./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor986512944 <...> DUID 00:04:ab:21:30:2a:f6:ad:63:06:1d:ce:9a:68:94:64:4e:95 forked to background, child pid 4669 [ 21.625578][ T4670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.637635][ T4670] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts. execve("./syz-executor986512944", ["./syz-executor986512944"], 0x7ffdf598c420 /* 10 vars */) = 0 brk(NULL) = 0x555556dfa000 brk(0x555556dfac40) = 0x555556dfac40 arch_prctl(ARCH_SET_FS, 0x555556dfa300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556dfa5d0) = 5000 set_robust_list(0x555556dfa5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fcf057814f0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fcf05781bc0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fcf05781590, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcf05781bc0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor986512944", 4096) = 27 brk(0x555556e1bc40) = 0x555556e1bc40 brk(0x555556e1c000) = 0x555556e1c000 mprotect(0x7fcf05844000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5000 mkdir("./syzkaller.XtG7pi", 0700) = 0 chmod("./syzkaller.XtG7pi", 0777) = 0 chdir("./syzkaller.XtG7pi") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556dfa5d0) = 5002 ./strace-static-x86_64: Process 5002 attached [pid 5002] set_robust_list(0x555556dfa5e0, 24) = 0 [pid 5002] chdir("./0") = 0 [pid 5002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5002] setpgid(0, 0) = 0 [pid 5002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5002] write(3, "1000", 4) = 4 [pid 5002] close(3) = 0 [pid 5002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5002] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf05750000 [pid 5002] mprotect(0x7fcf05751000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5002] clone(child_stack=0x7fcf057703f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5003 attached , parent_tid=[5003], tls=0x7fcf05770700, child_tidptr=0x7fcf057709d0) = 5003 [pid 5002] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5003] set_robust_list(0x7fcf057709e0, 24 [pid 5002] <... futex resumed>) = 0 [pid 5003] <... set_robust_list resumed>) = 0 [pid 5002] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5003] memfd_create("syzkaller", 0) = 3 [pid 5003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcefd350000 [pid 5003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5003] munmap(0x7fcefd350000, 4194304) = 0 [pid 5003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5003] close(3) = 0 [pid 5003] mkdir("./file0", 0777) = 0 syzkaller login: [ 45.071892][ T5003] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5003 'syz-executor986' [ 45.110502][ T5003] loop0: detected capacity change from 0 to 8192 [ 45.121061][ T5003] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 45.134086][ T5003] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 45.143457][ T5003] REISERFS (device loop0): using ordered data mode [ 45.150032][ T5003] reiserfs: using flush barriers [ 45.155801][ T5003] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 45.172219][ T5003] REISERFS (device loop0): checking transaction log (loop0) [ 45.203823][ T5003] REISERFS (device loop0): Using r5 hash to sort names [ 45.210846][ T5003] REISERFS (device loop0): using 3.5.x disk format [pid 5003] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5003] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5003] chdir("./file0") = 0 [pid 5003] ioctl(4, LOOP_CLR_FD) = 0 [pid 5003] close(4) = 0 [pid 5003] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = 0 [pid 5002] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] <... futex resumed>) = 1 [pid 5002] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5003] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = 0 [pid 5002] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] <... futex resumed>) = 1 [pid 5003] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5003] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = 0 [pid 5002] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] <... futex resumed>) = 1 [pid 5003] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5003] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = 0 [pid 5002] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5003] <... futex resumed>) = 1 [pid 5002] <... mmap resumed>) = 0x7fcefd72f000 [pid 5003] ftruncate(4, 3976 [pid 5002] mprotect(0x7fcefd730000, 131072, PROT_READ|PROT_WRITE [pid 5003] <... ftruncate resumed>) = 0 [pid 5002] <... mprotect resumed>) = 0 [pid 5002] clone(child_stack=0x7fcefd74f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5003] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5005 attached [pid 5005] set_robust_list(0x7fcefd74f9e0, 24) = 0 [pid 5005] futex(0x7fcf0584a7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5002] <... clone resumed>, parent_tid=[5005], tls=0x7fcefd74f700, child_tidptr=0x7fcefd74f9d0) = 5005 [pid 5002] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5002] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5005] ftruncate(4, 3617) = 0 [pid 5005] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5002] <... futex resumed>) = 0 [pid 5002] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5003] <... futex resumed>) = 0 [pid 5002] <... futex resumed>) = 1 [pid 5002] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5003] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 6 [pid 5003] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5002] <... futex resumed>) = 0 [pid 5003] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5002] exit_group(0) = ? [pid 5003] <... futex resumed>) = ? [pid 5003] +++ exited with 0 +++ [pid 5005] +++ exited with 0 +++ [pid 5002] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5002, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [ 45.218055][ T5003] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556dfb620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e03660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e03660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556dfb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556dfa5d0) = 5006 ./strace-static-x86_64: Process 5006 attached [pid 5006] set_robust_list(0x555556dfa5e0, 24) = 0 [pid 5006] chdir("./1") = 0 [pid 5006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5006] setpgid(0, 0) = 0 [pid 5006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5006] write(3, "1000", 4) = 4 [pid 5006] close(3) = 0 [pid 5006] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5006] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf05750000 [pid 5006] mprotect(0x7fcf05751000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5006] clone(child_stack=0x7fcf057703f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5007 attached , parent_tid=[5007], tls=0x7fcf05770700, child_tidptr=0x7fcf057709d0) = 5007 [pid 5007] set_robust_list(0x7fcf057709e0, 24) = 0 [pid 5007] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5007] <... futex resumed>) = 0 [pid 5007] memfd_create("syzkaller", 0 [pid 5006] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5007] <... memfd_create resumed>) = 3 [pid 5007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcefd350000 [pid 5007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5007] munmap(0x7fcefd350000, 4194304) = 0 [pid 5007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5007] close(3) = 0 [pid 5007] mkdir("./file0", 0777) = 0 [ 45.379436][ T5007] loop0: detected capacity change from 0 to 8192 [ 45.389937][ T5007] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 45.402960][ T5007] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 45.412400][ T5007] REISERFS (device loop0): using ordered data mode [ 45.418970][ T5007] reiserfs: using flush barriers [ 45.424420][ T5007] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 45.440744][ T5007] REISERFS (device loop0): checking transaction log (loop0) [pid 5007] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5007] chdir("./file0") = 0 [pid 5007] ioctl(4, LOOP_CLR_FD) = 0 [pid 5007] close(4) = 0 [pid 5007] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... futex resumed>) = 0 [pid 5006] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... futex resumed>) = 1 [pid 5007] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5007] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... futex resumed>) = 0 [pid 5007] <... futex resumed>) = 1 [pid 5006] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191 [pid 5006] <... futex resumed>) = 0 [pid 5006] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... write resumed>) = 65191 [pid 5007] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... futex resumed>) = 0 [pid 5006] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... futex resumed>) = 1 [pid 5007] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5007] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5006] <... futex resumed>) = 0 [pid 5006] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcefd72f000 [pid 5006] mprotect(0x7fcefd730000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5006] clone(child_stack=0x7fcefd74f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5009], tls=0x7fcefd74f700, child_tidptr=0x7fcefd74f9d0) = 5009 [pid 5006] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5009 attached [pid 5009] set_robust_list(0x7fcefd74f9e0, 24) = 0 [pid 5009] ftruncate(4, 3617 [pid 5007] ftruncate(4, 3976 [pid 5009] <... ftruncate resumed>) = 0 [pid 5009] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5007] <... ftruncate resumed>) = 0 [pid 5006] <... futex resumed>) = 0 [pid 5006] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5006] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... futex resumed>) = 1 [pid 5007] <... futex resumed>) = 0 [pid 5009] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5007] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] <... open resumed>) = 6 [pid 5009] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5006] <... futex resumed>) = 0 [pid 5006] exit_group(0) = ? [pid 5009] +++ exited with 0 +++ [pid 5007] <... futex resumed>) = ? [pid 5007] +++ exited with 0 +++ [pid 5006] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5006, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556dfb620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 45.471868][ T5007] REISERFS (device loop0): Using r5 hash to sort names [ 45.478801][ T5007] REISERFS (device loop0): using 3.5.x disk format [ 45.485459][ T5007] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e03660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e03660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556dfb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5010 attached [pid 5010] set_robust_list(0x555556dfa5e0, 24) = 0 [pid 5000] <... clone resumed>, child_tidptr=0x555556dfa5d0) = 5010 [pid 5010] chdir("./2") = 0 [pid 5010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5010] setpgid(0, 0) = 0 [pid 5010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5010] write(3, "1000", 4) = 4 [pid 5010] close(3) = 0 [pid 5010] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5010] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf05750000 [pid 5010] mprotect(0x7fcf05751000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5010] clone(child_stack=0x7fcf057703f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5011 attached [pid 5011] set_robust_list(0x7fcf057709e0, 24) = 0 [pid 5011] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] <... clone resumed>, parent_tid=[5011], tls=0x7fcf05770700, child_tidptr=0x7fcf057709d0) = 5011 [pid 5010] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5011] <... futex resumed>) = 0 [pid 5010] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5011] memfd_create("syzkaller", 0) = 3 [pid 5011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcefd350000 [pid 5011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5011] munmap(0x7fcefd350000, 4194304) = 0 [pid 5011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5011] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5011] close(3) = 0 [pid 5011] mkdir("./file0", 0777) = 0 [ 45.613754][ T5011] loop0: detected capacity change from 0 to 8192 [ 45.623644][ T5011] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 45.637110][ T5011] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 45.646556][ T5011] REISERFS (device loop0): using ordered data mode [ 45.653040][ T5011] reiserfs: using flush barriers [ 45.658869][ T5011] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 45.675392][ T5011] REISERFS (device loop0): checking transaction log (loop0) [pid 5011] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5011] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5011] chdir("./file0") = 0 [pid 5011] ioctl(4, LOOP_CLR_FD) = 0 [pid 5011] close(4) = 0 [pid 5011] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5010] <... futex resumed>) = 0 [pid 5010] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5011] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... futex resumed>) = 0 [pid 5010] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... futex resumed>) = 1 [pid 5011] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5011] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5010] <... futex resumed>) = 0 [pid 5010] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5011] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5010] <... futex resumed>) = 0 [pid 5010] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcefd72f000 [pid 5011] ftruncate(4, 3976 [pid 5010] mprotect(0x7fcefd730000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5010] clone(child_stack=0x7fcefd74f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5013], tls=0x7fcefd74f700, child_tidptr=0x7fcefd74f9d0) = 5013 [pid 5010] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5013 attached [pid 5013] set_robust_list(0x7fcefd74f9e0, 24) = 0 [pid 5013] ftruncate(4, 3617) = 0 [pid 5013] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... futex resumed>) = 0 [pid 5011] <... ftruncate resumed>) = 0 [pid 5010] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5010] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5013] <... futex resumed>) = 1 [pid 5011] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5011] <... futex resumed>) = 0 [pid 5013] <... open resumed>) = 6 [pid 5013] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5013] <... futex resumed>) = 1 [pid 5010] <... futex resumed>) = 0 [pid 5010] exit_group(0) = ? [pid 5011] <... futex resumed>) = ? [pid 5011] +++ exited with 0 +++ [pid 5013] +++ exited with 0 +++ [pid 5010] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5010, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 45.706998][ T5011] REISERFS (device loop0): Using r5 hash to sort names [ 45.713870][ T5011] REISERFS (device loop0): using 3.5.x disk format [ 45.720754][ T5011] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. getdents64(3, 0x555556dfb620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e03660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e03660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556dfb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556dfa5d0) = 5014 ./strace-static-x86_64: Process 5014 attached [pid 5014] set_robust_list(0x555556dfa5e0, 24) = 0 [pid 5014] chdir("./3") = 0 [pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5014] setpgid(0, 0) = 0 [pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5014] write(3, "1000", 4) = 4 [pid 5014] close(3) = 0 [pid 5014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5014] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf05750000 [pid 5014] mprotect(0x7fcf05751000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5014] clone(child_stack=0x7fcf057703f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5015 attached , parent_tid=[5015], tls=0x7fcf05770700, child_tidptr=0x7fcf057709d0) = 5015 [pid 5015] set_robust_list(0x7fcf057709e0, 24 [pid 5014] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5015] <... set_robust_list resumed>) = 0 [pid 5015] memfd_create("syzkaller", 0) = 3 [pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcefd350000 [pid 5015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5015] munmap(0x7fcefd350000, 4194304) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5015] close(3) = 0 [pid 5015] mkdir("./file0", 0777) = 0 [ 45.840840][ T5015] loop0: detected capacity change from 0 to 8192 [ 45.850126][ T5015] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 45.863371][ T5015] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 45.872573][ T5015] REISERFS (device loop0): using ordered data mode [ 45.879090][ T5015] reiserfs: using flush barriers [ 45.884568][ T5015] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 45.900965][ T5015] REISERFS (device loop0): checking transaction log (loop0) [pid 5015] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5015] chdir("./file0") = 0 [pid 5015] ioctl(4, LOOP_CLR_FD) = 0 [pid 5015] close(4) = 0 [pid 5015] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5015] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5014] <... futex resumed>) = 0 [pid 5015] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5014] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] <... openat resumed>) = 4 [pid 5015] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5015] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5014] <... futex resumed>) = 0 [pid 5015] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191 [pid 5014] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] <... write resumed>) = 65191 [pid 5015] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5015] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5014] <... futex resumed>) = 0 [pid 5015] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5014] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] <... openat resumed>) = 5 [pid 5015] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5015] ftruncate(4, 3976 [pid 5014] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... ftruncate resumed>) = 0 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5015] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... mmap resumed>) = 0x7fcefd72f000 [pid 5015] <... futex resumed>) = 0 [pid 5014] mprotect(0x7fcefd730000, 131072, PROT_READ|PROT_WRITE [pid 5015] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] <... mprotect resumed>) = 0 [pid 5014] clone(child_stack=0x7fcefd74f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5017 attached , parent_tid=[5017], tls=0x7fcefd74f700, child_tidptr=0x7fcefd74f9d0) = 5017 [pid 5014] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5017] set_robust_list(0x7fcefd74f9e0, 24 [pid 5014] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] <... set_robust_list resumed>) = 0 [pid 5017] ftruncate(4, 3617) = 0 [pid 5017] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] futex(0x7fcf0584a7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] <... futex resumed>) = 0 [pid 5015] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 6 [pid 5015] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5014] <... futex resumed>) = 0 [pid 5014] exit_group(0) = ? [pid 5017] <... futex resumed>) = ? [pid 5017] +++ exited with 0 +++ [ 45.932866][ T5015] REISERFS (device loop0): Using r5 hash to sort names [ 45.939811][ T5015] REISERFS (device loop0): using 3.5.x disk format [ 45.946794][ T5015] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5015] +++ exited with 0 +++ [pid 5014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556dfb620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e03660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e03660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556dfb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5018 attached , child_tidptr=0x555556dfa5d0) = 5018 [pid 5018] set_robust_list(0x555556dfa5e0, 24) = 0 [pid 5018] chdir("./4") = 0 [pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5018] setpgid(0, 0) = 0 [pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5018] write(3, "1000", 4) = 4 [pid 5018] close(3) = 0 [pid 5018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5018] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf05750000 [pid 5018] mprotect(0x7fcf05751000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5018] clone(child_stack=0x7fcf057703f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5019 attached , parent_tid=[5019], tls=0x7fcf05770700, child_tidptr=0x7fcf057709d0) = 5019 [pid 5019] set_robust_list(0x7fcf057709e0, 24) = 0 [pid 5018] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5019] memfd_create("syzkaller", 0) = 3 [pid 5019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcefd350000 [pid 5019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5019] munmap(0x7fcefd350000, 4194304) = 0 [pid 5019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5019] close(3) = 0 [pid 5019] mkdir("./file0", 0777) = 0 [ 46.075831][ T5019] loop0: detected capacity change from 0 to 8192 [ 46.085214][ T5019] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 46.098256][ T5019] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 46.107635][ T5019] REISERFS (device loop0): using ordered data mode [ 46.114354][ T5019] reiserfs: using flush barriers [ 46.120220][ T5019] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 46.136622][ T5019] REISERFS (device loop0): checking transaction log (loop0) [pid 5019] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5019] chdir("./file0") = 0 [pid 5019] ioctl(4, LOOP_CLR_FD) = 0 [pid 5019] close(4) = 0 [pid 5019] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5019] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5018] <... futex resumed>) = 0 [pid 5019] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5018] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] <... openat resumed>) = 4 [pid 5019] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5019] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5018] <... futex resumed>) = 0 [pid 5019] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191 [pid 5018] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] <... write resumed>) = 65191 [pid 5019] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] <... futex resumed>) = 1 [pid 