./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor940924120

<...>
Warning: Permanently added '10.128.1.81' (ED25519) to the list of known hosts.
execve("./syz-executor940924120", ["./syz-executor940924120"], 0x7fffac343db0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555fe2000
brk(0x555555fe2d00)                     = 0x555555fe2d00
arch_prctl(ARCH_SET_FS, 0x555555fe2380) = 0
set_tid_address(0x555555fe2650)         = 5054
set_robust_list(0x555555fe2660, 24)     = 0
rseq(0x555555fe2ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor940924120", 4096) = 27
getrandom("\x10\x03\x57\x34\xfd\x17\x8e\xde", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555555fe2d00
brk(0x555556003d00)                     = 0x555556003d00
brk(0x555556004000)                     = 0x555556004000
mprotect(0x7f97997a2000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.M022ck", 0700)       = 0
chmod("./syzkaller.M022ck", 0777)       = 0
chdir("./syzkaller.M022ck")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5056 attached
, child_tidptr=0x555555fe2650) = 5056
[pid  5056] set_robust_list(0x555555fe2660, 24) = 0
[pid  5056] chdir("./0")                = 0
[pid  5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5056] setpgid(0, 0)               = 0
[pid  5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5056] write(3, "1000", 4)         = 4
[pid  5056] close(3)                    = 0
[pid  5056] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5056] memfd_create("syzkaller", 0) = 3
[pid  5056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5056] munmap(0x7f97912ee000, 138412032) = 0
[pid  5056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5056] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5056] close(3)                    = 0
[pid  5056] mkdir("./file0", 0777)      = 0
[   56.681241][ T5056] loop0: detected capacity change from 0 to 8192
[   56.706056][ T5056] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   56.719411][ T5056] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   56.728732][ T5056] REISERFS (device loop0): using ordered data mode
[   56.735279][ T5056] reiserfs: using flush barriers
[   56.741954][ T5056] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   56.758702][ T5056] REISERFS (device loop0): checking transaction log (loop0)
[   56.768323][ T5056] REISERFS (device loop0): Using tea hash to sort names
[pid  5056] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5056] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5056] chdir("./file0")            = 0
[pid  5056] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5056] close(4)                    = 0
[pid  5056] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[   56.776576][ T5056] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5056] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5056] ftruncate(5, 33587195)      = 0
[pid  5056] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5056] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5056] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5056] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5056] exit_group(0)               = ?
[pid  5056] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5056, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs")                  = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file0")                      = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5058 attached
, child_tidptr=0x555555fe2650) = 5058
[pid  5058] set_robust_list(0x555555fe2660, 24) = 0
[pid  5058] chdir("./1")                = 0
[pid  5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5058] setpgid(0, 0)               = 0
[pid  5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5058] write(3, "1000", 4)         = 4
[pid  5058] close(3)                    = 0
[pid  5058] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5058] memfd_create("syzkaller", 0) = 3
[pid  5058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5058] munmap(0x7f97912ee000, 138412032) = 0
[pid  5058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5058] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5058] close(3)                    = 0
[pid  5058] mkdir("./file0", 0777)      = 0
[   57.257177][ T5058] loop0: detected capacity change from 0 to 8192
[   57.282135][ T5058] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   57.295366][ T5058] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   57.304673][ T5058] REISERFS (device loop0): using ordered data mode
[   57.311184][ T5058] reiserfs: using flush barriers
[   57.317201][ T5058] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   57.333684][ T5058] REISERFS (device loop0): checking transaction log (loop0)
[   57.341898][ T5058] REISERFS (device loop0): Using tea hash to sort names
[pid  5058] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5058] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5058] chdir("./file0")            = 0
[pid  5058] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5058] close(4)                    = 0
[pid  5058] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5058] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5058] ftruncate(5, 33587195)      = 0
[pid  5058] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[   57.349238][ T5058] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5058] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5058] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5058] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5058] exit_group(0)               = ?
[pid  5058] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5058, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs")                  = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file0")                      = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached
 <unfinished ...>
[pid  5060] set_robust_list(0x555555fe2660, 24) = 0
[pid  5060] chdir("./2")                = 0
[pid  5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5054] <... clone resumed>, child_tidptr=0x555555fe2650) = 5060
[pid  5060] setpgid(0, 0)               = 0
[pid  5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5060] write(3, "1000", 4)         = 4
[pid  5060] close(3)                    = 0
[pid  5060] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5060] memfd_create("syzkaller", 0) = 3
[pid  5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5060] munmap(0x7f97912ee000, 138412032) = 0
[pid  5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5060] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5060] close(3)                    = 0
[pid  5060] mkdir("./file0", 0777)      = 0
[   57.816629][ T5060] loop0: detected capacity change from 0 to 8192
[   57.836144][ T5060] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   57.849139][ T5060] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   57.858395][ T5060] REISERFS (device loop0): using ordered data mode
[pid  5060] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5060] chdir("./file0")            = 0
[pid  5060] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5060] close(4)                    = 0
[pid  5060] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5060] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[   57.864949][ T5060] reiserfs: using flush barriers
[   57.871052][ T5060] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   57.888002][ T5060] REISERFS (device loop0): checking transaction log (loop0)
[   57.896319][ T5060] REISERFS (device loop0): Using tea hash to sort names
[   57.903690][ T5060] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5060] ftruncate(5, 33587195)      = 0
[pid  5060] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5060] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5060] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5060] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5060] exit_group(0)               = ?
[pid  5060] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs")                  = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./2/file0")                      = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5062 attached
, child_tidptr=0x555555fe2650) = 5062
[pid  5062] set_robust_list(0x555555fe2660, 24) = 0
[pid  5062] chdir("./3")                = 0
[pid  5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5062] setpgid(0, 0)               = 0
[pid  5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5062] write(3, "1000", 4)         = 4
[pid  5062] close(3)                    = 0
[pid  5062] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5062] memfd_create("syzkaller", 0) = 3
[pid  5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5062] munmap(0x7f97912ee000, 138412032) = 0
[pid  5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5062] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5062] close(3)                    = 0
[pid  5062] mkdir("./file0", 0777)      = 0
[   58.315027][ T5062] loop0: detected capacity change from 0 to 8192
[   58.325365][ T5062] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   58.338336][ T5062] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   58.347889][ T5062] REISERFS (device loop0): using ordered data mode
[   58.354417][ T5062] reiserfs: using flush barriers
[pid  5062] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5062] chdir("./file0")            = 0
[pid  5062] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5062] close(4)                    = 0
[pid  5062] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[   58.360325][ T5062] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   58.376844][ T5062] REISERFS (device loop0): checking transaction log (loop0)
[   58.385006][ T5062] REISERFS (device loop0): Using tea hash to sort names
[   58.392174][ T5062] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5062] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5062] ftruncate(5, 33587195)      = 0
[pid  5062] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5062] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5062] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5062] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5062] exit_group(0)               = ?
