./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1775812264 <...> forked to background, child pid 4644 no interfaces have a carri[ 21.721023][ T4645] 8021q: adding VLAN 0 to HW filter on device bond0 er [ 21.732254][ T4645] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.117' (ECDSA) to the list of known hosts. execve("./syz-executor1775812264", ["./syz-executor1775812264"], 0x7fff5a639880 /* 10 vars */) = 0 brk(NULL) = 0x555556b14000 brk(0x555556b14c40) = 0x555556b14c40 arch_prctl(ARCH_SET_FS, 0x555556b14300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1775812264", 4096) = 28 brk(0x555556b35c40) = 0x555556b35c40 brk(0x555556b36000) = 0x555556b36000 mprotect(0x7f36786f7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5065 mkdir("./syzkaller.tErEH9", 0700) = 0 chmod("./syzkaller.tErEH9", 0777) = 0 chdir("./syzkaller.tErEH9") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b145d0) = 5067 ./strace-static-x86_64: Process 5067 attached [pid 5067] chdir("./0") = 0 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5067] setpgid(0, 0) = 0 [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5067] memfd_create("syzkaller", 0) = 3 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5067] munmap(0x7f3670239000, 4194304) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] close(3) = 0 [pid 5067] mkdir("./file0", 0777) = 0 syzkaller login: [ 38.182179][ T5067] loop0: detected capacity change from 0 to 8192 [ 38.192693][ T5067] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 38.205844][ T5067] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 38.215215][ T5067] REISERFS (device loop0): using ordered data mode [ 38.221765][ T5067] reiserfs: using flush barriers [ 38.227494][ T5067] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 38.243924][ T5067] REISERFS (device loop0): checking transaction log (loop0) [pid 5067] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] chdir("./file0") = 0 [pid 5067] ioctl(4, LOOP_CLR_FD) = 0 [pid 5067] close(4) = 0 [pid 5067] creat("./bus", 000) = 4 [pid 5067] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5067] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5067] dup2(5, 4) = 4 [pid 5067] open(".", O_RDONLY) = 6 [pid 5067] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5067] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5067] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5067] exit_group(0) = ? [pid 5067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5067, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 38.273132][ T5067] REISERFS (device loop0): Using r5 hash to sort names [ 38.280714][ T5067] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b145d0) = 5069 ./strace-static-x86_64: Process 5069 attached [pid 5069] chdir("./1") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] memfd_create("syzkaller", 0) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5069] munmap(0x7f3670239000, 4194304) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5069] close(3) = 0 [pid 5069] mkdir("./file0", 0777) = 0 [ 38.390302][ T5069] loop0: detected capacity change from 0 to 8192 [ 38.399871][ T5069] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 38.413083][ T5069] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 38.422288][ T5069] REISERFS (device loop0): using ordered data mode [ 38.428788][ T5069] reiserfs: using flush barriers [ 38.434579][ T5069] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 38.450903][ T5069] REISERFS (device loop0): checking transaction log (loop0) [pid 5069] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] chdir("./file0") = 0 [pid 5069] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] close(4) = 0 [pid 5069] creat("./bus", 000) = 4 [pid 5069] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5069] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5069] dup2(5, 4) = 4 [pid 5069] open(".", O_RDONLY) = 6 [pid 5069] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5069] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5069] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5069] exit_group(0) = ? [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 38.485434][ T5069] REISERFS (device loop0): Using r5 hash to sort names [ 38.492453][ T5069] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached , child_tidptr=0x555556b145d0) = 5071 [pid 5071] chdir("./2") = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5071] munmap(0x7f3670239000, 4194304) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5071] close(3) = 0 [pid 5071] mkdir("./file0", 0777) = 0 [ 38.600547][ T5071] loop0: detected capacity change from 0 to 8192 [ 38.610286][ T5071] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 38.623349][ T5071] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 38.632508][ T5071] REISERFS (device loop0): using ordered data mode [ 38.638998][ T5071] reiserfs: using flush barriers [ 38.644625][ T5071] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 38.660921][ T5071] REISERFS (device loop0): checking transaction log (loop0) [ 38.689501][ T5071] REISERFS (device loop0): Using r5 hash to sort names [pid 5071] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5071] chdir("./file0") = 0 [pid 