5019] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5019] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcefd72f000 [pid 5018] mprotect(0x7fcefd730000, 131072, PROT_READ|PROT_WRITE [pid 5019] ftruncate(4, 3976 [pid 5018] <... mprotect resumed>) = 0 [pid 5018] clone(child_stack=0x7fcefd74f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5021], tls=0x7fcefd74f700, child_tidptr=0x7fcefd74f9d0) = 5021 [pid 5018] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5021 attached [pid 5021] set_robust_list(0x7fcefd74f9e0, 24) = 0 [pid 5021] ftruncate(4, 3617) = 0 [pid 5021] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5021] <... futex resumed>) = 1 [pid 5021] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5019] <... ftruncate resumed>) = 0 [pid 5019] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] <... open resumed>) = 6 [pid 5021] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = 0 [pid 5018] exit_group(0) = ? [pid 5019] <... futex resumed>) = ? [pid 5021] <... futex resumed>) = ? [pid 5021] +++ exited with 0 +++ [pid 5019] +++ exited with 0 +++ [pid 5018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556dfb620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 46.167469][ T5019] REISERFS (device loop0): Using r5 hash to sort names [ 46.174330][ T5019] REISERFS (device loop0): using 3.5.x disk format [ 46.181172][ T5019] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e03660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e03660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556dfb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5022 attached [pid 5022] set_robust_list(0x555556dfa5e0, 24) = 0 [pid 5000] <... clone resumed>, child_tidptr=0x555556dfa5d0) = 5022 [pid 5022] chdir("./5") = 0 [pid 5022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5022] setpgid(0, 0) = 0 [pid 5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5022] write(3, "1000", 4) = 4 [pid 5022] close(3) = 0 [pid 5022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5022] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf05750000 [pid 5022] mprotect(0x7fcf05751000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5022] clone(child_stack=0x7fcf057703f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5023], tls=0x7fcf05770700, child_tidptr=0x7fcf057709d0) = 5023 [pid 5022] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5023 attached [pid 5023] set_robust_list(0x7fcf057709e0, 24) = 0 [pid 5023] memfd_create("syzkaller", 0) = 3 [pid 5023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcefd350000 [pid 5023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5023] munmap(0x7fcefd350000, 4194304) = 0 [pid 5023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5023] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5023] close(3) = 0 [pid 5023] mkdir("./file0", 0777) = 0 [ 46.294790][ T5023] loop0: detected capacity change from 0 to 8192 [ 46.304522][ T5023] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 46.317531][ T5023] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 46.326780][ T5023] REISERFS (device loop0): using ordered data mode [ 46.333293][ T5023] reiserfs: using flush barriers [ 46.339020][ T5023] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 46.355346][ T5023] REISERFS (device loop0): checking transaction log (loop0) [pid 5023] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5023] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5023] chdir("./file0") = 0 [pid 5023] ioctl(4, LOOP_CLR_FD) = 0 [pid 5023] close(4) = 0 [pid 5023] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... futex resumed>) = 0 [pid 5022] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... futex resumed>) = 1 [pid 5023] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5023] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... futex resumed>) = 0 [pid 5022] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... futex resumed>) = 1 [pid 5023] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5023] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... futex resumed>) = 0 [pid 5022] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... futex resumed>) = 1 [pid 5023] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5023] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... futex resumed>) = 0 [pid 5022] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcefd72f000 [pid 5022] mprotect(0x7fcefd730000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5022] clone(child_stack=0x7fcefd74f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5025], tls=0x7fcefd74f700, child_tidptr=0x7fcefd74f9d0) = 5025 [pid 5022] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5022] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... futex resumed>) = 1 [pid 5023] ftruncate(4, 3976) = 0 [pid 5023] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5023] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5025 attached [pid 5025] set_robust_list(0x7fcefd74f9e0, 24) = 0 [pid 5025] ftruncate(4, 3617) = 0 [pid 5025] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5022] <... futex resumed>) = 0 [pid 5022] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5022] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... futex resumed>) = 0 [pid 5023] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5025] futex(0x7fcf0584a7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5023] <... open resumed>) = 6 [pid 5023] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] <... futex resumed>) = 0 [pid 5022] exit_group(0) = ? [pid 5023] <... futex resumed>) = ? [pid 5023] +++ exited with 0 +++ [pid 5025] <... futex resumed>) = ? [pid 5025] +++ exited with 0 +++ [pid 5022] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5022, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556dfb620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 46.386927][ T5023] REISERFS (device loop0): Using r5 hash to sort names [ 46.393808][ T5023] REISERFS (device loop0): using 3.5.x disk format [ 46.400701][ T5023] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e03660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e03660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556dfb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556dfa5d0) = 5026 ./strace-static-x86_64: Process 5026 attached [pid 5026] set_robust_list(0x555556dfa5e0, 24) = 0 [pid 5026] chdir("./6") = 0 [pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5026] setpgid(0, 0) = 0 [pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5026] write(3, "1000", 4) = 4 [pid 5026] close(3) = 0 [pid 5026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5026] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf05750000 [pid 5026] mprotect(0x7fcf05751000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5026] clone(child_stack=0x7fcf057703f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5027 attached , parent_tid=[5027], tls=0x7fcf05770700, child_tidptr=0x7fcf057709d0) = 5027 [pid 5027] set_robust_list(0x7fcf057709e0, 24) = 0 [pid 5027] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5027] <... futex resumed>) = 0 [pid 5027] memfd_create("syzkaller", 0 [pid 5026] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5027] <... memfd_create resumed>) = 3 [pid 5027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcefd350000 [pid 5027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5027] munmap(0x7fcefd350000, 4194304) = 0 [pid 5027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5027] close(3) = 