./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2139016276 <...> Warning: Permanently added '10.128.0.150' (ED25519) to the list of known hosts. execve("./syz-executor2139016276", ["./syz-executor2139016276"], 0x7ffc841022c0 /* 10 vars */) = 0 brk(NULL) = 0x555555f0e000 brk(0x555555f0ed00) = 0x555555f0ed00 arch_prctl(ARCH_SET_FS, 0x555555f0e380) = 0 set_tid_address(0x555555f0e650) = 5061 set_robust_list(0x555555f0e660, 24) = 0 rseq(0x555555f0eca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2139016276", 4096) = 28 getrandom("\x56\x1b\xd6\x48\xde\x97\x60\xac", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555f0ed00 brk(0x555555f2fd00) = 0x555555f2fd00 brk(0x555555f30000) = 0x555555f30000 mprotect(0x7f16a9d12000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.LtIpM2", 0700) = 0 chmod("./syzkaller.LtIpM2", 0777) = 0 chdir("./syzkaller.LtIpM2") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5062 attached , child_tidptr=0x555555f0e650) = 5062 [pid 5062] set_robust_list(0x555555f0e660, 24) = 0 [pid 5062] chdir("./0") = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] memfd_create("syzkaller", 0) = 3 [pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5062] munmap(0x7f16a185e000, 138412032) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5062] close(3) = 0 [pid 5062] mkdir("./file1", 0777) = 0 [ 72.304125][ T5062] loop0: detected capacity change from 0 to 8192 [ 72.334240][ T5062] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 72.347428][ T5062] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 72.356951][ T5062] REISERFS (device loop0): using ordered data mode [ 72.363481][ T5062] reiserfs: using flush barriers [ 72.370120][ T5062] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 72.387028][ T5062] REISERFS (device loop0): checking transaction log (loop0) [pid 5062] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5062] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5062] chdir("./file1") = 0 [pid 5062] ioctl(4, LOOP_CLR_FD) = 0 [ 72.449726][ T5062] REISERFS (device loop0): Using tea hash to sort names [ 72.458112][ T5062] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 72.471983][ T5062] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5062] close(4) = 0 [pid 5062] mkdir("./file1", 000) = 0 [pid 5062] mkdir("./file0", 000) = 0 [pid 5062] rmdir("./file1") = 0 [pid 5062] exit_group(0) = ? [pid 5062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 72.549217][ T5062] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 72.574851][ T5062] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) unlink("./0/binderfs") = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5065 attached , child_tidptr=0x555555f0e650) = 5065 [pid 5065] set_robust_list(0x555555f0e660, 24) = 0 [pid 5065] chdir("./1") = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5065] memfd_create("syzkaller", 0) = 3 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5065] munmap(0x7f16a185e000, 138412032) = 0 [pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5065] close(3) = 0 [pid 5065] mkdir("./file1", 0777) = 0 [ 72.949583][ T5065] loop0: detected capacity change from 0 to 8192 [ 72.975362][ T5065] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 72.988487][ T5065] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 72.997855][ T5065] REISERFS (device loop0): using ordered data mode [ 73.004391][ T5065] reiserfs: using flush barriers [ 73.011511][ T5065] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 73.028085][ T5065] REISERFS (device loop0): checking transaction log (loop0) [pid 5065] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5065] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] chdir("./file1") = 0 [pid 5065] ioctl(4, LOOP_CLR_FD) = 0 [pid 5065] close(4) = 0 [pid 5065] mkdir("./file1", 000) = 0 [ 73.093551][ T5065] REISERFS (device loop0): Using tea hash to sort names [ 73.100986][ T5065] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 73.115088][ T5065] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5065] mkdir("./file0", 000) = 0 [pid 5065] rmdir("./file1") = 0 [pid 5065] exit_group(0) = ? [pid 5065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 73.157360][ T5065] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 73.184066][ T5065] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5067 attached [pid 5067] set_robust_list(0x555555f0e660, 24) = 0 [pid 5067] chdir("./2" [pid 5061] <... clone resumed>, child_tidptr=0x555555f0e650) = 5067 [pid 5067] <... chdir resumed>) = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] memfd_create("syzkaller", 0) = 3 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5067] munmap(0x7f16a185e000, 138412032) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] close(3) = 0 [pid 5067] mkdir("./file1", 0777) = 0 [ 73.443883][ T5067] loop0: detected capacity change from 0 to 8192 [ 73.461092][ T5067] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 73.474132][ T5067] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 73.483401][ T5067] REISERFS (device loop0): using ordered data mode [ 73.489957][ T5067] reiserfs: using flush barriers [ 73.496392][ T5067] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 73.512958][ T5067] REISERFS (device loop0): checking transaction log (loop0) [pid 5067] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5067] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] chdir("./file1") = 0 [pid 5067] ioctl(4, LOOP_CLR_FD) = 0 [pid 5067] close(4) = 0 [pid 5067] mkdir("./file1", 000) = 0 [ 73.572954][ T5067] REISERFS (device loop0): Using tea hash to sort names [ 73.580269][ T5067] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 73.594007][ T5067] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5067] mkdir("./file0", 