5071] ioctl(4, LOOP_CLR_FD) = 0 [pid 5071] close(4) = 0 [pid 5071] creat("./bus", 000) = 4 [pid 5071] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5071] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5071] dup2(5, 4) = 4 [pid 5071] open(".", O_RDONLY) = 6 [pid 5071] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5071] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5071] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5071] exit_group(0) = ? [pid 5071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 38.696539][ T5071] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b145d0) = 5073 ./strace-static-x86_64: Process 5073 attached [pid 5073] chdir("./3") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5073] munmap(0x7f3670239000, 4194304) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./file0", 0777) = 0 [ 38.788228][ T5073] loop0: detected capacity change from 0 to 8192 [ 38.797442][ T5073] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 38.810551][ T5073] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 38.819685][ T5073] REISERFS (device loop0): using ordered data mode [ 38.826215][ T5073] reiserfs: using flush barriers [ 38.831914][ T5073] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 38.848267][ T5073] REISERFS (device loop0): checking transaction log (loop0) [pid 5073] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./file0") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] creat("./bus", 000) = 4 [pid 5073] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5073] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5073] dup2(5, 4) = 4 [pid 5073] open(".", O_RDONLY) = 6 [pid 5073] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5073] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5073] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5073] exit_group(0) = ? [pid 5073] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 38.882421][ T5073] REISERFS (device loop0): Using r5 hash to sort names [ 38.889545][ T5073] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b145d0) = 5075 ./strace-static-x86_64: Process 5075 attached [pid 5075] chdir("./4") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5075] munmap(0x7f3670239000, 4194304) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file0", 0777) = 0 [ 38.994826][ T5075] loop0: detected capacity change from 0 to 8192 [ 39.004155][ T5075] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 39.017403][ T5075] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 39.026568][ T5075] REISERFS (device loop0): using ordered data mode [ 39.033094][ T5075] reiserfs: using flush barriers [ 39.038543][ T5075] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 39.054973][ T5075] REISERFS (device loop0): checking transaction log (loop0) [ 39.083501][ T5075] REISERFS (device loop0): Using r5 hash to sort names [pid 5075] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file0") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] creat("./bus", 000) = 4 [pid 5075] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5075] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5075] dup2(5, 4) = 4 [pid 5075] open(".", O_RDONLY) = 6 [pid 5075] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5075] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5075] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5075] exit_group(0) = ? [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 39.090583][ T5075] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b145d0) = 5077 ./strace-static-x86_64: Process 5077 attached [pid 5077] chdir("./5") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] memfd_create("syzkaller", 0) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5077] munmap(0x7f3670239000, 4194304) = 0 [pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5077] close(3) = 0 [pid 5077] mkdir("./file0", 0777) = 0 [ 39.197389][ T5077] loop0: detected capacity change from 0 to 8192 [ 39.205998][ T5077] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 39.219030][ T5077] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 39.228212][ T5077] REISERFS (device loop0): using ordered data mode [ 39.234745][ T5077] reiserfs: using flush barriers [ 39.240231][ T5077] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 39.256553][ T5077] REISERFS (device loop0): checking transaction log (loop0) [ 39.284686][ T5077] REISERFS (device loop0): Using r5 hash to sort names [pid 5077] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5077] chdir("./file0") = 0 [pid 5077] ioctl(4, LOOP_CLR_FD) = 0 [pid 5077] close(4) = 0 [pid 5077] creat("./bus", 000) = 4 [pid 5077] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5077] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5077] dup2(5, 4) = 4 [pid 5077] open(".", O_RDONLY) = 6 [pid 5077] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5077] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5077] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5077] exit_group(0) = ? [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 39.291678][ T5077] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b145d0) = 5079 ./strace-static-x86_64: Process 5079 attached [pid 5079] chdir("./6") = 