0 [pid 5027] mkdir("./file0", 0777) = 0 [ 46.518137][ T5027] loop0: detected capacity change from 0 to 8192 [ 46.527135][ T5027] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 46.540166][ T5027] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 46.549453][ T5027] REISERFS (device loop0): using ordered data mode [ 46.555976][ T5027] reiserfs: using flush barriers [ 46.561616][ T5027] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 46.577933][ T5027] REISERFS (device loop0): checking transaction log (loop0) [pid 5027] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5027] chdir("./file0") = 0 [pid 5027] ioctl(4, LOOP_CLR_FD) = 0 [pid 5027] close(4) = 0 [pid 5027] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5027] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5026] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... openat resumed>) = 4 [pid 5027] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5027] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5026] <... futex resumed>) = 0 [pid 5027] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191 [pid 5026] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... write resumed>) = 65191 [pid 5027] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... futex resumed>) = 1 [pid 5027] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5027] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5026] <... futex resumed>) = 0 [pid 5026] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcefd72f000 [pid 5026] mprotect(0x7fcefd730000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5026] clone(child_stack=0x7fcefd74f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5029], tls=0x7fcefd74f700, child_tidptr=0x7fcefd74f9d0) = 5029 [pid 5026] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5026] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... futex resumed>) = 1 ./strace-static-x86_64: Process 5029 attached [pid 5027] ftruncate(4, 3976 [pid 5029] set_robust_list(0x7fcefd74f9e0, 24 [pid 5027] <... ftruncate resumed>) = 0 [pid 5027] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5027] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5029] <... set_robust_list resumed>) = 0 [pid 5029] ftruncate(4, 3617) = 0 [pid 5029] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5029] futex(0x7fcf0584a7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... futex resumed>) = 0 [pid 5026] <... futex resumed>) = 1 [pid 5027] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5026] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5027] <... open resumed>) = 6 [pid 5027] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5026] <... futex resumed>) = 0 [pid 5027] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5026] exit_group(0 [pid 5029] <... futex resumed>) = ? [pid 5027] <... futex resumed>) = ? [pid 5026] <... exit_group resumed>) = ? [pid 5029] +++ exited with 0 +++ [pid 5027] +++ exited with 0 +++ [pid 5026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556dfb620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 46.609965][ T5027] REISERFS (device loop0): Using r5 hash to sort names [ 46.616840][ T5027] REISERFS (device loop0): using 3.5.x disk format [ 46.623428][ T5027] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e03660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e03660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556dfb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556dfa5d0) = 5030 ./strace-static-x86_64: Process 5030 attached [pid 5030] set_robust_list(0x555556dfa5e0, 24) = 0 [pid 5030] chdir("./7") = 0 [pid 5030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5030] setpgid(0, 0) = 0 [pid 5030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5030] write(3, "1000", 4) = 4 [pid 5030] close(3) = 0 [pid 5030] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5030] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf05750000 [pid 5030] mprotect(0x7fcf05751000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5030] clone(child_stack=0x7fcf057703f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5031], tls=0x7fcf05770700, child_tidptr=0x7fcf057709d0) = 5031 [pid 5030] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5031 attached [pid 5031] set_robust_list(0x7fcf057709e0, 24) = 0 [pid 5031] memfd_create("syzkaller", 0) = 3 [pid 5031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcefd350000 [pid 5031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5031] munmap(0x7fcefd350000, 4194304) = 0 [pid 5031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5031] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5031] close(3) = 0 [pid 5031] mkdir("./file0", 0777) = 0 [ 46.746308][ T5031] loop0: detected capacity change from 0 to 8192 [ 46.755333][ T5031] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 46.768398][ T5031] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 46.777573][ T5031] REISERFS (device loop0): using ordered data mode [ 46.784065][ T5031] reiserfs: using flush barriers [ 46.789637][ T5031] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 46.806243][ T5031] REISERFS (device loop0): checking transaction log (loop0) [ 46.836169][ T5031] REISERFS (device loop0): Using r5 hash to sort names [pid 5031] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5031] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5031] chdir("./file0") = 0 [pid 5031] ioctl(4, LOOP_CLR_FD) = 0 [pid 5031] close(4) = 0 [pid 5031] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5031] <... futex resumed>) = 1 [pid 5031] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5030] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... openat resumed>) = 4 [pid 5031] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5031] <... futex resumed>) = 1 [pid 5030] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] <... write resumed>) = 65191 [pid 5031] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5031] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5031] ftruncate(4, 3976 [pid 5030] <... mmap resumed>) = 0x7fcefd72f000 [pid 5030] mprotect(0x7fcefd730000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5030] clone(child_stack=0x7fcefd74f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5033], tls=0x7fcefd74f700, child_tidptr=0x7fcefd74f9d0) = 5033 [pid 5030] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5033 attached [pid 5033] set_robust_list(0x7fcefd74f9e0, 24) = 0 [pid 5033] ftruncate(4, 3617 [pid 5031] <... ftruncate resumed>) = 0 [pid 5033] <... ftruncate resumed>) = 0 [pid 5031] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] <... futex resumed>) = 1 [pid 5030] <... futex resumed>) = 0 [pid 5030] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=42000000} [pid 5031] <... futex resumed>) = 1 [pid 5033] futex(0x7fcf0584a7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5031] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 6 [pid 5031] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5030] <... futex resumed>) = 0 [pid 5031] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5030] exit_group(0 [pid 5033] <... futex resumed>) = ? [pid 5030] <... exit_group resumed>) = ? [pid 5031] <... futex resumed>) = ? [pid 5033] +++ exited with 0 +++ [pid 5031] +++ exited with 0 +++ [pid 5030] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5030, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556dfb620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 46.843089][ T5031] REISERFS (device