000) = 0 [pid 5067] rmdir("./file1") = 0 [pid 5067] exit_group(0) = ? [pid 5067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5067, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 73.661873][ T5067] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 73.689332][ T5067] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5069 attached , child_tidptr=0x555555f0e650) = 5069 [pid 5069] set_robust_list(0x555555f0e660, 24) = 0 [pid 5069] chdir("./3") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] memfd_create("syzkaller", 0) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5069] munmap(0x7f16a185e000, 138412032) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5069] close(3) = 0 [pid 5069] mkdir("./file1", 0777) = 0 [ 73.933297][ T5069] loop0: detected capacity change from 0 to 8192 [ 73.954672][ T5069] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 73.967720][ T5069] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 73.977083][ T5069] REISERFS (device loop0): using ordered data mode [ 73.983614][ T5069] reiserfs: using flush barriers [ 73.990153][ T5069] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 74.006985][ T5069] REISERFS (device loop0): checking transaction log (loop0) [pid 5069] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5069] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] chdir("./file1") = 0 [pid 5069] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] close(4) = 0 [pid 5069] mkdir("./file1", 000) = 0 [ 74.064310][ T5069] REISERFS (device loop0): Using tea hash to sort names [ 74.071691][ T5069] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 74.085452][ T5069] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5069] mkdir("./file0", 000) = 0 [pid 5069] rmdir("./file1") = 0 [pid 5069] exit_group(0) = ? [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 74.139624][ T5069] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 74.164410][ T5069] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached , child_tidptr=0x555555f0e650) = 5071 [pid 5071] set_robust_list(0x555555f0e660, 24) = 0 [pid 5071] chdir("./4") = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5071] munmap(0x7f16a185e000, 138412032) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5071] close(3) = 0 [pid 5071] mkdir("./file1", 0777) = 0 [ 74.524603][ T5071] loop0: detected capacity change from 0 to 8192 [ 74.551668][ T5071] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 74.564903][ T5071] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 74.574302][ T5071] REISERFS (device loop0): using ordered data mode [ 74.580948][ T5071] reiserfs: using flush barriers [ 74.587920][ T5071] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 74.604480][ T5071] REISERFS (device loop0): checking transaction log (loop0) [pid 5071] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5071] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5071] chdir("./file1") = 0 [pid 5071] ioctl(4, LOOP_CLR_FD) = 0 [pid 5071] close(4) = 0 [pid 5071] mkdir("./file1", 000) = 0 [ 74.659631][ T5071] REISERFS (device loop0): Using tea hash to sort names [ 74.667332][ T5071] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 74.681183][ T5071] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5071] mkdir("./file0", 000) = 0 [pid 5071] rmdir("./file1") = 0 [pid 5071] exit_group(0) = ? [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 74.734301][ T5071] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 74.769586][ T5071] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached , child_tidptr=0x555555f0e650) = 5073 [pid 5073] set_robust_list(0x555555f0e660, 24) = 0 [pid 5073] chdir("./5") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5073] munmap(0x7f16a185e000, 138412032) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./file1", 0777) = 0 [ 74.990775][ T5073] loop0: detected capacity change from 0 to 8192 [ 75.018121][ T5073] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 75.031192][ T5073] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 75.040568][ T5073] REISERFS (device loop0): using ordered data mode [ 75.047590][ T5073] reiserfs: using flush barriers [ 75.054026][ T5073] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 75.071148][ T5073] REISERFS (device loop0): checking transaction log (loop0) [pid 5073] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5073] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./file1") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] mkdir("./file1", 000) = 0 [ 75.132227][ T5073] REISERFS (device loop0): Using tea hash to sort names [ 75.139629][ T5073] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 75.154611][ T5073] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5073] mkdir("./file0", 000) = 0 [pid 5073] rmdir("./file1") = 0 [pid 5073] exit_group(0) = ? [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 75.210121][ T5073] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 75.225296][ T5073] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) unlink("./5/binderfs") = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached , child_tidptr=0x555555f0e650) = 5075 [pid 5075] set_robust_list(0x555555f0e660, 24) = 0 [pid 5075] chdir("./6") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5075] munmap(0x7f16a185e000, 138412032) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file1", 0777) = 0 [ 75.574172][ T5075] loop0: detected capacity change from 0 to 8192 [ 75.601852][ T5075] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 75.614888][ T5075] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 75.624211][ T5075] REISERFS (device loop0): using ordered data mode [ 75.630810][ T5075] reiserfs: using flush barriers [ 75.637467][ T5075] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 75.653974][ T5075] REISERFS (device loop0): checking transaction log (loop0) [pid 5075] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5075] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file1") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] mkdir("./file1", 000) = 0 [ 75.712496][ T5075] REISERFS (device loop0): Using tea hash to sort names [ 75.719839][ T5075] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 75.733590][ T5075] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5075] mkdir("./file0", 000) = 0 [pid 5075] rmdir("./file1") = 0 [pid 5075] exit_group(0) = ? [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 75.788923][ T5075] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 75.807868][ T5075] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached , child_tidptr=0x555555f0e650) = 5077 [pid 5077] set_robust_list(0x555555f0e660, 24) = 0 [pid 5077] chdir("./7") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] memfd_create("syzkaller", 0) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5077] munmap(0x7f16a185e000, 138412032) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5077] close(3) = 0 [pid 5077] mkdir("./file1", 0777) = 0 [ 76.216492][ T5077] loop0: detected capacity change from 0 to 8192 [ 76.228099][ T5077] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 76.241159][ T5077] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 76.250432][ T5077] REISERFS (device loop0): using ordered data mode [ 76.257024][ T5077] reiserfs: using flush barriers [ 76.263335][ T5077] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 76.280175][ T5077] REISERFS (device loop0): checking transaction log (loop0) [pid 5077] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5077] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5077] chdir("./file1") = 0 [pid 5077] ioctl(4, LOOP_CLR_FD) = 0 [pid 5077] close(4) = 0 [pid 5077] mkdir("./file1", 000) = 0 [ 76.338094][ T5077] REISERFS (device loop0): Using tea hash to sort names [ 76.345420][ T5077] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 76.359519][ T5077] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5077] mkdir("./file0", 000) = 0 [pid 5077] rmdir("./file1") = 0 [pid 5077] exit_group(0) = ? [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 76.400141][ T5077] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 76.427072][ T5077] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached , child_tidptr=0x555555f0e650) = 5079 [pid 5079] set_robust_list(0x555555f0e660, 24) = 0 [pid 5079] chdir("./8") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5079] munmap(0x7f16a185e000, 138412032) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./file1", 0777) = 0 [ 76.746487][ T5079] loop0: detected capacity change from 0 to 8192 [ 76.762936][ T5079] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 76.776090][ T5079] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 76.785493][ T5079] REISERFS (device loop0): using ordered data mode [ 76.792097][ T5079] reiserfs: using flush barriers [ 76.798767][ T5079] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 76.815329][ T5079] REISERFS (device loop0): checking transaction log (loop0) [pid 5079] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5079] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file1") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] mkdir("./file1", 000) = 0 [ 76.873584][ T5079] REISERFS (device loop0): Using tea hash to sort names [ 76.880982][ T5079] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 76.895211][ T5079] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5079] mkdir("./file0", 000) = 0 [pid 5079] rmdir("./file1") = 0 [pid 5079] exit_group(0) = ? [pid 5079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 76.951500][ T5079] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 76.976082][ T5079] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) unlink("./8/binderfs") = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5081 attached , child_tidptr=0x555555f0e650) = 5081 [pid 5081] set_robust_list(0x555555f0e660, 24) = 0 [pid 5081] chdir("./9") = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5081] munmap(0x7f16a185e000, 138412032) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./file1", 0777) = 0 [ 77.299519][ T5081] loop0: detected capacity change from 0 to 8192 [ 77.315879][ T5081] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 77.329144][ T5081] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 77.338398][ T5081] REISERFS (device loop0): using ordered data mode [ 77.344904][ T5081] reiserfs: using flush barriers [ 77.351388][ T5081] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 77.368023][ T5081] REISERFS (device loop0): checking transaction log (loop0) [pid 5081] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5081] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./file1") = 0 [pid 5081] ioctl(4, LOOP_CLR_FD) = 0 [pid 5081] close(4) = 0 [pid 5081] mkdir("./file1", 000) = 0 [ 77.427693][ T5081] REISERFS (device loop0): Using tea hash to sort names [ 77.435003][ T5081] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 77.448731][ T5081] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5081] mkdir("./file0", 000) = 0 [pid 5081] rmdir("./file1") = 0 [pid 5081] exit_group(0) = ? [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 77.494981][ T5081] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 77.530248][ T5081] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached , child_tidptr=0x555555f0e650) = 5083 [pid 5083] set_robust_list(0x555555f0e660, 24) = 0 [pid 