0 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5079] setpgid(0, 0) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5079] write(3, "1000", 4) = 4 [pid 5079] close(3) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5079] munmap(0x7f3670239000, 4194304) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./file0", 0777) = 0 [ 39.388316][ T5079] loop0: detected capacity change from 0 to 8192 [ 39.397082][ T5079] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 39.410108][ T5079] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 39.419337][ T5079] REISERFS (device loop0): using ordered data mode [ 39.425904][ T5079] reiserfs: using flush barriers [ 39.431352][ T5079] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 39.447773][ T5079] REISERFS (device loop0): checking transaction log (loop0) [pid 5079] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file0") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] creat("./bus", 000) = 4 [pid 5079] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5079] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5079] dup2(5, 4) = 4 [pid 5079] open(".", O_RDONLY) = 6 [pid 5079] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5079] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5079] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5079] exit_group(0) = ? [pid 5079] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 [ 39.480789][ T5079] REISERFS (device loop0): Using r5 hash to sort names [ 39.487936][ T5079] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b145d0) = 5081 ./strace-static-x86_64: Process 5081 attached [pid 5081] chdir("./7") = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5081] munmap(0x7f3670239000, 4194304) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./file0", 0777) = 0 [ 39.579540][ T5081] loop0: detected capacity change from 0 to 8192 [ 39.588385][ T5081] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 39.601408][ T5081] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 39.610614][ T5081] REISERFS (device loop0): using ordered data mode [ 39.617107][ T5081] reiserfs: using flush barriers [ 39.622709][ T5081] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 39.639087][ T5081] REISERFS (device loop0): checking transaction log (loop0) [pid 5081] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./file0") = 0 [pid 5081] ioctl(4, LOOP_CLR_FD) = 0 [pid 5081] close(4) = 0 [pid 5081] creat("./bus", 000) = 4 [pid 5081] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5081] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5081] dup2(5, 4) = 4 [pid 5081] open(".", O_RDONLY) = 6 [pid 5081] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5081] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5081] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5081] exit_group(0) = ? [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 39.673450][ T5081] REISERFS (device loop0): Using r5 hash to sort names [ 39.680681][ T5081] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached , child_tidptr=0x555556b145d0) = 5083 [pid 5083] chdir("./8") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] memfd_create("syzkaller", 0) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5083] munmap(0x7f3670239000, 4194304) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] mkdir("./file0", 0777) = 0 [ 39.795083][ T5083] loop0: detected capacity change from 0 to 8192 [ 39.804212][ T5083] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 39.817371][ T5083] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 39.826580][ T5083] REISERFS (device loop0): using ordered data mode [ 39.833098][ T5083] reiserfs: using flush barriers [ 39.838539][ T5083] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 39.854861][ T5083] REISERFS (device loop0): checking transaction log (loop0) [ 39.883502][ T5083] REISERFS (device loop0): Using r5 hash to sort names [pid 5083] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] chdir("./file0") = 0 [pid 5083] ioctl(4, LOOP_CLR_FD) = 0 [pid 5083] close(4) = 0 [pid 5083] creat("./bus", 000) = 4 [pid 5083] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5083] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5083] dup2(5, 4) = 4 [pid 5083] open(".", O_RDONLY) = 6 [pid 5083] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5083] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5083] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5083] exit_group(0) = ? [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 39.890574][ T5083] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5085 attached [pid 5085] chdir("./9") = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] <... clone resumed>, child_tidptr=0x555556b145d0) = 5085 [pid 5085] <... prctl resumed>) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5085] munmap(0x7f3670239000, 4194304) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./file0", 0777) = 0 [ 39.988815][ T5085] loop0: detected capacity change from 0 to 8192 [ 39.997503][ T5085] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 40.010488][ T5085] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 40.019622][ T5085] REISERFS (device loop0): using ordered data