[pid  5062] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs")                  = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./3/file0")                      = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./3")                            = 0
mkdir("./4", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5064 attached
, child_tidptr=0x555555fe2650) = 5064
[pid  5064] set_robust_list(0x555555fe2660, 24) = 0
[pid  5064] chdir("./4")                = 0
[pid  5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5064] setpgid(0, 0)               = 0
[pid  5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5064] write(3, "1000", 4)         = 4
[pid  5064] close(3)                    = 0
[pid  5064] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5064] memfd_create("syzkaller", 0) = 3
[pid  5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5064] munmap(0x7f97912ee000, 138412032) = 0
[pid  5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5064] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5064] close(3)                    = 0
[pid  5064] mkdir("./file0", 0777)      = 0
[   58.937712][ T5064] loop0: detected capacity change from 0 to 8192
[   58.951187][ T5064] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   58.964319][ T5064] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   58.973563][ T5064] REISERFS (device loop0): using ordered data mode
[   58.980075][ T5064] reiserfs: using flush barriers
[pid  5064] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5064] chdir("./file0")            = 0
[pid  5064] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5064] close(4)                    = 0
[pid  5064] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5064] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5064] ftruncate(5, 33587195)      = 0
[pid  5064] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5064] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   58.986428][ T5064] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   59.002839][ T5064] REISERFS (device loop0): checking transaction log (loop0)
[   59.011151][ T5064] REISERFS (device loop0): Using tea hash to sort names
[   59.018404][ T5064] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5064] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5064] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5064] exit_group(0)               = ?
[pid  5064] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs")                  = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./4/file0")                      = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./4")                            = 0
mkdir("./5", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached
, child_tidptr=0x555555fe2650) = 5066
[pid  5066] set_robust_list(0x555555fe2660, 24) = 0
[pid  5066] chdir("./5")                = 0
[pid  5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5066] setpgid(0, 0)               = 0
[pid  5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5066] write(3, "1000", 4)         = 4
[pid  5066] close(3)                    = 0
[pid  5066] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5066] memfd_create("syzkaller", 0) = 3
[pid  5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5066] munmap(0x7f97912ee000, 138412032) = 0
[pid  5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5066] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5066] close(3)                    = 0
[pid  5066] mkdir("./file0", 0777)      = 0
[   59.348671][ T5066] loop0: detected capacity change from 0 to 8192
[   59.362950][ T5066] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   59.376048][ T5066] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   59.385288][ T5066] REISERFS (device loop0): using ordered data mode
[   59.391786][ T5066] reiserfs: using flush barriers
[pid  5066] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5066] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5066] chdir("./file0")            = 0
[pid  5066] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5066] close(4)                    = 0
[pid  5066] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5066] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5066] ftruncate(5, 33587195)      = 0
[pid  5066] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5066] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   59.397927][ T5066] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   59.414269][ T5066] REISERFS (device loop0): checking transaction log (loop0)
[   59.422561][ T5066] REISERFS (device loop0): Using tea hash to sort names
[   59.430127][ T5066] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5066] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5066] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5066] exit_group(0)               = ?
[pid  5066] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs")                  = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./5/file0")                      = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./5")                            = 0
mkdir("./6", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached
, child_tidptr=0x555555fe2650) = 5068
[pid  5068] set_robust_list(0x555555fe2660, 24) = 0
[pid  5068] chdir("./6")                = 0
[pid  5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5068] setpgid(0, 0)               = 0
[pid  5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1000", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5068] memfd_create("syzkaller", 0) = 3
[pid  5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5068] munmap(0x7f97912ee000, 138412032) = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5068] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5068] close(3)                    = 0
[pid  5068] mkdir("./file0", 0777)      = 0
[   59.851941][ T5068] loop0: detected capacity change from 0 to 8192
[   59.887234][ T5068] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   59.900241][ T5068] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   59.909493][ T5068] REISERFS (device loop0): using ordered data mode
[   59.916036][ T5068] reiserfs: using flush barriers
[   59.922250][ T5068] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   59.938846][ T5068] REISERFS (device loop0): checking transaction log (loop0)
[pid  5068] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5068] chdir("./file0")            = 0
[pid  5068] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5068] close(4)                    = 0
[pid  5068] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5068] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5068] ftruncate(5, 33587195)      = 0
[pid  5068] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5068] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   59.947011][ T5068] REISERFS (device loop0): Using tea hash to sort names
[   59.954220][ T5068] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5068] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5068] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5068] exit_group(0)               = ?
[pid  5068] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs")                  = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./6/file0")                      = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./6")                            = 0
mkdir("./7", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5070 attached
, child_tidptr=0x555555fe2650) = 5070
[pid  5070] set_robust_list(0x555555fe2660, 24) = 0
[pid  5070] chdir("./7")                = 0
[pid  5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5070] setpgid(0, 0)               = 0
[pid  5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5070] write(3, "1000", 4)         = 4
[pid  5070] close(3)                    = 0
[pid  5070] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5070] memfd_create("syzkaller", 0) = 3
[pid  5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5070] munmap(0x7f97912ee000, 138412032) = 0
[pid  5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5070] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5070] close(3)                    = 0
[pid  5070] mkdir("./file0", 0777)      = 0
[   60.443815][ T5070] loop0: detected capacity change from 0 to 8192
[   60.467528][ T5070] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   60.480520][ T5070] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[pid  5070] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5070] chdir("./file0")            = 0
[pid  5070] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5070] close(4)                    = 0
[pid  5070] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5070] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[   60.489752][ T5070] REISERFS (device loop0): using ordered data mode
[   60.496310][ T5070] reiserfs: using flush barriers
[   60.502463][ T5070] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   60.518993][ T5070] REISERFS (device loop0): checking transaction log (loop0)
[   60.527221][ T5070] REISERFS (device loop0): Using tea hash to sort names
[   60.534753][ T5070] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5070] ftruncate(5, 33587195)      = 0
[pid  5070] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5070] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5070] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5070] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5070] exit_group(0)               = ?