loop0): using 3.5.x disk format [ 46.849813][ T5031] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e03660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e03660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555556dfb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5034 attached [pid 5034] set_robust_list(0x555556dfa5e0, 24) = 0 [pid 5000] <... clone resumed>, child_tidptr=0x555556dfa5d0) = 5034 [pid 5034] chdir("./8") = 0 [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5034] setpgid(0, 0) = 0 [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5034] write(3, "1000", 4) = 4 [pid 5034] close(3) = 0 [pid 5034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5034] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf05750000 [pid 5034] mprotect(0x7fcf05751000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5034] clone(child_stack=0x7fcf057703f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5035], tls=0x7fcf05770700, child_tidptr=0x7fcf057709d0) = 5035 [pid 5034] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5035 attached [pid 5035] set_robust_list(0x7fcf057709e0, 24) = 0 [pid 5035] memfd_create("syzkaller", 0) = 3 [pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcefd350000 [pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5035] munmap(0x7fcefd350000, 4194304) = 0 [pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5035] close(3) = 0 [pid 5035] mkdir("./file0", 0777) = 0 [ 46.974599][ T5035] loop0: detected capacity change from 0 to 8192 [ 46.984433][ T5035] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 46.997527][ T5035] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 47.006900][ T5035] REISERFS (device loop0): using ordered data mode [ 47.013407][ T5035] reiserfs: using flush barriers [ 47.019061][ T5035] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 47.035666][ T5035] REISERFS (device loop0): checking transaction log (loop0) [pid 5035] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5035] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5035] chdir("./file0") = 0 [pid 5035] ioctl(4, LOOP_CLR_FD) = 0 [pid 5035] close(4) = 0 [pid 5035] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 1 [pid 5035] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5035] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 1 [pid 5035] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5035] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 1 [pid 5035] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5035] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcefd72f000 [pid 5034] mprotect(0x7fcefd730000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5034] clone(child_stack=0x7fcefd74f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5037], tls=0x7fcefd74f700, child_tidptr=0x7fcefd74f9d0) = 5037 [pid 5034] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 1 [pid 5035] ftruncate(4, 3976) = 0 [pid 5035] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5037 attached [pid 5037] set_robust_list(0x7fcefd74f9e0, 24) = 0 [pid 5037] ftruncate(4, 3617) = 0 [pid 5037] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] <... futex resumed>) = 0 [pid 5034] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5034] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = 0 [pid 5035] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5037] futex(0x7fcf0584a7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] <... open resumed>) = 6 [pid 5035] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = 0 [pid 5034] exit_group(0) = ? [pid 5035] <... futex resumed>) = ? [pid 5037] <... futex resumed>) = ? [pid 5037] +++ exited with 0 +++ [pid 5035] +++ exited with 0 +++ [pid 5034] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5034, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556dfb620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 47.070622][ T5035] REISERFS (device loop0): Using r5 hash to sort names [ 47.077501][ T5035] REISERFS (device loop0): using 3.5.x disk format [ 47.084207][ T5035] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e03660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e03660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556dfb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5038 attached , child_tidptr=0x555556dfa5d0) = 5038 [pid 5038] set_robust_list(0x555556dfa5e0, 24) = 0 [pid 5038] chdir("./9") = 0 [pid 5038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5038] setpgid(0, 0) = 0 [pid 5038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5038] write(3, "1000", 4) = 4 [pid 5038] close(3) = 0 [pid 5038] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5038] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf05750000 [pid 5038] mprotect(0x7fcf05751000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5038] clone(child_stack=0x7fcf057703f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5039 attached , parent_tid=[5039], tls=0x7fcf05770700, child_tidptr=0x7fcf057709d0) = 5039 [pid 5039] set_robust_list(0x7fcf057709e0, 24) = 0 [pid 5039] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5038] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5039] memfd_create("syzkaller", 0) = 3 [pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcefd350000 [pid 5039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5039] munmap(0x7fcefd350000, 4194304) = 0 [pid 5039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5039] close(3) = 0 [pid 5039] mkdir("./file0", 0777) = 0 [ 47.205145][ T5039] loop0: detected capacity change from 0 to 8192 [ 47.214757][ T5039] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 47.227923][ T5039] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 47.237120][ T5039] REISERFS (device loop0): using ordered data mode [ 47.243677][ T5039] reiserfs: using flush barriers [ 47.249280][ T5039] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 47.265810][ T5039] REISERFS (device loop0): checking transaction log (loop0) [pid 5039] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5039] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5039] chdir("./file0") = 0 [pid 5039] ioctl(4, LOOP_CLR_FD) = 0 [pid 5039] close(4) = 0 [pid 5039] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5039] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5038] <... futex resumed>) = 0 [pid 5039] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5038] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... openat resumed>) = 4 [pid 5039] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5039] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191 [pid 5038] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... write resumed>) = 65191 [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] <... futex resumed>) = 1 [pid 5039] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5039] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcefd72f000 [pid 5038] mprotect(0x7fcefd730000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5038] clone(child_stack=0x7fcefd74f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5041 attached [pid 5039] ftruncate(4, 3976 [pid 5041] set_robust_list(0x7fcefd74f9e0, 24 [pid 5039] <... ftruncate resumed>) = 0 [pid 5038] <... clone resumed>, parent_tid=[5041], tls=0x7fcefd74f700, child_tidptr=0x7fcefd74f9d0) = 5041 [pid 5038] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5038] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5039] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... set_robust_list