mode [ 40.026247][ T5085] reiserfs: using flush barriers [ 40.031761][ T5085] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 40.048080][ T5085] REISERFS (device loop0): checking transaction log (loop0) [ 40.076447][ T5085] REISERFS (device loop0): Using r5 hash to sort names [pid 5085] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file0") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] creat("./bus", 000) = 4 [pid 5085] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5085] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5085] dup2(5, 4) = 4 [pid 5085] open(".", O_RDONLY) = 6 [pid 5085] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5085] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5085] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5085] exit_group(0) = ? [pid 5085] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 40.083429][ T5085] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b145d0) = 5087 ./strace-static-x86_64: Process 5087 attached [pid 5087] chdir("./10") = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5087] memfd_create("syzkaller", 0) = 3 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5087] munmap(0x7f3670239000, 4194304) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./file0", 0777) = 0 [ 40.181758][ T5087] loop0: detected capacity change from 0 to 8192 [ 40.191004][ T5087] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 40.204067][ T5087] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 40.213372][ T5087] REISERFS (device loop0): using ordered data mode [ 40.220007][ T5087] reiserfs: using flush barriers [ 40.225790][ T5087] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 40.242000][ T5087] REISERFS (device loop0): checking transaction log (loop0) [pid 5087] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5087] chdir("./file0") = 0 [pid 5087] ioctl(4, LOOP_CLR_FD) = 0 [pid 5087] close(4) = 0 [pid 5087] creat("./bus", 000) = 4 [pid 5087] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5087] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5087] dup2(5, 4) = 4 [pid 5087] open(".", O_RDONLY) = 6 [pid 5087] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5087] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5087] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5087] exit_group(0) = ? [pid 5087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 40.275334][ T5087] REISERFS (device loop0): Using r5 hash to sort names [ 40.282383][ T5087] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b145d0) = 5089 ./strace-static-x86_64: Process 5089 attached [pid 5089] chdir("./11") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] memfd_create("syzkaller", 0) = 3 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5089] munmap(0x7f3670239000, 4194304) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5089] close(3) = 0 [pid 5089] mkdir("./file0", 0777) = 0 [ 40.382646][ T5089] loop0: detected capacity change from 0 to 8192 [ 40.392156][ T5089] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 40.405192][ T5089] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 40.414415][ T5089] REISERFS (device loop0): using ordered data mode [ 40.420928][ T5089] reiserfs: using flush barriers [ 40.426365][ T5089] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 40.443170][ T5089] REISERFS (device loop0): checking transaction log (loop0) [pid 5089] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5089] chdir("./file0") = 0 [pid 5089] ioctl(4, LOOP_CLR_FD) = 0 [pid 5089] close(4) = 0 [pid 5089] creat("./bus", 000) = 4 [pid 5089] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5089] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5089] dup2(5, 4) = 4 [pid 5089] open(".", O_RDONLY) = 6 [pid 5089] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5089] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5089] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5089] exit_group(0) = ? [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 [ 40.477380][ T5089] REISERFS (device loop0): Using r5 hash to sort names [ 40.484482][ T5089] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b145d0) = 5091 ./strace-static-x86_64: Process 5091 attached [pid 5091] chdir("./12") = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5091] munmap(0x7f3670239000, 4194304) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./file0", 0777) = 0 [ 40.582008][ T5091] loop0: detected capacity change from 0 to 8192 [ 40.590533][ T5091] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 40.603607][ T5091] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 40.612800][ T5091] REISERFS (device loop0): using ordered data mode [ 40.619293][ T5091] reiserfs: using flush barriers [ 40.624795][ T5091] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 40.641004][ T5091] REISERFS (device loop0): checking transaction log (loop0) [ 40.669268][ T5091] REISERFS (device loop0): Using r5 hash to sort names [pid 5091] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./file0") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] creat("./bus", 000) = 4 [pid 5091] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5091] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5091] dup2(5, 