5083] chdir("./10") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] memfd_create("syzkaller", 0) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5083] munmap(0x7f16a185e000, 138412032) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] mkdir("./file1", 0777) = 0 [ 77.893133][ T5083] loop0: detected capacity change from 0 to 8192 [ 77.913967][ T5083] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 77.927098][ T5083] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 77.936584][ T5083] REISERFS (device loop0): using ordered data mode [ 77.943125][ T5083] reiserfs: using flush barriers [ 77.949589][ T5083] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 77.966387][ T5083] REISERFS (device loop0): checking transaction log (loop0) [pid 5083] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5083] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] chdir("./file1") = 0 [pid 5083] ioctl(4, LOOP_CLR_FD) = 0 [pid 5083] close(4) = 0 [pid 5083] mkdir("./file1", 000) = 0 [ 78.034376][ T5083] REISERFS (device loop0): Using tea hash to sort names [ 78.041766][ T5083] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 78.055647][ T5083] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5083] mkdir("./file0", 000) = 0 [pid 5083] rmdir("./file1") = 0 [pid 5083] exit_group(0) = ? [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 78.092844][ T5083] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 78.118081][ T5083] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5085 attached , child_tidptr=0x555555f0e650) = 5085 [pid 5085] set_robust_list(0x555555f0e660, 24) = 0 [pid 5085] chdir("./11") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5085] munmap(0x7f16a185e000, 138412032) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./file1", 0777) = 0 [ 78.445881][ T5085] loop0: detected capacity change from 0 to 8192 [ 78.472289][ T5085] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 78.485379][ T5085] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 78.494716][ T5085] REISERFS (device loop0): using ordered data mode [ 78.501318][ T5085] reiserfs: using flush barriers [ 78.508227][ T5085] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 78.524787][ T5085] REISERFS (device loop0): checking transaction log (loop0) [pid 5085] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5085] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file1") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] mkdir("./file1", 000) = 0 [ 78.584409][ T5085] REISERFS (device loop0): Using tea hash to sort names [ 78.591811][ T5085] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 78.605553][ T5085] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5085] mkdir("./file0", 000) = 0 [pid 5085] rmdir("./file1") = 0 [pid 5085] exit_group(0) = ? [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 78.642166][ T5085] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 78.668417][ T5085] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x555555f0e660, 24 [pid 5061] <... clone resumed>, child_tidptr=0x555555f0e650) = 5087 [pid 5087] <... set_robust_list resumed>) = 0 [pid 5087] chdir("./12") = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5087] memfd_create("syzkaller", 0) = 3 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5087] munmap(0x7f16a185e000, 138412032) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./file1", 0777) = 0 [ 78.945400][ T5087] loop0: detected capacity change from 0 to 8192 [ 78.961115][ T5087] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 78.974352][ T5087] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 78.983695][ T5087] REISERFS (device loop0): using ordered data mode [ 78.990704][ T5087] reiserfs: using flush barriers [ 78.997461][ T5087] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 79.014120][ T5087] REISERFS (device loop0): checking transaction log (loop0) [pid 5087] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5087] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5087] chdir("./file1") = 0 [pid 5087] ioctl(4, LOOP_CLR_FD) = 0 [pid 5087] close(4) = 0 [pid 5087] mkdir("./file1", 000) = 0 [ 79.077647][ T5087] REISERFS (device loop0): Using tea hash to sort names [ 79.085031][ T5087] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 79.099230][ T5087] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5087] mkdir("./file0", 000) = 0 [pid 5087] rmdir("./file1") = 0 [pid 5087] exit_group(0) = ? [pid 5087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 79.134342][ T5087] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 79.149057][ T5087] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached , child_tidptr=0x555555f0e650) = 5089 [pid 5089] set_robust_list(0x555555f0e660, 24) = 0 [pid 5089] chdir("./13") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] memfd_create("syzkaller", 0) = 3 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5089] munmap(0x7f16a185e000, 138412032) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5089] close(3) = 0 [pid 5089] mkdir("./file1", 0777) = 0 [ 79.518563][ T5089] loop0: detected capacity change from 0 to 8192 [ 79.546601][ T5089] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 79.559685][ T5089] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 79.569270][ T5089] REISERFS (device loop0): using ordered data mode [ 79.575829][ T5089] reiserfs: using flush barriers [ 79.582398][ T5089] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 79.599027][ T5089] REISERFS (device loop0): checking transaction log (loop0) [pid 5089] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5089] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5089] chdir("./file1") = 0 [pid 5089] ioctl(4, LOOP_CLR_FD) = 0 [pid 5089] close(4) = 