resumed>) = 0 [pid 5041] ftruncate(4, 3617) = 0 [pid 5041] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5038] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5038] <... futex resumed>) = 1 [pid 5039] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000 [pid 5038] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] futex(0x7fcf0584a7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... open resumed>) = 6 [pid 5039] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5038] <... futex resumed>) = 0 [pid 5039] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] exit_group(0 [pid 5039] <... futex resumed>) = ? [pid 5038] <... exit_group resumed>) = ? [pid 5039] +++ exited with 0 +++ [pid 5041] <... futex resumed>) = ? [pid 5041] +++ exited with 0 +++ [pid 5038] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5038, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556dfb620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 47.297231][ T5039] REISERFS (device loop0): Using r5 hash to sort names [ 47.304118][ T5039] REISERFS (device loop0): using 3.5.x disk format [ 47.310989][ T5039] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e03660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e03660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555556dfb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556dfa5d0) = 5042 ./strace-static-x86_64: Process 5042 attached [pid 5042] set_robust_list(0x555556dfa5e0, 24) = 0 [pid 5042] chdir("./10") = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5042] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf05750000 [pid 5042] mprotect(0x7fcf05751000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] clone(child_stack=0x7fcf057703f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5043 attached [pid 5043] set_robust_list(0x7fcf057709e0, 24) = 0 [pid 5043] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] <... clone resumed>, parent_tid=[5043], tls=0x7fcf05770700, child_tidptr=0x7fcf057709d0) = 5043 [pid 5042] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5042] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5043] memfd_create("syzkaller", 0) = 3 [pid 5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcefd350000 [pid 5043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5043] munmap(0x7fcefd350000, 4194304) = 0 [pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5043] close(3) = 0 [pid 5043] mkdir("./file0", 0777) = 0 [ 47.435206][ T5043] loop0: detected capacity change from 0 to 8192 [ 47.444862][ T5043] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 47.457878][ T5043] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 47.467286][ T5043] REISERFS (device loop0): using ordered data mode [ 47.473776][ T5043] reiserfs: using flush barriers [ 47.479622][ T5043] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 47.495898][ T5043] REISERFS (device loop0): checking transaction log (loop0) [pid 5043] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5043] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5043] chdir("./file0") = 0 [pid 5043] ioctl(4, LOOP_CLR_FD) = 0 [pid 5043] close(4) = 0 [pid 5043] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... futex resumed>) = 1 [pid 5043] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5043] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... futex resumed>) = 1 [pid 5043] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5043] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... futex resumed>) = 1 [pid 5043] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5043] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcefd72f000 [pid 5042] mprotect(0x7fcefd730000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] clone(child_stack=0x7fcefd74f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5045], tls=0x7fcefd74f700, child_tidptr=0x7fcefd74f9d0) = 5045 [pid 5042] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... futex resumed>) = 1 [pid 5043] ftruncate(4, 3976) = 0 [pid 5043] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7fcf0584a7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5045 attached [pid 5045] set_robust_list(0x7fcefd74f9e0, 24) = 0 [pid 5045] ftruncate(4, 3617) = 0 [pid 5045] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5045] futex(0x7fcf0584a7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] <... futex resumed>) = 0 [pid 5042] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 6 [pid 5043] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5042] exit_group(0) = ? [pid 5045] <... futex resumed>) = ? [pid 5045] +++ exited with 0 +++ [pid 5043] +++ exited with 0 +++ [pid 5042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556dfb620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 47.528610][ T5043] REISERFS (device loop0): Using r5 hash to sort names [ 47.535617][ T5043] REISERFS (device loop0): using 3.5.x disk format [ 47.543161][ T5043] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556e03660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556e03660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555556dfb620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5046 attached , child_tidptr=0x555556dfa5d0) = 5046 [pid 5046] set_robust_list(0x555556dfa5e0, 24) = 0 [pid 5046] chdir("./11") = 0 [pid 5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5046] setpgid(0, 0) = 0 [pid 5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5046] write(3, "1000", 4) = 4 [pid 5046] close(3) = 0 [pid 5046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5046] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcf05750000 [pid 5046] mprotect(0x7fcf05751000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5046] clone(child_stack=0x7fcf057703f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5047 attached [pid 5047] set_robust_list(0x7fcf057709e0, 24) = 0 [pid 5046] <... clone resumed>, parent_tid=[5047], tls=0x7fcf05770700, child_tidptr=0x7fcf057709d0) = 5047 [pid 5046] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] memfd_create("syzkaller", 0) = 3 [pid 5047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcefd350000 [pid 5046] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5047] munmap(0x7fcefd350000, 4194304) = 0 [pid 5047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5047] close(3) = 0 [pid 5047] mkdir("./file0", 0777) = 0 [ 47.665160][ T5047] loop0: detected capacity change from 0 to 8192 [ 47.675153][ T5047] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 47.688298][ T5047] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 47.697506][ T5047] REISERFS (device loop0): using ordered data mode [ 47.704002][ T5047] reiserfs: using flush barriers [ 47.709706][ T5047] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 47.726042][ T5047] REISERFS (device loop0): checking transaction log (loop0) [pid 5047] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5047] chdir("./file0") = 0 [pid 5047] ioctl(4, LOOP_CLR_FD) = 0 [pid 5047] close(4) = 0 [pid 5047] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5046] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... futex resumed>) = 1 [pid 5047] openat(AT_FDCWD, "pids.events", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5047] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5046] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... futex resumed>) = 1 [pid 