4) = 4 [pid 5091] open(".", O_RDONLY) = 6 [pid 5091] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5091] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5091] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5091] exit_group(0) = ? [pid 5091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 40.676635][ T5091] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b145d0) = 5093 ./strace-static-x86_64: Process 5093 attached [pid 5093] chdir("./13") = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5093] memfd_create("syzkaller", 0) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5093] munmap(0x7f3670239000, 4194304) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] mkdir("./file0", 0777) = 0 [ 40.788641][ T5093] loop0: detected capacity change from 0 to 8192 [ 40.797777][ T5093] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 40.810865][ T5093] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 40.820029][ T5093] REISERFS (device loop0): using ordered data mode [ 40.826553][ T5093] reiserfs: using flush barriers [ 40.831987][ T5093] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 40.848421][ T5093] REISERFS (device loop0): checking transaction log (loop0) [ 40.876476][ T5093] REISERFS (device loop0): Using r5 hash to sort names [pid 5093] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./file0") = 0 [pid 5093] ioctl(4, LOOP_CLR_FD) = 0 [pid 5093] close(4) = 0 [pid 5093] creat("./bus", 000) = 4 [pid 5093] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5093] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5093] dup2(5, 4) = 4 [pid 5093] open(".", O_RDONLY) = 6 [pid 5093] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5093] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5093] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5093] exit_group(0) = ? [pid 5093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 40.883459][ T5093] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached , child_tidptr=0x555556b145d0) = 5095 [pid 5095] chdir("./14") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] memfd_create("syzkaller", 0) = 3 [pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5095] munmap(0x7f3670239000, 4194304) = 0 [pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5095] close(3) = 0 [pid 5095] mkdir("./file0", 0777) = 0 [ 40.983261][ T5095] loop0: detected capacity change from 0 to 8192 [ 40.992109][ T5095] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 41.005178][ T5095] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 41.014481][ T5095] REISERFS (device loop0): using ordered data mode [ 41.021006][ T5095] reiserfs: using flush barriers [ 41.026596][ T5095] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 41.042919][ T5095] REISERFS (device loop0): checking transaction log (loop0) [pid 5095] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5095] chdir("./file0") = 0 [pid 5095] ioctl(4, LOOP_CLR_FD) = 0 [pid 5095] close(4) = 0 [pid 5095] creat("./bus", 000) = 4 [pid 5095] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5095] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5095] dup2(5, 4) = 4 [pid 5095] open(".", O_RDONLY) = 6 [pid 5095] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5095] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5095] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5095] exit_group(0) = ? [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 41.076427][ T5095] REISERFS (device loop0): Using r5 hash to sort names [ 41.083905][ T5095] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b145d0) = 5097 ./strace-static-x86_64: Process 5097 attached [pid 5097] chdir("./15") = 0 [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5097] setpgid(0, 0) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5097] write(3, "1000", 4) = 4 [pid 5097] close(3) = 0 [pid 5097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5097] memfd_create("syzkaller", 0) = 3 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5097] munmap(0x7f3670239000, 4194304) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5097] close(3) = 0 [pid 5097] mkdir("./file0", 0777) = 0 [ 41.186593][ T5097] loop0: detected capacity change from 0 to 8192 [ 41.195305][ T5097] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 41.208315][ T5097] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 41.217530][ T5097] REISERFS (device loop0): using ordered data mode [ 41.224054][ T5097] reiserfs: using flush barriers [ 41.229490][ T5097] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 41.245849][ T5097] REISERFS (device loop0): checking transaction log (loop0) [ 41.273964][ T5097] REISERFS (device loop0): Using r5 hash to sort names [pid 5097] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./file0") = 0 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [pid 5097] creat("./bus", 000) = 4 [pid 5097] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5097] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5097] dup2(5, 4) = 4 [pid 5097] open(".", O_RDONLY) = 6 [pid 5097] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5097] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5097] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5097] exit_group(0) = ? [pid 