0 [ 79.659844][ T5089] REISERFS (device loop0): Using tea hash to sort names [ 79.667231][ T5089] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 79.681172][ T5089] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5089] mkdir("./file1", 000) = 0 [pid 5089] mkdir("./file0", 000) = 0 [pid 5089] rmdir("./file1") = 0 [pid 5089] exit_group(0) = ? [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 79.758384][ T5089] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 79.780071][ T5089] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached , child_tidptr=0x555555f0e650) = 5091 [pid 5091] set_robust_list(0x555555f0e660, 24) = 0 [pid 5091] chdir("./14") = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5091] munmap(0x7f16a185e000, 138412032) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./file1", 0777) = 0 [ 80.138034][ T5091] loop0: detected capacity change from 0 to 8192 [ 80.158869][ T5091] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 80.172052][ T5091] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 80.181342][ T5091] REISERFS (device loop0): using ordered data mode [ 80.187915][ T5091] reiserfs: using flush barriers [ 80.194382][ T5091] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 80.211110][ T5091] REISERFS (device loop0): checking transaction log (loop0) [pid 5091] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5091] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./file1") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] mkdir("./file1", 000) = 0 [ 80.270125][ T5091] REISERFS (device loop0): Using tea hash to sort names [ 80.277706][ T5091] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 80.291707][ T5091] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5091] mkdir("./file0", 000) = 0 [pid 5091] rmdir("./file1") = 0 [pid 5091] exit_group(0) = ? [pid 5091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 80.330746][ T5091] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 80.346871][ T5091] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5093 attached , child_tidptr=0x555555f0e650) = 5093 [pid 5093] set_robust_list(0x555555f0e660, 24) = 0 [pid 5093] chdir("./15") = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5093] memfd_create("syzkaller", 0) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5093] munmap(0x7f16a185e000, 138412032) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] mkdir("./file1", 0777) = 0 [ 80.592429][ T5093] loop0: detected capacity change from 0 to 8192 [ 80.608151][ T5093] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 80.621251][ T5093] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 80.630567][ T5093] REISERFS (device loop0): using ordered data mode [ 80.637130][ T5093] reiserfs: using flush barriers [ 80.643514][ T5093] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 80.660854][ T5093] REISERFS (device loop0): checking transaction log (loop0) [pid 5093] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5093] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./file1") = 0 [pid 5093] ioctl(4, LOOP_CLR_FD) = 0 [pid 5093] close(4) = 0 [pid 5093] mkdir("./file1", 000) = 0 [ 80.723184][ T5093] REISERFS (device loop0): Using tea hash to sort names [ 80.730610][ T5093] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 80.744359][ T5093] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5093] mkdir("./file0", 000) = 0 [pid 5093] rmdir("./file1") = 0 [pid 5093] exit_group(0) = ? [pid 5093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 80.797616][ T5093] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 80.820163][ T5093] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0e650) = 5095 ./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x555555f0e660, 24) = 0 [pid 5095] chdir("./16") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] memfd_create("syzkaller", 0) = 3 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5095] munmap(0x7f16a185e000, 138412032) = 0 [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5095] close(3) = 0 [pid 5095] mkdir("./file1", 0777) = 0 [ 81.140790][ T5095] loop0: detected capacity change from 0 to 8192 [ 81.167311][ T5095] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 81.180427][ T5095] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 81.189720][ T5095] REISERFS (device loop0): using ordered data mode [ 81.196242][ T5095] reiserfs: using flush barriers [ 81.202840][ T5095] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 81.219400][ T5095] REISERFS (device loop0): checking transaction log (loop0) [pid 5095] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5095] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5095] chdir("./file1") = 0 [pid 5095] ioctl(4, LOOP_CLR_FD) = 0 [pid 5095] close(4) = 0 [pid 5095] mkdir("./file1", 000) = 0 [ 81.277180][ T5095] REISERFS (device loop0): Using tea hash to sort names [ 81.284500][ T5095] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 81.298330][ T5095] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5095] mkdir("./file0", 000) = 0 [pid 5095] rmdir("./file1") = 0 [pid 5095] exit_group(0) = ? [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 81.330569][ T5095] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 81.354262][ T5095] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5097 attached [pid 5097] set_robust_list(0x555555f0e660, 24) = 0 [pid 5097] chdir("./17" [pid 5061] <... clone resumed>, child_tidptr=0x555555f0e650) = 5097 [pid 5097] <... chdir resumed>) = 0 [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5097] setpgid(0, 0) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5097] write(3, "1000", 4) = 4 [pid 5097] close(3) = 0 [pid 