[pid  5070] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs")                  = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./7/file0")                      = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./7")                            = 0
mkdir("./8", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached
 <unfinished ...>
[pid  5073] set_robust_list(0x555555fe2660, 24) = 0
[pid  5073] chdir("./8")                = 0
[pid  5073] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5054] <... clone resumed>, child_tidptr=0x555555fe2650) = 5073
[pid  5073] <... prctl resumed>)        = 0
[pid  5073] setpgid(0, 0)               = 0
[pid  5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5073] write(3, "1000", 4)         = 4
[pid  5073] close(3)                    = 0
[pid  5073] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5073] memfd_create("syzkaller", 0) = 3
[pid  5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5073] munmap(0x7f97912ee000, 138412032) = 0
[pid  5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5073] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5073] close(3)                    = 0
[pid  5073] mkdir("./file0", 0777)      = 0
[   60.908047][ T5073] loop0: detected capacity change from 0 to 8192
[   60.924149][ T5073] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   60.937223][ T5073] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   60.946453][ T5073] REISERFS (device loop0): using ordered data mode
[   60.953004][ T5073] reiserfs: using flush barriers
[pid  5073] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5073] chdir("./file0")            = 0
[pid  5073] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5073] close(4)                    = 0
[pid  5073] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[   60.958859][ T5073] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   60.975383][ T5073] REISERFS (device loop0): checking transaction log (loop0)
[   60.983736][ T5073] REISERFS (device loop0): Using tea hash to sort names
[   60.991119][ T5073] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5073] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5073] ftruncate(5, 33587195)      = 0
[pid  5073] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5073] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5073] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5073] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5073] exit_group(0)               = ?
[pid  5073] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs")                  = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./8/file0")                      = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./8")                            = 0
mkdir("./9", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached
 <unfinished ...>
[pid  5075] set_robust_list(0x555555fe2660, 24) = 0
[pid  5075] chdir("./9")                = 0
[pid  5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5054] <... clone resumed>, child_tidptr=0x555555fe2650) = 5075
[pid  5075] setpgid(0, 0)               = 0
[pid  5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5075] write(3, "1000", 4)         = 4
[pid  5075] close(3)                    = 0
[pid  5075] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5075] memfd_create("syzkaller", 0) = 3
[pid  5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5075] munmap(0x7f97912ee000, 138412032) = 0
[pid  5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5075] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5075] close(3)                    = 0
[pid  5075] mkdir("./file0", 0777)      = 0
[   61.475849][ T5075] loop0: detected capacity change from 0 to 8192
[   61.491111][ T5075] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   61.504228][ T5075] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   61.513490][ T5075] REISERFS (device loop0): using ordered data mode
[   61.520000][ T5075] reiserfs: using flush barriers
[pid  5075] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5075] chdir("./file0")            = 0
[pid  5075] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5075] close(4)                    = 0
[pid  5075] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5075] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[   61.526064][ T5075] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   61.542462][ T5075] REISERFS (device loop0): checking transaction log (loop0)
[   61.550920][ T5075] REISERFS (device loop0): Using tea hash to sort names
[   61.558370][ T5075] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5075] ftruncate(5, 33587195)      = 0
[pid  5075] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5075] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5075] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5075] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5075] exit_group(0)               = ?
[pid  5075] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs")                  = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./9/file0")                      = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./9")                            = 0
mkdir("./10", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached
, child_tidptr=0x555555fe2650) = 5077
[pid  5077] set_robust_list(0x555555fe2660, 24) = 0
[pid  5077] chdir("./10")               = 0
[pid  5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5077] setpgid(0, 0)               = 0
[pid  5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5077] write(3, "1000", 4)         = 4
[pid  5077] close(3)                    = 0
[pid  5077] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5077] memfd_create("syzkaller", 0) = 3
[pid  5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5077] munmap(0x7f97912ee000, 138412032) = 0
[pid  5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5077] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5077] close(3)                    = 0
[pid  5077] mkdir("./file0", 0777)      = 0
[   62.003381][ T5077] loop0: detected capacity change from 0 to 8192
[   62.023672][ T5077] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   62.036662][ T5077] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   62.045908][ T5077] REISERFS (device loop0): using ordered data mode
[pid  5077] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5077] chdir("./file0")            = 0
[pid  5077] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5077] close(4)                    = 0
[pid  5077] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5077] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[   62.052408][ T5077] reiserfs: using flush barriers
[   62.058605][ T5077] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   62.075030][ T5077] REISERFS (device loop0): checking transaction log (loop0)
[   62.083260][ T5077] REISERFS (device loop0): Using tea hash to sort names
[   62.090493][ T5077] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5077] ftruncate(5, 33587195)      = 0
[pid  5077] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5077] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5077] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5077] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5077] exit_group(0)               = ?
[pid  5077] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs")                 = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./10/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./10")                           = 0
mkdir("./11", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe2650) = 5079
./strace-static-x86_64: Process 5079 attached
[pid  5079] set_robust_list(0x555555fe2660, 24) = 0
[pid  5079] chdir("./11")               = 0
[pid  5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5079] setpgid(0, 0)               = 0
[pid  5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5079] write(3, "1000", 4)         = 4
[pid  5079] close(3)                    = 0
[pid  5079] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5079] memfd_create("syzkaller", 0) = 3
[pid  5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5079] munmap(0x7f97912ee000, 138412032) = 0
[pid  5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5079] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5079] close(3)                    = 0
[pid  5079] mkdir("./file0", 0777)      = 0
[   62.547839][ T5079] loop0: detected capacity change from 0 to 8192
[   62.562344][ T5079] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   62.575527][ T5079] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   62.584850][ T5079] REISERFS (device loop0): using ordered data mode
[   62.591438][ T5079] reiserfs: using flush barriers
[pid  5079] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5079] chdir("./file0")            = 0
[pid  5079] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5079] close(4)                    = 0
[pid  5079] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5079] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5079] ftruncate(5, 33587195)      = 0
[pid  5079] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5079] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   62.598080][ T5079] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   62.614650][ T5079] REISERFS (device loop0): checking transaction log (loop0)
[   62.622860][ T5079] REISERFS (device loop0): Using tea hash to sort names
[   62.630147][ T5079] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5079] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5079] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5079] exit_group(0)               = ?
[pid  5079] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs")                 = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./11/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./11")                           = 0
mkdir("./12", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5081 attached
 <unfinished ...>
[pid  5081] set_robust_list(0x555555fe2660, 24) = 0
[pid  5081] chdir("./12")               = 0
[pid  5054] <... clone resumed>, child_tidptr=0x555555fe2650) = 5081
[pid  5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5081] setpgid(0, 0)               = 0
[pid  5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5081] write(3, "1000", 4)         = 4
[pid  5081] close(3)                    = 0
[pid  5081] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5081] memfd_create("syzkaller", 0) = 3
[pid  5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5081] munmap(0x7f97912ee000, 138412032) = 0
[pid  5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5081] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5081] close(3)                    = 0
[pid  5081] mkdir("./file0", 0777)      = 0
[   62.978221][ T5081] loop0: detected capacity change from 0 to 8192
[   63.002327][ T5081] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   63.015481][ T5081] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   63.024731][ T5081] REISERFS (device loop0): using ordered data mode
[   63.031235][ T5081] reiserfs: using flush barriers
[   63.037953][ T5081] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   63.054366][ T5081] REISERFS (device loop0): checking transaction log (loop0)
[   63.062596][ T5081] REISERFS (device loop0): Using tea hash to sort names
[pid  5081] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5081] chdir("./file0")            = 0
[pid  5081] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5081] close(4)                    = 0
[pid  5081] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5081] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5081] ftruncate(5, 33587195)      = 0
[   63.070210][ T5081] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5081] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5081] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5081] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5081] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5081] exit_group(0)               = ?