5047] write(4, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5047] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5046] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7fcf0584a7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... futex resumed>) = 1 [pid 5047] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000) = 5 [pid 5047] futex(0x7fcf0584a7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5046] futex(0x7fcf0584a7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcefd72f000 [pid 5046] mprotect(0x7fcefd730000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5046] clone(child_stack=0x7fcefd74f3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5049 attached , parent_tid=[5049], tls=0x7fcefd74f700, child_tidptr=0x7fcefd74f9d0) = 5049 [pid 5046] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] set_robust_list(0x7fcefd74f9e0, 24 [pid 5046] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... set_robust_list resumed>) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5049] ftruncate(4, 3617 [pid 5047] ftruncate(4, 3976 [pid 5049] <... ftruncate resumed>) = 0 [pid 5049] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5046] futex(0x7fcf0584a7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7fcf0584a7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... futex resumed>) = 1 [pid 5049] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 6 [pid 5049] futex(0x7fcf0584a7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [ 47.758337][ T5047] REISERFS (device loop0): Using r5 hash to sort names [ 47.765201][ T5047] REISERFS (device loop0): using 3.5.x disk format [ 47.771936][ T5047] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5049] <... futex resumed>) = 1 [ 47.801106][ T5047] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2 [ 47.816542][ T5047] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 47.827109][ T5047] REISERFS (device loop0): Remounting filesystem read-only [ 47.834314][ T5047] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN [ 47.846008][ T5047] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 47.854420][ T5047] CPU: 1 PID: 5047 Comm: syz-executor986 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0 [ 47.864816][ T5047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 47.874849][ T5047] RIP: 0010:direct2indirect+0x7c8/0x10f0 [ 47.880481][ T5047] Code: 10 07 00 00 4c 89 e2 49 63 44 24 08 48 c1 ea 03 80 3c 1a 00 0f 85 04 07 00 00 4d 8b 24 24 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 0f 85 00 07 00 00 48 8d 54 40 03 49 8b 44 24 28 4c 8d [ 47.900067][ T5047] RSP: 0018:ffffc90003c7f570 EFLAGS: 00010216 [ 47.906117][ T5047] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000 [ 47.914071][ T5047] RDX: 0000000000000005 RSI: ffffffff8221f8f2 RDI: 0000000000000028 [ 47.922027][ T5047] RBP: ffffc90003c7f948 R08: 0000000000000005 R09: 0000000000000001 [ 47.929982][ T5047] R10: 00000000fffffffe R11: 0000000000000001 R12: 0000000000000000 [ 47.937935][ T5047] R13: ffffc90003c7f620 R14: ffff888074310830 R15: ffffc90003c7f660 [ 47.945896][ T5047] FS: 00007fcf05770700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 47.954814][ T5047] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 47.961412][ T5047] CR2: 00007fcefd3c4000 CR3: 0000000021b83000 CR4: 0000000000350ee0 [ 47.969389][ T5047] Call Trace: [ 47.972649][ T5047] [ 47.975561][ T5047] ? die_addr+0x3c/0xa0 [ 47.979717][ T5047] ? exc_general_protection+0x129/0x230 [ 47.985260][ T5047] ? asm_exc_general_protection+0x26/0x30 [ 47.990978][ T5047] ? direct2indirect+0x762/0x10f0 [ 47.995994][ T5047] ? direct2indirect+0x7c8/0x10f0 [ 48.001019][ T5047] ? r5_hash+0xd0/0xd0 [ 48.005083][ T5047] ? __kmem_cache_alloc_node+0x1b0/0x320 [ 48.010708][ T5047] ? reiserfs_persistent_transaction+0xc0/0x280 [ 48.016943][ T5047] ? scan_bitmap_block.constprop.0+0xfb2/0xfd0 [ 48.023096][ T5047] ? journal_begin+0x214/0x400 [ 48.027854][ T5047] reiserfs_get_block+0x366e/0x4100 [ 48.033043][ T5047] ? reiserfs_commit_write+0x6f0/0x6f0 [ 48.038488][ T5047] ? find_held_lock+0x2d/0x110 [ 48.043240][ T5047] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 48.049211][ T5047] ? __lock_acquire+0x1987/0x5f30 [ 48.054228][ T5047] ? folio_flags.constprop.0+0x53/0x150 [ 48.059764][ T5047] __block_write_begin_int+0x3bd/0x14b0 [ 48.065295][ T5047] ? reiserfs_commit_write+0x6f0/0x6f0 [ 48.070743][ T5047] ? folio_wait_stable+0x96/0xe0 [ 48.075666][ T5047] ? invalidate_bh_lrus_cpu+0x140/0x140 [ 48.081196][ T5047] ? folio_flags.constprop.0+0x53/0x150 [ 48.086742][ T5047] reiserfs_write_begin+0x36e/0xa60 [ 48.091934][ T5047] generic_cont_expand_simple+0x117/0x1f0 [ 48.097651][ T5047] ? end_bio_bh_io_sync+0x130/0x130 [ 48.102840][ T5047] ? setattr_prepare+0x140/0x9b0 [ 48.107768][ T5047] reiserfs_setattr+0x395/0x1370 [ 48.112690][ T5047] ? reiserfs_new_inode+0x2110/0x2110 [ 48.118048][ T5047] ? current_time+0x1fe/0x2c0 [ 48.122711][ T5047] ? evm_inode_setattr+0x7e/0x630 [ 48.127720][ T5047] ? from_vfsuid+0x170/0x170 [ 48.132298][ T5047] ? reiserfs_new_inode+0x2110/0x2110 [ 48.137656][ T5047] notify_change+0xb2c/0x1180 [ 48.142327][ T5047] ? do_truncate+0x143/0x200 [ 48.146929][ T5047] do_truncate+0x143/0x200 [ 48.151334][ T5047] ? file_open_root+0x460/0x460 [ 48.156171][ T5047] ? common_perm_cond+0x22f/0x830 [ 48.161191][ T5047] do_sys_ftruncate+0x53a/0x770 [ 48.166030][ T5047] do_syscall_64+0x39/0xb0 [ 48.170463][ T5047] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.176347][ T5047] RIP: 0033:0x7fcf057c4599 [ 48.180747][ T5047] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 48.200431][ T5047] RSP: 002b:00007fcf057702f8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 48.208841][ T5047] RAX: ffffffffffffffda RBX: 00007fcf0584a7a0 RCX: 00007fcf057c4599 [ 48.216802][ T5047] RDX: 00007fcf057c4599 RSI: 0000000000000f88 RDI: 0000000000000004 [ 48.224800][ T5047] RBP: 00007fcf058171b8 R08: 0000000000000000 R09: 0000000000000000 [ 48.232776][ T5047] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 48.240747][ T5047] R13: 7366726573696572 R14: 6576652e73646970 R15: 00007fcf0584a7a8 [ 48.248705][ T5047] [pid 5049] futex(0x7fcf0584a7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] exit_group(0) = ? [pid 5049] <... futex resumed>) = ? [pid 5049] +++ exited with 0 +++ [ 48.251706][ T5047] Modules linked in: [ 48.255851][ T5047] ---[ end trace 0000000000000000 ]--- [ 48.261506][ T5047] RIP: 0010:direct2indirect+0x7c8/0x10f0 [ 48.267323][ T5047] Code: 10 07 00 00 4c 89 e2 49 63 44 24 08 48 c1 ea 03 80 3c 1a 00 0f 85 04 07 00 00 4d 8b 24 24 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 1a 00 0f 85 00 07 00 00 48 8d 54 40 03 49 8b 44 24 28 4c 8d [ 48.286950][ T5047] RSP: 0018:ffffc90003c7f570 EFLAGS: 00010216 [ 48.293057][ T5047] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000 [ 48.301852][ T5047] RDX: 0000000000000005 RSI: ffffffff8221f8f2 RDI: 0000000000000028 [ 48.310112][ T5047] RBP: ffffc90003c7f948 R08: 0000000000000005 R09: 0000000000000001 [ 48.318113][ T5047] R10: 00000000fffffffe R11: 0000000000000001 R12: 0000000000000000 [ 48.326200][ T5047] R13: ffffc90003c7f620 R14: ffff888074310830 R15: ffffc90003c7f660 [ 48.334173][ T5047] FS: 00007fcf05770700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 48.343275][ T5047] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.350023][ T5047] CR2: 00007fcf05805c70 CR3: 0000000021b83000 CR4: 0000000000350ef0 [ 48.358017][ T5047] Kernel panic - not syncing: Fatal exception [ 48.364773][ T5047] Kernel Offset: disabled [ 48.369093][ T5047] Rebooting in 86400 seconds..