5097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5097] memfd_create("syzkaller", 0) = 3 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5097] munmap(0x7f16a185e000, 138412032) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5097] close(3) = 0 [pid 5097] mkdir("./file1", 0777) = 0 [ 81.691315][ T5097] loop0: detected capacity change from 0 to 8192 [ 81.707670][ T5097] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 81.720782][ T5097] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 81.730247][ T5097] REISERFS (device loop0): using ordered data mode [ 81.737116][ T5097] reiserfs: using flush barriers [ 81.744176][ T5097] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 81.761084][ T5097] REISERFS (device loop0): checking transaction log (loop0) [pid 5097] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5097] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./file1") = 0 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [pid 5097] mkdir("./file1", 000) = 0 [ 81.835992][ T5097] REISERFS (device loop0): Using tea hash to sort names [ 81.843591][ T5097] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 81.857394][ T5097] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5097] mkdir("./file0", 000) = 0 [ 81.889631][ T5097] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [pid 5097] rmdir("./file1") = 0 [pid 5097] exit_group(0) = ? [pid 5097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 81.926987][ T5097] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f0e650) = 5099 ./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x555555f0e660, 24) = 0 [pid 5099] chdir("./18") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] memfd_create("syzkaller", 0) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5099] munmap(0x7f16a185e000, 138412032) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] mkdir("./file1", 0777) = 0 [ 82.237700][ T5099] loop0: detected capacity change from 0 to 8192 [ 82.272871][ T5099] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 82.285986][ T5099] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 82.295640][ T5099] REISERFS (device loop0): using ordered data mode [ 82.302269][ T5099] reiserfs: using flush barriers [ 82.308893][ T5099] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 82.325450][ T5099] REISERFS (device loop0): checking transaction log (loop0) [pid 5099] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5099] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./file1") = 0 [pid 5099] ioctl(4, LOOP_CLR_FD) = 0 [pid 5099] close(4) = 0 [pid 5099] mkdir("./file1", 000) = 0 [ 82.386904][ T5099] REISERFS (device loop0): Using tea hash to sort names [ 82.394246][ T5099] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 82.408468][ T5099] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5099] mkdir("./file0", 000) = 0 [pid 5099] rmdir("./file1") = 0 [pid 5099] exit_group(0) = ? [pid 5099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 82.472491][ T5099] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 82.487529][ T5099] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5101 attached , child_tidptr=0x555555f0e650) = 5101 [pid 5101] set_robust_list(0x555555f0e660, 24) = 0 [pid 5101] chdir("./19") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] memfd_create("syzkaller", 0) = 3 [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5101] munmap(0x7f16a185e000, 138412032) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5101] close(3) = 0 [pid 5101] mkdir("./file1", 0777) = 0 [ 82.833033][ T5101] loop0: detected capacity change from 0 to 8192 [ 82.854979][ T5101] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 82.868412][ T5101] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 82.878339][ T5101] REISERFS (device loop0): using ordered data mode [ 82.885263][ T5101] reiserfs: using flush barriers [ 82.892063][ T5101] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 82.908627][ T5101] REISERFS (device loop0): checking transaction log (loop0) [pid 5101] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5101] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5101] chdir("./file1") = 0 [pid 5101] ioctl(4, LOOP_CLR_FD) = 0 [pid 5101] close(4) = 0 [pid 5101] mkdir("./file1", 000) = 0 [ 82.967704][ T5101] REISERFS (device loop0): Using tea hash to sort names [ 82.975039][ T5101] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 82.988807][ T5101] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5101] mkdir("./file0", 000) = 0 [pid 5101] rmdir("./file1") = 0 [pid 5101] exit_group(0) = ? [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 83.057507][ T5101] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 83.075655][ T5101] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5103 attached , child_tidptr=0x555555f0e650) = 5103 [pid 5103] set_robust_list(0x555555f0e660, 24) = 0 [pid 5103] chdir("./20") = 0 [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5103] setpgid(0, 0) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5103] write(3, "1000", 4) = 4 [pid 5103] close(3) = 0 [pid 5103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5103] memfd_create("syzkaller", 0) = 3 [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5103] munmap(0x7f16a185e000, 138412032) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5103] close(3) = 0 [pid 5103] mkdir("./file1", 0777) = 0 [ 83.416774][ T5103] loop0: detected capacity change from 0 to 8192 [ 83.427377][ T5103] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 83.440818][ T5103] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 83.450451][ T5103] REISERFS (device loop0): using ordered data mode [ 83.457025][ T5103] reiserfs: using flush barriers [ 83.463444][ T5103] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 