[pid  5081] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} ---
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs")                 = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./12/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./12")                           = 0
mkdir("./13", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached
, child_tidptr=0x555555fe2650) = 5083
[pid  5083] set_robust_list(0x555555fe2660, 24) = 0
[pid  5083] chdir("./13")               = 0
[pid  5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5083] setpgid(0, 0)               = 0
[pid  5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5083] write(3, "1000", 4)         = 4
[pid  5083] close(3)                    = 0
[pid  5083] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5083] memfd_create("syzkaller", 0) = 3
[pid  5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5083] munmap(0x7f97912ee000, 138412032) = 0
[pid  5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5083] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5083] close(3)                    = 0
[pid  5083] mkdir("./file0", 0777)      = 0
[   63.493811][ T5083] loop0: detected capacity change from 0 to 8192
[   63.507649][ T5083] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   63.520675][ T5083] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   63.529943][ T5083] REISERFS (device loop0): using ordered data mode
[   63.536476][ T5083] reiserfs: using flush barriers
[pid  5083] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5083] chdir("./file0")            = 0
[pid  5083] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5083] close(4)                    = 0
[   63.542382][ T5083] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   63.558899][ T5083] REISERFS (device loop0): checking transaction log (loop0)
[   63.567169][ T5083] REISERFS (device loop0): Using tea hash to sort names
[   63.574592][ T5083] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5083] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5083] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5083] ftruncate(5, 33587195)      = 0
[pid  5083] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5083] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5083] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5083] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5083] exit_group(0)               = ?
[pid  5083] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs")                 = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./13/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./13")                           = 0
mkdir("./14", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5085 attached
, child_tidptr=0x555555fe2650) = 5085
[pid  5085] set_robust_list(0x555555fe2660, 24) = 0
[pid  5085] chdir("./14")               = 0
[pid  5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5085] setpgid(0, 0)               = 0
[pid  5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5085] write(3, "1000", 4)         = 4
[pid  5085] close(3)                    = 0
[pid  5085] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5085] memfd_create("syzkaller", 0) = 3
[pid  5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5085] munmap(0x7f97912ee000, 138412032) = 0
[pid  5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5085] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5085] close(3)                    = 0
[pid  5085] mkdir("./file0", 0777)      = 0
[   63.978551][ T5085] loop0: detected capacity change from 0 to 8192
[   63.992771][ T5085] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   64.005807][ T5085] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   64.015036][ T5085] REISERFS (device loop0): using ordered data mode
[   64.021540][ T5085] reiserfs: using flush barriers
[pid  5085] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5085] chdir("./file0")            = 0
[pid  5085] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5085] close(4)                    = 0
[pid  5085] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[   64.027727][ T5085] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   64.044236][ T5085] REISERFS (device loop0): checking transaction log (loop0)
[   64.052248][ T5085] REISERFS (device loop0): Using tea hash to sort names
[   64.059625][ T5085] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5085] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5085] ftruncate(5, 33587195)      = 0
[pid  5085] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5085] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5085] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5085] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5085] exit_group(0)               = ?
[pid  5085] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs")                 = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./14/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./14")                           = 0
mkdir("./15", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5087 attached
 <unfinished ...>
[pid  5087] set_robust_list(0x555555fe2660, 24) = 0
[pid  5087] chdir("./15")               = 0
[pid  5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5054] <... clone resumed>, child_tidptr=0x555555fe2650) = 5087
[pid  5087] setpgid(0, 0)               = 0
[pid  5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5087] write(3, "1000", 4)         = 4
[pid  5087] close(3)                    = 0
[pid  5087] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5087] memfd_create("syzkaller", 0) = 3
[pid  5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5087] munmap(0x7f97912ee000, 138412032) = 0
[pid  5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5087] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5087] close(3)                    = 0
[pid  5087] mkdir("./file0", 0777)      = 0
[   64.445549][ T5087] loop0: detected capacity change from 0 to 8192
[   64.459401][ T5087] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   64.472420][ T5087] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   64.481729][ T5087] REISERFS (device loop0): using ordered data mode
[   64.488418][ T5087] reiserfs: using flush barriers
[pid  5087] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5087] chdir("./file0")            = 0
[pid  5087] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5087] close(4)                    = 0
[   64.494528][ T5087] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   64.511067][ T5087] REISERFS (device loop0): checking transaction log (loop0)
[   64.519261][ T5087] REISERFS (device loop0): Using tea hash to sort names
[   64.526532][ T5087] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5087] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5087] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5087] ftruncate(5, 33587195)      = 0
[pid  5087] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5087] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5087] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5087] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5087] exit_group(0)               = ?
[pid  5087] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} ---
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs")                 = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./15/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./15")                           = 0
mkdir("./16", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached
 <unfinished ...>
[pid  5089] set_robust_list(0x555555fe2660, 24) = 0
[pid  5089] chdir("./16")               = 0
[pid  5089] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5054] <... clone resumed>, child_tidptr=0x555555fe2650) = 5089
[pid  5089] <... prctl resumed>)        = 0
[pid  5089] setpgid(0, 0)               = 0
[pid  5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5089] write(3, "1000", 4)         = 4
[pid  5089] close(3)                    = 0
[pid  5089] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5089] memfd_create("syzkaller", 0) = 3
[pid  5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5089] munmap(0x7f97912ee000, 138412032) = 0
[pid  5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5089] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5089] close(3)                    = 0
[pid  5089] mkdir("./file0", 0777)      = 0
[   64.921946][ T5089] loop0: detected capacity change from 0 to 8192
[   64.942811][ T5089] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   64.955877][ T5089] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   64.965099][ T5089] REISERFS (device loop0): using ordered data mode
[pid  5089] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5089] chdir("./file0")            = 0
[pid  5089] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5089] close(4)                    = 0
[pid  5089] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5089] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[   64.971583][ T5089] reiserfs: using flush barriers
[   64.978112][ T5089] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   64.994599][ T5089] REISERFS (device loop0): checking transaction log (loop0)
[   65.002702][ T5089] REISERFS (device loop0): Using tea hash to sort names
[   65.010113][ T5089] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5089] ftruncate(5, 33587195)      = 0
[pid  5089] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5089] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5089] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5089] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5089] exit_group(0)               = ?
