46.316750][ T1286] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 1289] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 1289] close(5) = 0 [pid 1289] close(6) = 0 [pid 1289] mkdir("./file0", 0777) = 0