83.480226][ T5103] REISERFS (device loop0): checking transaction log (loop0) [pid 5103] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5103] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5103] chdir("./file1") = 0 [pid 5103] ioctl(4, LOOP_CLR_FD) = 0 [pid 5103] close(4) = 0 [ 83.542586][ T5103] REISERFS (device loop0): Using tea hash to sort names [ 83.549963][ T5103] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 83.563707][ T5103] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5103] mkdir("./file1", 000) = 0 [pid 5103] mkdir("./file0", 000) = 0 [pid 5103] rmdir("./file1") = 0 [pid 5103] exit_group(0) = ? [pid 5103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555555f0f6f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 83.600194][ T5103] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 83.624983][ T5103] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555555f17730 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555f17730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x555555f0f6f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5105 attached , child_tidptr=0x555555f0e650) = 5105 [pid 5105] set_robust_list(0x555555f0e660, 24) = 0 [pid 5105] chdir("./21") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] memfd_create("syzkaller", 0) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16a185e000 [pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5105] munmap(0x7f16a185e000, 138412032) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] mkdir("./file1", 0777) = 0 [ 83.894706][ T5105] loop0: detected capacity change from 0 to 8192 [ 83.910849][ T5105] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 83.923885][ T5105] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 83.933354][ T5105] REISERFS (device loop0): using ordered data mode [ 83.939959][ T5105] reiserfs: using flush barriers [ 83.946553][ T5105] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 83.963157][ T5105] REISERFS (device loop0): checking transaction log (loop0) [pid 5105] mount("/dev/loop0", "./file1", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0 [pid 5105] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file1") = 0 [pid 5105] ioctl(4, LOOP_CLR_FD) = 0 [pid 5105] close(4) = 0 [pid 5105] mkdir("./file1", 000) = 0 [ 84.023187][ T5105] REISERFS (device loop0): Using tea hash to sort names [ 84.030727][ T5105] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 84.044866][ T5105] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5105] mkdir("./file0", 000) = 0 [ 84.087719][ T5105] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 84.113256][ T5105] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 84.128258][ T5105] ================================================================== [ 84.136347][ T5105] BUG: KASAN: use-after-free in reiserfs_release_objectid+0x510/0x770 [ 84.144639][ T5105] Read of size 7172 at addr ffff888076522050 by task syz-executor213/5105 [ 84.153193][ T5105] [ 84.155561][ T5105] CPU: 1 PID: 5105 Comm: syz-executor213 Not tainted 6.7.0-rc2-syzkaller #0 [ 84.164330][ T5105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 84.174503][ T5105] Call Trace: [ 84.177791][ T5105] [ 84.180742][ T5105] dump_stack_lvl+0x1e7/0x2d0 [ 84.185450][ T5105] ? nf_tcp_handle_invalid+0x650/0x650 [ 84.190926][ T5105] ? panic+0x850/0x850 [ 84.195014][ T5105] ? _printk+0xd5/0x120 [ 84.199187][ T5105] print_report+0x163/0x540 [ 84.203711][ T5105] ? __virt_addr_valid+0x22f/0x2e0 [ 84.208847][ T5105] ? __phys_addr+0xba/0x170 [ 84.213385][ T5105] ? reiserfs_release_objectid+0x510/0x770 [ 84.220800][ T5105] kasan_report+0x142/0x170 [ 84.225335][ T5105] ? reiserfs_release_objectid+0x510/0x770 [ 84.231177][ T5105] kasan_check_range+0x27e/0x290 [ 84.236132][ T5105] ? reiserfs_release_objectid+0x510/0x770 [ 84.242010][ T5105] __asan_memmove+0x29/0x70 [ 84.246639][ T5105] reiserfs_release_objectid+0x510/0x770 [ 84.252365][ T5105] remove_save_link+0x357/0x540 [ 84.257332][ T5105] ? reiserfs_write_lock_nested+0x5f/0xd0 [ 84.263079][ T5105] ? add_save_link+0x7c0/0x7c0 [ 84.267862][ T5105] ? journal_end+0x20b/0x2c0 [ 84.272482][ T5105] reiserfs_evict_inode+0x362/0x470 [ 84.277712][ T5105] ? entry_points_to_object+0x6f0/0x6f0 [ 84.283278][ T5105] ? do_raw_spin_unlock+0x13b/0x8b0 [ 84.288584][ T5105] ? entry_points_to_object+0x6f0/0x6f0 [ 84.294144][ T5105] evict+0x2a4/0x630 [ 84.298065][ T5105] vfs_rmdir+0x385/0x4c0 [ 84.302327][ T5105] do_rmdir+0x3b5/0x580 [ 84.306528][ T5105] ? d_delete_notify+0x150/0x150 [ 84.311476][ T5105] ? strncpy_from_user+0x1a5/0x2e0 [ 84.316635][ T5105] __x64_sys_rmdir+0x49/0x50 [ 84.321247][ T5105] do_syscall_64+0x45/0x110 [ 84.325763][ T5105] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 84.331672][ T5105] RIP: 0033:0x7f16a9c9d129 [ 84.336099][ T5105] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 84.355716][ T5105] RSP: 002b:00007ffe9748ec38 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 84.364242][ T5105] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f16a9c9d129 [ 84.372239][ T5105] RDX: 00007f16a9c9d129 RSI: 00007f16a9c9d129 RDI: 0000000020000000 [ 84.380231][ T5105] RBP: 0000000000000004 R08: 000000000000800c R09: 000000000000800c [ 84.388233][ T5105] R10: 000000000000800c R11: 0000000000000246 R12: 00007ffe9748ec80 [ 84.396250][ T5105] R13: 00007ffe9748ecc0 R14: 0000000000400000 R15: 0000000000000003 [ 84.404251][ T5105] [ 84.407275][ T5105] [ 84.409600][ T5105] The buggy address belongs to the physical page: [ 84.416134][ T5105] page:ffffea0001d94880 refcount:2 mapcount:0 mapping:ffff88801b2ac1f8 index:0x10 pfn:0x76522 [ 84.426383][ T5105] memcg:ffff888016262000 [ 84.430631][ T5105] aops:def_blk_aops ino:700000 [ 84.435417][ T5105] flags: 0xfff0000002812c(referenced|uptodate|lru|active|private|mappedtodisk|node=0|zone=1|lastcpupid=0x7ff) [ 84.447057][ T5105] page_type: 0xffffffff() [ 84.451488][ T5105] raw: 00fff0000002812c ffffea0001d94848 ffffea000070f4c8 ffff88801b2ac1f8 [ 84.460075][ T5105] raw: 0000000000000010 ffff888079b9dae0 00000002ffffffff ffff888016262000 [ 84.468654][ T5105] page dumped because: kasan: bad access detected [ 84.475064][ T5105] page_owner tracks the page as allocated [ 84.480773][ T5105] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5105, tgid 5105 (syz-executor213), ts 83910640952, free_ts 83673623680 [ 84.501368][ T5105] post_alloc_hook+0x1e6/0x210 [ 84.506161][ T5105] get_page_from_freelist+0x33ea/0x3570 [ 84.511716][ T5105] __alloc_pages+0x255/0x680 [ 84.516323][ T5105] alloc_pages_mpol+0x3de/0x640 [ 84.521175][ T5105] folio_alloc+0x12a/0x330 [ 84.525591][ T5105] filemap_alloc_folio+0xde/0x500 [ 84.530621][ T5105] __filemap_get_folio+0x431/0xbb0 [ 84.535764][ T5105] bdev_getblk+0x246/0x6d0 [ 84.540184][ T5105] __bread_gfp+0xaf/0x430 [ 84.544517][ T5105] read_super_block+0x91/0x800 [ 84.549295][ T5105] reiserfs_fill_super+0x912/0x2620 [ 84.554504][ T5105] mount_bdev+0x237/0x300 [ 84.558838][ T5105] legacy_get_tree+0xef/0x190 [ 84.563524][ T5105] vfs_get_tree+0x8c/0x2a0 [ 84.567947][ T5105] do_new_mount+0x28f/0xae0 [ 84.572452][ T5105] __se_sys_mount+0x2d9/0x3c0 [ 84.577136][ T5105] page last free stack trace: [ 84.581808][ T5105] free_unref_page_prepare+0x931/0xa60 [ 84.587293][ T5105] free_unref_page_list+0x5a0/0x840 [ 84.592496][ T5105] release_pages+0x2117/0x2400 [ 84.597271][ T5105] __folio_batch_release+0x84/0x100 [ 84.602476][ T5105] truncate_inode_pages_range+0x457/0xf70 [ 84.608205][ T5105] blkdev_flush_mapping+0x15c/0x2b0 [ 84.613408][ T5105] blkdev_put+0x4a9/0x770 [ 84.617739][ T5105] bdev_release+0x57/0x70 [ 84.622075][ T5105] deactivate_locked_super+0xc1/0x130 [ 84.627446][ T5105] cleanup_mnt+0x426/0x4c0 [ 84.631865][ T5105] task_work_run+0x24a/0x300 [ 84.636460][ T5105] ptrace_notify+0x2cd/0x380 [ 84.641059][ T5105] syscall_exit_to_user_mode+0x168/0x2a0 [ 84.646702][ T5105] do_syscall_64+0x52/0x110 [ 84.651210][ T5105] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 84.657112][ T5105] [ 84.659433][ T5105] Memory state around the buggy address: [ 84.665059][ T5105] ffff888076522f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 84.673123][ T5105] ffff888076522f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 84.681195][ T5105] >ffff888076523000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 84.689252][ T5105] ^ [ 84.693321][ T5105] ffff888076523080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 84.701404][ T5105] ffff888076523100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 84.709466][ T5105] ================================================================== [ 84.718265][ T5105] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 84.725521][ T5105] CPU: 1 PID: 5105 Comm: syz-executor213 Not tainted 6.7.0-rc2-syzkaller #0 [ 84.734213][ T5105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 84.744275][ T5105] Call Trace: [ 84.747561][ T5105] [ 84.750495][ T5105] dump_stack_lvl+0x1e7/0x2d0 [ 84.755186][ T5105] ? nf_tcp_handle_invalid+0x650/0x650 [ 84.760650][ T5105] ? panic+0x850/0x850 [ 84.764758][ T5105] ? vscnprintf+0x5d/0x80 [ 84.769090][ T5105] panic+0x349/0x850 [ 84.772995][ T5105] ? check_panic_on_warn+0x21/0xa0 [ 84.778118][ T5105] ? __memcpy_flushcache+0x2b0/0x2b0 [ 84.783418][ T5105] ? _raw_spin_unlock_irqrestore+0x12c/0x140 [ 84.789430][ T5105] ? _raw_spin_unlock+0x40/0x40 [ 84.794294][ T5105] ? print_report+0x4fb/0x540 [ 84.798989][ T5105] check_panic_on_warn+0x82/0xa0 [ 84.803931][ T5105] ? reiserfs_release_objectid+0x510/0x770 [ 84.809752][ T5105] end_report+0x6e/0x140 [ 84.814001][ T5105] kasan_report+0x153/0x170 [ 84.818537][ T5105] ? reiserfs_release_objectid+0x510/0x770 [ 84.824363][ T5105] kasan_check_range+0x27e/0x290 [ 84.829308][ T5105] ? reiserfs_release_objectid+0x510/0x770 [ 84.835128][ T5105] __asan_memmove+0x29/0x70 [ 84.839646][ T5105] reiserfs_release_objectid+0x510/0x770 [ 84.845299][ T5105] remove_save_link+0x357/0x540 [ 84.850164][ T5105] ? reiserfs_write_lock_nested+0x5f/0xd0 [ 84.855895][ T5105] ? add_save_link+0x7c0/0x7c0 [ 84.860936][ T5105] ? journal_end+0x20b/0x2c0 [ 84.865532][ T5105] reiserfs_evict_inode+0x362/0x470 [ 84.870764][ T5105] ? entry_points_to_object+0x6f0/0x6f0 [ 84.876330][ T5105] ? do_raw_spin_unlock+0x13b/0x8b0 [ 84.881547][ T5105] ? entry_points_to_object+0x6f0/0x6f0 [ 84.887117][ T5105] evict+0x2a4/0x630 [ 84.891026][ T5105] vfs_rmdir+0x385/0x4c0 [ 84.895278][ T5105] do_rmdir+0x3b5/0x580 [ 84.899444][ T5105] ? d_delete_notify+0x150/0x150 [ 84.904475][ T5105] ? strncpy_from_user+0x1a5/0x2e0 [ 84.909604][ T5105] __x64_sys_rmdir+0x49/0x50 [ 84.914286][ T5105] do_syscall_64+0x45/0x110 [ 84.918800][ T5105] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 84.924702][ T5105] RIP: 0033:0x7f16a9c9d129 [ 84.929121][ T5105] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 84.948768][ T5105] RSP: 002b:00007ffe9748ec38 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 84.957294][ T5105] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f16a9c9d129 [ 84.965278][ T5105] RDX: 00007f16a9c9d129 RSI: 00007f16a9c9d129 RDI: 0000000020000000 [ 84.973250][ T5105] RBP: 0000000000000004 R08: 000000000000800c R09: 000000000000800c [ 84.981220][ T5105] R10: 000000000000800c R11: 0000000000000246 R12: 00007ffe9748ec80 [ 84.989214][ T5105] R13: 00007ffe9748ecc0 R14: 0000000000400000 R15: 0000000000000003 [ 84.997191][ T5105] [ 85.000599][ T5105] Kernel Offset: disabled [ 85.004943][ T5105] Rebooting in 86400 seconds.. [pid 5105] rmdir("./file1"