[pid  5089] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs")                 = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./16/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./16")                           = 0
mkdir("./17", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached
, child_tidptr=0x555555fe2650) = 5091
[pid  5091] set_robust_list(0x555555fe2660, 24) = 0
[pid  5091] chdir("./17")               = 0
[pid  5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5091] setpgid(0, 0)               = 0
[pid  5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5091] write(3, "1000", 4)         = 4
[pid  5091] close(3)                    = 0
[pid  5091] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5091] memfd_create("syzkaller", 0) = 3
[pid  5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5091] munmap(0x7f97912ee000, 138412032) = 0
[pid  5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5091] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5091] close(3)                    = 0
[pid  5091] mkdir("./file0", 0777)      = 0
[   65.427746][ T5091] loop0: detected capacity change from 0 to 8192
[   65.452059][ T5091] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   65.465105][ T5091] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[pid  5091] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5091] chdir("./file0")            = 0
[pid  5091] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5091] close(4)                    = 0
[pid  5091] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5091] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5091] ftruncate(5, 33587195)      = 0
[pid  5091] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[   65.474288][ T5091] REISERFS (device loop0): using ordered data mode
[   65.480765][ T5091] reiserfs: using flush barriers
[   65.486836][ T5091] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   65.503293][ T5091] REISERFS (device loop0): checking transaction log (loop0)
[   65.511608][ T5091] REISERFS (device loop0): Using tea hash to sort names
[   65.518942][ T5091] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5091] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5091] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5091] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5091] exit_group(0)               = ?
[pid  5091] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs")                 = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./17/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./17")                           = 0
mkdir("./18", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5093 attached
, child_tidptr=0x555555fe2650) = 5093
[pid  5093] set_robust_list(0x555555fe2660, 24) = 0
[pid  5093] chdir("./18")               = 0
[pid  5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5093] setpgid(0, 0)               = 0
[pid  5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5093] write(3, "1000", 4)         = 4
[pid  5093] close(3)                    = 0
[pid  5093] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5093] memfd_create("syzkaller", 0) = 3
[pid  5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5093] munmap(0x7f97912ee000, 138412032) = 0
[pid  5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5093] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5093] close(3)                    = 0
[pid  5093] mkdir("./file0", 0777)      = 0
[   65.954707][ T5093] loop0: detected capacity change from 0 to 8192
[   65.970450][ T5093] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   65.983485][ T5093] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   65.992679][ T5093] REISERFS (device loop0): using ordered data mode
[   65.999219][ T5093] reiserfs: using flush barriers
[pid  5093] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5093] chdir("./file0")            = 0
[pid  5093] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5093] close(4)                    = 0
[pid  5093] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5093] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5093] ftruncate(5, 33587195)      = 0
[   66.005182][ T5093] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   66.021552][ T5093] REISERFS (device loop0): checking transaction log (loop0)
[   66.029614][ T5093] REISERFS (device loop0): Using tea hash to sort names
[   66.036837][ T5093] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5093] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5093] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5093] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5093] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5093] exit_group(0)               = ?
[pid  5093] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs")                 = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./18/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./18")                           = 0
mkdir("./19", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached
, child_tidptr=0x555555fe2650) = 5095
[pid  5095] set_robust_list(0x555555fe2660, 24) = 0
[pid  5095] chdir("./19")               = 0
[pid  5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5095] setpgid(0, 0)               = 0
[pid  5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5095] write(3, "1000", 4)         = 4
[pid  5095] close(3)                    = 0
[pid  5095] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5095] memfd_create("syzkaller", 0) = 3
[pid  5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5095] munmap(0x7f97912ee000, 138412032) = 0
[pid  5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5095] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5095] close(3)                    = 0
[pid  5095] mkdir("./file0", 0777)      = 0
[   66.566277][ T5095] loop0: detected capacity change from 0 to 8192
[   66.580541][ T5095] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   66.593622][ T5095] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   66.602788][ T5095] REISERFS (device loop0): using ordered data mode
[   66.609337][ T5095] reiserfs: using flush barriers
[pid  5095] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5095] chdir("./file0")            = 0
[pid  5095] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5095] close(4)                    = 0
[pid  5095] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5095] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[   66.615551][ T5095] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   66.631939][ T5095] REISERFS (device loop0): checking transaction log (loop0)
[   66.640163][ T5095] REISERFS (device loop0): Using tea hash to sort names
[   66.647723][ T5095] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5095] ftruncate(5, 33587195)      = 0
[pid  5095] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5095] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5095] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5095] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5095] exit_group(0)               = ?
[pid  5095] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs")                 = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./19/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./19")                           = 0
mkdir("./20", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5097 attached
 <unfinished ...>
[pid  5097] set_robust_list(0x555555fe2660, 24) = 0
[pid  5054] <... clone resumed>, child_tidptr=0x555555fe2650) = 5097
[pid  5097] chdir("./20")               = 0
[pid  5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5097] setpgid(0, 0)               = 0
[pid  5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5097] write(3, "1000", 4)         = 4
[pid  5097] close(3)                    = 0
[pid  5097] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5097] memfd_create("syzkaller", 0) = 3
[pid  5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5097] munmap(0x7f97912ee000, 138412032) = 0
[pid  5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5097] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5097] close(3)                    = 0
[pid  5097] mkdir("./file0", 0777)      = 0
[   67.107885][ T5097] loop0: detected capacity change from 0 to 8192
[   67.123423][ T5097] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   67.136451][ T5097] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   67.145723][ T5097] REISERFS (device loop0): using ordered data mode
[   67.152225][ T5097] reiserfs: using flush barriers
[pid  5097] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5097] chdir("./file0")            = 0
[pid  5097] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5097] close(4)                    = 0
[pid  5097] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5097] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5097] ftruncate(5, 33587195)      = 0
[   67.158330][ T5097] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   67.174843][ T5097] REISERFS (device loop0): checking transaction log (loop0)
[   67.182954][ T5097] REISERFS (device loop0): Using tea hash to sort names
[   67.190140][ T5097] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5097] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5097] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5097] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5097] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5097] exit_group(0)               = ?