5097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 41.280961][ T5097] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5099 attached , child_tidptr=0x555556b145d0) = 5099 [pid 5099] chdir("./16") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] memfd_create("syzkaller", 0) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5099] munmap(0x7f3670239000, 4194304) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] mkdir("./file0", 0777) = 0 [ 41.380744][ T5099] loop0: detected capacity change from 0 to 8192 [ 41.389366][ T5099] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 41.402557][ T5099] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 41.411770][ T5099] REISERFS (device loop0): using ordered data mode [ 41.418276][ T5099] reiserfs: using flush barriers [ 41.423844][ T5099] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 41.440036][ T5099] REISERFS (device loop0): checking transaction log (loop0) [pid 5099] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./file0") = 0 [pid 5099] ioctl(4, LOOP_CLR_FD) = 0 [pid 5099] close(4) = 0 [pid 5099] creat("./bus", 000) = 4 [pid 5099] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5099] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5099] dup2(5, 4) = 4 [pid 5099] open(".", O_RDONLY) = 6 [pid 5099] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5099] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [pid 5099] write(7, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191 [pid 5099] exit_group(0) = ? [pid 5099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556b15620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 41.473570][ T5099] REISERFS (device loop0): Using r5 hash to sort names [ 41.480991][ T5099] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556b1d660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556b1d660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555556b15620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b145d0) = 5101 ./strace-static-x86_64: Process 5101 attached [pid 5101] chdir("./17") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] memfd_create("syzkaller", 0) = 3 [pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3670239000 [pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5101] munmap(0x7f3670239000, 4194304) = 0 [pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5101] close(3) = 0 [pid 5101] mkdir("./file0", 0777) = 0 [ 41.581079][ T5101] loop0: detected capacity change from 0 to 8192 [ 41.590696][ T5101] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 41.603687][ T5101] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 41.613034][ T5101] REISERFS (device loop0): using ordered data mode [ 41.619612][ T5101] reiserfs: using flush barriers [ 41.625252][ T5101] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 41.641518][ T5101] REISERFS (device loop0): checking transaction log (loop0) [pid 5101] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5101] chdir("./file0") = 0 [pid 5101] ioctl(4, LOOP_CLR_FD) = 0 [pid 5101] close(4) = 0 [pid 5101] creat("./bus", 000) = 4 [pid 5101] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3281}], 2) = 3409 [pid 5101] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5 [pid 5101] dup2(5, 4) = 4 [pid 5101] open(".", O_RDONLY) = 6 [pid 5101] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5101] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 7 [ 41.675080][ T5101] REISERFS (device loop0): Using r5 hash to sort names [ 41.682114][ T5101] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 41.709549][ T5101] ================================================================== [ 41.717611][ T5101] BUG: KASAN: use-after-free in leaf_paste_in_buffer+0xa2d/0xc30 [ 41.725427][ T5101] Read of size 176 at addr ffff888074deef90 by task syz-executor177/5101 [ 41.733821][ T5101] [ 41.736128][ T5101] CPU: 1 PID: 5101 Comm: syz-executor177 Not tainted 6.2.0-rc7-syzkaller-00199-g420b2d431d18 #0 [ 41.746599][ T5101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 41.756628][ T5101] Call Trace: [ 41.759892][ T5101] [ 41.762819][ T5101] dump_stack_lvl+0xd1/0x138 [ 41.767397][ T5101] print_report+0x15e/0x45d [ 41.771890][ T5101] ? __phys_addr+0xc8/0x140 [ 41.776413][ T5101] ? leaf_paste_in_buffer+0xa2d/0xc30 [ 41.781776][ T5101] kasan_report+0xbf/0x1f0 [ 41.786173][ T5101] ? leaf_paste_in_buffer+0xa2d/0xc30 [ 41.791528][ T5101] kasan_check_range+0x141/0x190 [ 41.796532][ T5101] memcpy+0x24/0x60 [ 41.800319][ T5101] leaf_paste_in_buffer+0xa2d/0xc30 [ 41.805506][ T5101] leaf_copy_dir_entries.isra.0+0x7f3/0x980 [ 41.811390][ T5101] ? leaf_paste_entries+0x910/0x910 [ 41.816575][ T5101] ? lock_release+0x810/0x810 [ 41.821236][ T5101] leaf_move_items+0x16d2/0x3ad0 [ 41.826153][ T5101] ? rcu_read_lock_sched_held+0x3e/0x70 [ 41.831680][ T5101] ? trace_contention_end+0x153/0x1e0 [ 41.837036][ T5101] ? leaf_copy_dir_entries.isra.0+0x980/0x980 [ 41.843103][ T5101] ? __mutex_lock+0x231/0x1360 [ 41.847856][ T5101] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 41.853384][ T5101] leaf_shift_left+0xa4/0x380 [ 41.858043][ T5101] balance_leaf+0x3337/0xde40 [ 41.862720][ T5101] ? reiserfs_prepare_for_journal+0x162/0x2b0 [ 41.868778][ T5101] ? fix_nodes+0x14cf/0x8660 [ 41.873346][ T5101] ? replace_key+0x170/0x170 [ 41.877918][ T5101] do_balance+0x319/0x810 [ 41.882243][ T5101] ? get_right_neighbor_position+0x170/0x170 [ 41.888226][ T5101] ? wait_for_completion_io_timeout+0x20/0x20 [ 41.894284][ T5101] ? folio_flags.constprop.0+0x53/0x150 [ 41.899811][ T5101] reiserfs_insert_item+0xdb2/0x11b0 [ 41.905080][ T5101] ? reiserfs_paste_into_item+0x8e0/0x8e0 [ 41.910802][ T5101] ? scan_bitmap_block.constprop.0+0xfd0/0xfd0 [ 41.917121][ T5101] ? journal_begin+0x214/0x400 [ 41.921885][ T5101] reiserfs_get_block+0x1b23/0x4150 [ 41.927067][ T5101] ? reiserfs_commit_write+0x6f0/0x6f0 [ 41.932510][ T5101] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 41.938504][ T5101] ? create_page_buffers+0x440/0x640 [ 41.943787][ T5101] ? do_raw_spin_unlock+0x175/0x230 [ 41.948964][ T5101] __block_write_begin_int+0x3bd/0x14b0 [ 41.954587][ T5101] ? reiserfs_commit_write+0x6f0/0x6f0 [ 41.960043][ T5101] ? mark_held_locks+0x9f/0xe0 [ 41.964793][ T5101] ? invalidate_bh_lrus_cpu+0x140/0x140 [ 41.970336][ T5101] ? ktime_get_coarse_real_ts64+0x1bb/0x200 [ 41.976225][ T5101] ? PageHeadHuge+0x1a2/0x200 [ 41.980899][ T5101] reiserfs_write_begin+0x36e/0xa60 [ 41.986079][ T5101] generic_perform_write+0x256/0x570 [ 41.991344][ T5101] ? folio_add_wait_queue+0x1c0/0x1c0 [ 41.996694][ T5101] ? new_inode+0x280/0x280 [ 42.001095][ T5101] ? generic_write_checks+0x2c0/0x400 [ 42.006448][ T5101] __generic_file_write_iter+0x2ae/0x500 [ 42.012063][ T5101] generic_file_write_iter+0xe3/0x350 [ 42.017419][ T5101] vfs_write+0x9ed/0xdd0 [ 42.021673][ T5101] ? kernel_write+0x630/0x630 [ 42.026336][ T5101] ? find_held_lock+0x2d/0x110 [ 42.031087][ T5101] ? lock_downgrade+0x6e0/0x6e0 [ 42.035919][ T5101] ? __fget_light+0x20a/0x270 [ 42.040574][ T5101] ksys_write+0x12b/0x250 [ 42.044884][ T5101] ? __ia32_sys_read+0xb0/0xb0 [ 42.049624][ T5101] ? lockdep_hardirqs_on+0x7d/0x100 [ 42.054805][ T5101] ? _raw_spin_unlock_irq+0x2e/0x50 [ 42.059983][ T5101] ? ptrace_notify+0xfe/0x140 [ 42.064641][ T5101] do_syscall_64+0x39/0xb0 [ 42.069039][ T5101] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.074933][ T5101] RIP: 0033:0x7f3678686ae9 [ 42.079337][ T5101] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 42.098931][ T5101] RSP: 002b:00007ffc9dfa2828 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 42.107333][ T5101] RAX: ffffffffffffffda RBX: 000000000000a16e RCX: 00007f3678686ae9 [ 42.115281][ T5101] RDX: 000000000000fea7 RSI: 0000000020000280 RDI: 0000000000000007 [ 42.123246][ T5101] RBP: 0000000000000000 R08: 0000000000000014 R09: 00007ffc9dfa2850 [ 42.131217][ T5101] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc9dfa284c [ 42.139190][ T5101] R13: 00007ffc9dfa2880 R14: 00007ffc9dfa2860 R15: 0000000000000011 [ 42.147143][ T5101] [ 42.150141][ T5101] [ 42.152441][ T5101] The buggy address belongs to the physical page: [ 42.159001][ T5101] page:ffffea0001d37b80 refcount:4 mapcount:0 mapping:ffff8880128e49f8 index:0x214 pfn:0x74dee [ 42.169296][ T5101] memcg:ffff888140140000 [ 42.173604][ T5101] aops:def_blk_aops ino:700000 [ 42.178359][ T5101] flags: 0xfff00000002012(referenced|lru|private|node=0|zone=1|lastcpupid=0x7ff) [ 42.187530][ T5101] raw: 00fff00000002012 ffffea0001d37b08 ffff8880124c4020 ffff8880128e49f8 [ 42.196089][ T5101] raw: 0000000000000214 ffff88807446f2b8 00000004ffffffff ffff888140140000 [ 42.204650][ T5101] page dumped because: kasan: bad access detected [ 42.211052][ T5101] page_owner tracks the page as allocated [ 42.216752][ T5101] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5101, tgid 5101 (syz-executor177), ts 41708765700, free_ts 41535316353 [ 42.237386][ T5101] get_page_from_freelist+0x119c/0x2ce0 [ 42.242912][ T5101] __alloc_pages+0x1cb/0x5b0 [ 42.247569][ T5101] alloc_pages+0x1aa/0x270 [ 42.251962][ T5101] folio_alloc+0x20/0x70 [ 42.256191][ T5101] filemap_alloc_folio+0x362/0x450 [ 42.261305][ T5101] __filemap_get_folio+0x32c/0xd80 [ 42.266498][ T5101] pagecache_get_page+0x2e/0x280 [ 42.271419][ T5101] __getblk_slow+0x1f4/0x1030 [ 42.276071][ T5101] __getblk_gfp+0x72/0x80 [ 42.280386][ T5101] get_empty_nodes+0x519/0x7d0 [ 42.285143][ T5101] fix_nodes+0x1c21/0x8660 [ 42.289534][ T5101] reiserfs_insert_item+0x7fc/0x11b0 [ 42.294799][ T5101] reiserfs_new_inode+0xe55/0x2190 [ 42.299897][ T5101] reiserfs_create+0x351/0x730 [ 42.304638][ T5101] lookup_open.isra.0+0xee7/0x1270 [ 42.309730][ T5101] path_openat+0x975/0x2a50 [ 42.314219][ T5101] page last free stack trace: [ 42.318877][ T5101] free_pcp_prepare+0x65c/0xc00 [ 42.323709][ T5101] free_unref_page_list+0x176/0xcd0 [ 42.328888][ T5101] release_pages+0xcb1/0x1330 [ 42.333549][ T5101] __pagevec_release+0x77/0xe0 [ 42.338307][ T5101] shmem_undo_range+0x595/0x1340 [ 42.343220][ T5101] shmem_evict_inode+0x32f/0xb60 [ 42.348138][ T5101] evict+0x2ed/0x6b0 [ 42.352013][ T5101] iput.part.0+0x59b/0x880 [ 42.356410][ T5101] iput+0x5c/0x80 [ 42.360043][ T5101] dentry_unlink_inode+0x2b1/0x460 [ 42.365132][ T5101] __dentry_kill+0x3c0/0x640 [ 42.369709][ T5101] dput+0x80a/0xdb0 [ 42.373526][ T5101] __fput+0x3cc/0xa90 [ 42.377517][ T5101] task_work_run+0x16f/0x270 [ 42.382104][ T5101] ptrace_notify+0x118/0x140 [ 42.386680][ T5101] syscall_exit_to_user_mode_prepare+0x129/0x280 [ 42.392996][ T5101] [ 42.395305][ T5101] Memory state around the buggy address: [ 42.400909][ T5101] ffff888074deef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.409036][ T5101] ffff888074deef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.417089][ T5101] >ffff888074def000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.425129][ T5101] ^ [ 42.429188][ T5101] ffff888074def080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.437238][ T5101] ffff888074def100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.445271][ T5101] ================================================================== [ 42.453571][ T5101] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 42.460754][ T5101] CPU: 1 PID: 5101 Comm: syz-executor177 Not tainted 6.2.0-rc7-syzkaller-00199-g420b2d431d18 #0 [ 42.471235][ T5101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 42.481286][ T5101] Call Trace: [ 42.484547][ T5101] [ 42.487461][ T5101] dump_stack_lvl+0xd1/0x138 [ 42.492040][ T5101] panic+0x2cc/0x626 [ 42.495918][ T5101] ? panic_print_sys_info.part.0+0x110/0x110 [ 42.501886][ T5101] ? preempt_schedule_thunk+0x1a/0x20 [ 42.507254][ T5101] ? preempt_schedule_common+0x59/0xc0 [ 42.512707][ T5101] check_panic_on_warn.cold+0x19/0x35 [ 42.518073][ T5101] end_report.part.0+0x36/0x73 [ 42.522838][ T5101] ? leaf_paste_in_buffer+0xa2d/0xc30 [ 42.528196][ T5101] kasan_report.cold+0xa/0xf [ 42.532776][ T5101] ? leaf_paste_in_buffer+0xa2d/0xc30 [ 42.538136][ T5101] kasan_check_range+0x141/0x190 [ 42.543098][ T5101] memcpy+0x24/0x60 [ 42.546890][ T5101] leaf_paste_in_buffer+0xa2d/0xc30 [ 42.552105][ T5101] leaf_copy_dir_entries.isra.0+0x7f3/0x980 [ 42.558005][ T5101] ? leaf_paste_entries+0x910/0x910 [ 42.563198][ T5101] ? lock_release+0x810/0x810 [ 42.567870][ T5101] leaf_move_items+0x16d2/0x3ad0 [ 42.572798][ T5101] ? rcu_read_lock_sched_held+0x3e/0x70 [ 42.578334][ T5101] ? trace_contention_end+0x153/0x1e0 [ 42.583698][ T5101] ? leaf_copy_dir_entries.isra.0+0x980/0x980 [ 42.589751][ T5101] ? __mutex_lock+0x231/0x1360 [ 42.594512][ T5101] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 42.600049][ T5101] leaf_shift_left+0xa4/0x380 [ 42.604714][ T5101] balance_leaf+0x3337/0xde40 [ 42.609481][ T5101] ? reiserfs_prepare_for_journal+0x162/0x2b0 [ 42.615541][ T5101] ? fix_nodes+0x14cf/0x8660 [ 42.620116][ T5101] ? replace_key+0x170/0x170 [ 42.624698][ T5101] do_balance+0x319/0x810 [ 42.629022][ T5101] ? get_right_neighbor_position+0x170/0x170 [ 42.634991][ T5101] ? wait_for_completion_io_timeout+0x20/0x20 [ 42.641062][ T5101] ? folio_flags.constprop.0+0x53/0x150 [ 42.646627][ T5101] reiserfs_insert_item+0xdb2/0x11b0 [ 42.651904][ T5101] ? reiserfs_paste_into_item+0x8e0/0x8e0 [ 42.657630][ T5101] ? scan_bitmap_block.constprop.0+0xfd0/0xfd0 [ 42.663779][ T5101] ? journal_begin+0x214/0x400 [ 42.668532][ T5101] reiserfs_get_block+0x1b23/0x4150 [ 42.673720][ T5101] ? reiserfs_commit_write+0x6f0/0x6f0 [ 42.679161][ T5101] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 42.685226][ T5101] ? create_page_buffers+0x440/0x640 [ 42.690502][ T5101] ? do_raw_spin_unlock+0x175/0x230 [ 42.695685][ T5101] __block_write_begin_int+0x3bd/0x14b0 [ 42.701219][ T5101] ? reiserfs_commit_write+0x6f0/0x6f0 [ 42.706661][ T5101] ? mark_held_locks+0x9f/0xe0 [ 42.711418][ T5101] ? invalidate_bh_lrus_cpu+0x140/0x140 [ 42.716955][ T5101] ? ktime_get_coarse_real_ts64+0x1bb/0x200 [ 42.722842][ T5101] ? PageHeadHuge+0x1a2/0x200 [ 42.727509][ T5101] reiserfs_write_begin+0x36e/0xa60 [ 42.732693][ T5101] generic_perform_write+0x256/0x570 [ 42.737966][ T5101] ? folio_add_wait_queue+0x1c0/0x1c0 [ 42.743323][ T5101] ? new_inode+0x280/0x280 [ 42.747728][ T5101] ? generic_write_checks+0x2c0/0x400 [ 42.753093][ T5101] __generic_file_write_iter+0x2ae/0x500 [ 42.758713][ T5101] generic_file_write_iter+0xe3/0x350 [ 42.764074][ T5101] vfs_write+0x9ed/0xdd0 [ 42.768326][ T5101] ? kernel_write+0x630/0x630 [ 42.772989][ T5101] ? find_held_lock+0x2d/0x110 [ 42.777745][ T5101] ? lock_downgrade+0x6e0/0x6e0 [ 42.782589][ T5101] ? __fget_light+0x20a/0x270 [ 42.787251][ T5101] ksys_write+0x12b/0x250 [ 42.791566][ T5101] ? __ia32_sys_read+0xb0/0xb0 [ 42.796312][ T5101] ? lockdep_hardirqs_on+0x7d/0x100 [ 42.801507][ T5101] ? _raw_spin_unlock_irq+0x2e/0x50 [ 42.806688][ T5101] ? ptrace_notify+0xfe/0x140 [ 42.811350][ T5101] do_syscall_64+0x39/0xb0 [ 42.815752][ T5101] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.821643][ T5101] RIP: 0033:0x7f3678686ae9 [ 42.826128][ T5101] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 42.845721][ T5101] RSP: 002b:00007ffc9dfa2828 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 42.854207][ T5101] RAX: ffffffffffffffda RBX: 000000000000a16e RCX: 00007f3678686ae9 [ 42.862158][ T5101] RDX: 000000000000fea7 RSI: 0000000020000280 RDI: 0000000000000007 [ 42.870196][ T5101] RBP: 0000000000000000 R08: 0000000000000014 R09: 00007ffc9dfa2850 [ 42.878237][ T5101] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc9dfa284c [ 42.886279][ T5101] R13: 00007ffc9dfa2880 R14: 00007ffc9dfa2860 R15: 0000000000000011 [ 42.894324][ T5101] [ 42.898426][ T5101] Kernel Offset: disabled [ 42.902729][ T5101] Rebooting in 86400 seconds..