[pid  5097] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} ---
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs")                 = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./20/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./20")                           = 0
mkdir("./21", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5099 attached
 <unfinished ...>
[pid  5099] set_robust_list(0x555555fe2660, 24) = 0
[pid  5099] chdir("./21")               = 0
[pid  5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5054] <... clone resumed>, child_tidptr=0x555555fe2650) = 5099
[pid  5099] setpgid(0, 0)               = 0
[pid  5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5099] write(3, "1000", 4)         = 4
[pid  5099] close(3)                    = 0
[pid  5099] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5099] memfd_create("syzkaller", 0) = 3
[pid  5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5099] munmap(0x7f97912ee000, 138412032) = 0
[pid  5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5099] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5099] close(3)                    = 0
[pid  5099] mkdir("./file0", 0777)      = 0
[   67.677554][ T5099] loop0: detected capacity change from 0 to 8192
[   67.690746][ T5099] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   67.703826][ T5099] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   67.713080][ T5099] REISERFS (device loop0): using ordered data mode
[   67.719596][ T5099] reiserfs: using flush barriers
[pid  5099] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5099] chdir("./file0")            = 0
[pid  5099] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5099] close(4)                    = 0
[pid  5099] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5099] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[   67.725711][ T5099] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   67.742404][ T5099] REISERFS (device loop0): checking transaction log (loop0)
[   67.750408][ T5099] REISERFS (device loop0): Using tea hash to sort names
[   67.758075][ T5099] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5099] ftruncate(5, 33587195)      = 0
[pid  5099] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5099] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5099] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5099] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5099] exit_group(0)               = ?
[pid  5099] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} ---
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs")                 = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./21/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./21")                           = 0
mkdir("./22", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5101 attached
, child_tidptr=0x555555fe2650) = 5101
[pid  5101] set_robust_list(0x555555fe2660, 24) = 0
[pid  5101] chdir("./22")               = 0
[pid  5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5101] setpgid(0, 0)               = 0
[pid  5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5101] write(3, "1000", 4)         = 4
[pid  5101] close(3)                    = 0
[pid  5101] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5101] memfd_create("syzkaller", 0) = 3
[pid  5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5101] munmap(0x7f97912ee000, 138412032) = 0
[pid  5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5101] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5101] close(3)                    = 0
[pid  5101] mkdir("./file0", 0777)      = 0
[   68.195909][ T5101] loop0: detected capacity change from 0 to 8192
[   68.209613][ T5101] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   68.222619][ T5101] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   68.231862][ T5101] REISERFS (device loop0): using ordered data mode
[   68.238376][ T5101] reiserfs: using flush barriers
[pid  5101] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5101] chdir("./file0")            = 0
[pid  5101] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5101] close(4)                    = 0
[pid  5101] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[   68.244313][ T5101] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   68.260708][ T5101] REISERFS (device loop0): checking transaction log (loop0)
[   68.268815][ T5101] REISERFS (device loop0): Using tea hash to sort names
[   68.276188][ T5101] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5101] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5101] ftruncate(5, 33587195)      = 0
[pid  5101] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5101] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5101] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5101] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5101] exit_group(0)               = ?
[pid  5101] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs")                 = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./22/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./22")                           = 0
mkdir("./23", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe2650) = 5103
./strace-static-x86_64: Process 5103 attached
[pid  5103] set_robust_list(0x555555fe2660, 24) = 0
[pid  5103] chdir("./23")               = 0
[pid  5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5103] setpgid(0, 0)               = 0
[pid  5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5103] write(3, "1000", 4)         = 4
[pid  5103] close(3)                    = 0
[pid  5103] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5103] memfd_create("syzkaller", 0) = 3
[pid  5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5103] munmap(0x7f97912ee000, 138412032) = 0
[pid  5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5103] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5103] close(3)                    = 0
[pid  5103] mkdir("./file0", 0777)      = 0
[   68.747883][ T5103] loop0: detected capacity change from 0 to 8192
[   68.761831][ T5103] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   68.774874][ T5103] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   68.784346][ T5103] REISERFS (device loop0): using ordered data mode
[   68.790879][ T5103] reiserfs: using flush barriers
[pid  5103] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5103] chdir("./file0")            = 0
[pid  5103] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5103] close(4)                    = 0
[pid  5103] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5103] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[   68.796992][ T5103] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   68.813367][ T5103] REISERFS (device loop0): checking transaction log (loop0)
[   68.821552][ T5103] REISERFS (device loop0): Using tea hash to sort names
[   68.828896][ T5103] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5103] ftruncate(5, 33587195)      = 0
[pid  5103] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5103] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5103] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5103] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5103] exit_group(0)               = ?
[pid  5103] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs")                 = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./23/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./23")                           = 0
mkdir("./24", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5105 attached
, child_tidptr=0x555555fe2650) = 5105
[pid  5105] set_robust_list(0x555555fe2660, 24) = 0
[pid  5105] chdir("./24")               = 0
[pid  5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5105] setpgid(0, 0)               = 0
[pid  5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5105] write(3, "1000", 4)         = 4
[pid  5105] close(3)                    = 0
[pid  5105] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5105] memfd_create("syzkaller", 0) = 3
[pid  5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5105] munmap(0x7f97912ee000, 138412032) = 0
[pid  5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5105] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5105] close(3)                    = 0
[pid  5105] mkdir("./file0", 0777)      = 0
[   69.272713][ T5105] loop0: detected capacity change from 0 to 8192
[   69.297702][ T5105] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   69.310698][ T5105] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   69.319951][ T5105] REISERFS (device loop0): using ordered data mode
[   69.326484][ T5105] reiserfs: using flush barriers
[   69.332584][ T5105] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   69.349154][ T5105] REISERFS (device loop0): checking transaction log (loop0)
[   69.357557][ T5105] REISERFS (device loop0): Using tea hash to sort names
[pid  5105] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5105] chdir("./file0")            = 0
[pid  5105] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5105] close(4)                    = 0
[pid  5105] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5105] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[   69.364784][ T5105] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5105] ftruncate(5, 33587195)      = 0
[pid  5105] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5105] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5105] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5105] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5105] exit_group(0)               = ?
[pid  5105] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs")                 = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./24/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./24")                           = 0
mkdir("./25", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5107 attached
, child_tidptr=0x555555fe2650) = 5107
[pid  5107] set_robust_list(0x555555fe2660, 24) = 0
[pid  5107] chdir("./25")               = 0
[pid  5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5107] setpgid(0, 0)               = 0
[pid  5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5107] write(3, "1000", 4)         = 4
[pid  5107] close(3)                    = 0
[pid  5107] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5107] memfd_create("syzkaller", 0) = 3
[pid  5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5107] munmap(0x7f97912ee000, 138412032) = 0
[pid  5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5107] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5107] close(3)                    = 0
[pid  5107] mkdir("./file0", 0777)      = 0
[   69.833020][ T5107] loop0: detected capacity change from 0 to 8192
[   69.843264][ T5107] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   69.856252][ T5107] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   69.865476][ T5107] REISERFS (device loop0): using ordered data mode
[   69.871955][ T5107] reiserfs: using flush barriers
[pid  5107] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5107] chdir("./file0")            = 0
[pid  5107] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5107] close(4)                    = 0
[pid  5107] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5107] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[   69.877876][ T5107] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   69.894390][ T5107] REISERFS (device loop0): checking transaction log (loop0)
[   69.902458][ T5107] REISERFS (device loop0): Using tea hash to sort names
[   69.909817][ T5107] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5107] ftruncate(5, 33587195)      = 0
[pid  5107] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5107] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5107] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5107] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5107] exit_group(0)               = ?
[pid  5107] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs")                 = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./25/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./25")                           = 0
mkdir("./26", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5109 attached
, child_tidptr=0x555555fe2650) = 5109
[pid  5109] set_robust_list(0x555555fe2660, 24) = 0
[pid  5109] chdir("./26")               = 0
[pid  5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5109] setpgid(0, 0)               = 0
[pid  5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5109] write(3, "1000", 4)         = 4
[pid  5109] close(3)                    = 0
[pid  5109] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5109] memfd_create("syzkaller", 0) = 3
[pid  5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5109] munmap(0x7f97912ee000, 138412032) = 0
[pid  5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5109] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5109] close(3)                    = 0
[pid  5109] mkdir("./file0", 0777)      = 0
[   70.337503][ T5109] loop0: detected capacity change from 0 to 8192
[   70.357612][ T5109] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   70.370613][ T5109] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   70.379964][ T5109] REISERFS (device loop0): using ordered data mode
[pid  5109] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5109] chdir("./file0")            = 0
[pid  5109] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5109] close(4)                    = 0
[pid  5109] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[   70.386514][ T5109] reiserfs: using flush barriers
[   70.392520][ T5109] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   70.409038][ T5109] REISERFS (device loop0): checking transaction log (loop0)
[   70.417217][ T5109] REISERFS (device loop0): Using tea hash to sort names
[   70.424610][ T5109] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5109] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5109] ftruncate(5, 33587195)      = 0
[pid  5109] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5109] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5109] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5109] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5109] exit_group(0)               = ?
[pid  5109] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} ---
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs")                 = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./26/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./26")                           = 0
mkdir("./27", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5111 attached
 <unfinished ...>
[pid  5111] set_robust_list(0x555555fe2660, 24) = 0
[pid  5054] <... clone resumed>, child_tidptr=0x555555fe2650) = 5111
[pid  5111] chdir("./27")               = 0
[pid  5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5111] setpgid(0, 0)               = 0
[pid  5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5111] write(3, "1000", 4)         = 4
[pid  5111] close(3)                    = 0
[pid  5111] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5111] memfd_create("syzkaller", 0) = 3
[pid  5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5111] munmap(0x7f97912ee000, 138412032) = 0
[pid  5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5111] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5111] close(3)                    = 0
[pid  5111] mkdir("./file0", 0777)      = 0
[   70.943092][ T5111] loop0: detected capacity change from 0 to 8192
[   70.968621][ T5111] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   70.981669][ T5111] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   70.990925][ T5111] REISERFS (device loop0): using ordered data mode
[   70.997453][ T5111] reiserfs: using flush barriers
[   71.003629][ T5111] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   71.020031][ T5111] REISERFS (device loop0): checking transaction log (loop0)
[   71.028492][ T5111] REISERFS (device loop0): Using tea hash to sort names
[pid  5111] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5111] chdir("./file0")            = 0
[pid  5111] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5111] close(4)                    = 0
[pid  5111] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[   71.035741][ T5111] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5111] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5111] ftruncate(5, 33587195)      = 0
[pid  5111] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5111] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5111] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5111] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5111] exit_group(0)               = ?
[pid  5111] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} ---
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs")                 = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./27/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./27")                           = 0
mkdir("./28", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached
, child_tidptr=0x555555fe2650) = 5113
[pid  5113] set_robust_list(0x555555fe2660, 24) = 0
[pid  5113] chdir("./28")               = 0
[pid  5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5113] setpgid(0, 0)               = 0
[pid  5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5113] write(3, "1000", 4)         = 4
[pid  5113] close(3)                    = 0
[pid  5113] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5113] memfd_create("syzkaller", 0) = 3
[pid  5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5113] munmap(0x7f97912ee000, 138412032) = 0
[pid  5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5113] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5113] close(3)                    = 0
[pid  5113] mkdir("./file0", 0777)      = 0
[   71.457644][ T5113] loop0: detected capacity change from 0 to 8192
[   71.477266][ T5113] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   71.490504][ T5113] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   71.499905][ T5113] REISERFS (device loop0): using ordered data mode
[pid  5113] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5113] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5113] chdir("./file0")            = 0
[pid  5113] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5113] close(4)                    = 0
[pid  5113] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5113] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[   71.506428][ T5113] reiserfs: using flush barriers
[   71.512283][ T5113] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   71.528675][ T5113] REISERFS (device loop0): checking transaction log (loop0)
[   71.536619][ T5113] REISERFS (device loop0): Using tea hash to sort names
[   71.543908][ T5113] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5113] ftruncate(5, 33587195)      = 0
[pid  5113] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5113] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5113] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5113] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5113] exit_group(0)               = ?
[pid  5113] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs")                 = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./28/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./28")                           = 0
mkdir("./29", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached
, child_tidptr=0x555555fe2650) = 5115
[pid  5115] set_robust_list(0x555555fe2660, 24) = 0
[pid  5115] chdir("./29")               = 0
[pid  5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5115] setpgid(0, 0)               = 0
[pid  5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5115] write(3, "1000", 4)         = 4
[pid  5115] close(3)                    = 0
[pid  5115] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5115] memfd_create("syzkaller", 0) = 3
[pid  5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5115] munmap(0x7f97912ee000, 138412032) = 0
[pid  5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5115] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5115] close(3)                    = 0
[pid  5115] mkdir("./file0", 0777)      = 0
[   72.125137][ T5115] loop0: detected capacity change from 0 to 8192
[   72.144924][ T5115] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   72.157986][ T5115] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   72.167244][ T5115] REISERFS (device loop0): using ordered data mode
[pid  5115] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5115] chdir("./file0")            = 0
[pid  5115] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5115] close(4)                    = 0
[pid  5115] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[   72.173768][ T5115] reiserfs: using flush barriers
[   72.179906][ T5115] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   72.196532][ T5115] REISERFS (device loop0): checking transaction log (loop0)
[   72.204552][ T5115] REISERFS (device loop0): Using tea hash to sort names
[   72.211744][ T5115] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5115] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5115] ftruncate(5, 33587195)      = 0
[pid  5115] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5115] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5115] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5115] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5115] exit_group(0)               = ?
[pid  5115] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs")                 = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./29/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./29")                           = 0
mkdir("./30", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5117 attached
 <unfinished ...>
[pid  5117] set_robust_list(0x555555fe2660, 24) = 0
[pid  5117] chdir("./30")               = 0
[pid  5117] prctl(PR_SET_PDEATHSIG, SIGKILL <unfinished ...>
[pid  5054] <... clone resumed>, child_tidptr=0x555555fe2650) = 5117
[pid  5117] <... prctl resumed>)        = 0
[pid  5117] setpgid(0, 0)               = 0
[pid  5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5117] write(3, "1000", 4)         = 4
[pid  5117] close(3)                    = 0
[pid  5117] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5117] memfd_create("syzkaller", 0) = 3
[pid  5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5117] munmap(0x7f97912ee000, 138412032) = 0
[pid  5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5117] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5117] close(3)                    = 0
[pid  5117] mkdir("./file0", 0777)      = 0
[   72.597793][ T5117] loop0: detected capacity change from 0 to 8192
[   72.607623][ T5117] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   72.620657][ T5117] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   72.629879][ T5117] REISERFS (device loop0): using ordered data mode
[   72.636417][ T5117] reiserfs: using flush barriers
[pid  5117] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5117] chdir("./file0")            = 0
[pid  5117] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5117] close(4)                    = 0
[pid  5117] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5117] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5117] ftruncate(5, 33587195)      = 0
[pid  5117] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5117] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   72.642560][ T5117] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   72.659192][ T5117] REISERFS (device loop0): checking transaction log (loop0)
[   72.667667][ T5117] REISERFS (device loop0): Using tea hash to sort names
[   72.675020][ T5117] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5117] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5117] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5117] exit_group(0)               = ?
[pid  5117] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs")                 = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./30/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./30")                           = 0
mkdir("./31", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5119 attached
, child_tidptr=0x555555fe2650) = 5119
[pid  5119] set_robust_list(0x555555fe2660, 24) = 0
[pid  5119] chdir("./31")               = 0
[pid  5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5119] setpgid(0, 0)               = 0
[pid  5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5119] write(3, "1000", 4)         = 4
[pid  5119] close(3)                    = 0
[pid  5119] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5119] memfd_create("syzkaller", 0) = 3
[pid  5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5119] munmap(0x7f97912ee000, 138412032) = 0
[pid  5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5119] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5119] close(3)                    = 0
[pid  5119] mkdir("./file0", 0777)      = 0
[   73.099332][ T5119] loop0: detected capacity change from 0 to 8192
[   73.124912][ T5119] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   73.137940][ T5119] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   73.147492][ T5119] REISERFS (device loop0): using ordered data mode
[   73.154053][ T5119] reiserfs: using flush barriers
[   73.160006][ T5119] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   73.176546][ T5119] REISERFS (device loop0): checking transaction log (loop0)
[   73.184776][ T5119] REISERFS (device loop0): Using tea hash to sort names
[pid  5119] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5119] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5119] chdir("./file0")            = 0
[pid  5119] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5119] close(4)                    = 0
[pid  5119] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[   73.192009][ T5119] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5119] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5119] ftruncate(5, 33587195)      = 0
[pid  5119] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5119] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5119] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5119] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5119] exit_group(0)               = ?
[pid  5119] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs")                 = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./31/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./31")                           = 0
mkdir("./32", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5121 attached
 <unfinished ...>
[pid  5121] set_robust_list(0x555555fe2660, 24) = 0
[pid  5121] chdir("./32")               = 0
[pid  5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5054] <... clone resumed>, child_tidptr=0x555555fe2650) = 5121
[pid  5121] setpgid(0, 0)               = 0
[pid  5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5121] write(3, "1000", 4)         = 4
[pid  5121] close(3)                    = 0
[pid  5121] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5121] memfd_create("syzkaller", 0) = 3
[pid  5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5121] munmap(0x7f97912ee000, 138412032) = 0
[pid  5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5121] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5121] close(3)                    = 0
[pid  5121] mkdir("./file0", 0777)      = 0
[   73.640309][ T5121] loop0: detected capacity change from 0 to 8192
[   73.664483][ T5121] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   73.677496][ T5121] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   73.686758][ T5121] REISERFS (device loop0): using ordered data mode
[   73.693289][ T5121] reiserfs: using flush barriers
[   73.701004][ T5121] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   73.717529][ T5121] REISERFS (device loop0): checking transaction log (loop0)
[   73.725782][ T5121] REISERFS (device loop0): Using tea hash to sort names
[pid  5121] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5121] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5121] chdir("./file0")            = 0
[pid  5121] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5121] close(4)                    = 0
[pid  5121] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[   73.733096][ T5121] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5121] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5121] ftruncate(5, 33587195)      = 0
[pid  5121] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5121] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5121] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5121] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5121] exit_group(0)               = ?
[pid  5121] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs")                 = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./32/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./32")                           = 0
mkdir("./33", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5123 attached
, child_tidptr=0x555555fe2650) = 5123
[pid  5123] set_robust_list(0x555555fe2660, 24) = 0
[pid  5123] chdir("./33")               = 0
[pid  5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5123] setpgid(0, 0)               = 0
[pid  5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5123] write(3, "1000", 4)         = 4
[pid  5123] close(3)                    = 0
[pid  5123] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5123] memfd_create("syzkaller", 0) = 3
[pid  5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5123] munmap(0x7f97912ee000, 138412032) = 0
[pid  5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5123] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5123] close(3)                    = 0
[pid  5123] mkdir("./file0", 0777)      = 0
[   74.207625][ T5123] loop0: detected capacity change from 0 to 8192
[   74.232625][ T5123] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   74.245704][ T5123] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   74.254981][ T5123] REISERFS (device loop0): using ordered data mode
[   74.261492][ T5123] reiserfs: using flush barriers
[   74.268174][ T5123] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   74.284604][ T5123] REISERFS (device loop0): checking transaction log (loop0)
[   74.292806][ T5123] REISERFS (device loop0): Using tea hash to sort names
[pid  5123] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5123] chdir("./file0")            = 0
[pid  5123] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5123] close(4)                    = 0
[pid  5123] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[   74.300185][ T5123] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5123] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5123] ftruncate(5, 33587195)      = 0
[pid  5123] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5123] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5123] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5123] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5123] exit_group(0)               = ?
[pid  5123] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs")                 = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./33/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./33")                           = 0
mkdir("./34", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5125 attached
 <unfinished ...>
[pid  5125] set_robust_list(0x555555fe2660, 24) = 0
[pid  5125] chdir("./34")               = 0
[pid  5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5054] <... clone resumed>, child_tidptr=0x555555fe2650) = 5125
[pid  5125] setpgid(0, 0)               = 0
[pid  5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5125] write(3, "1000", 4)         = 4
[pid  5125] close(3)                    = 0
[pid  5125] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5125] memfd_create("syzkaller", 0) = 3
[pid  5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5125] munmap(0x7f97912ee000, 138412032) = 0
[pid  5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5125] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5125] close(3)                    = 0
[pid  5125] mkdir("./file0", 0777)      = 0
[   74.785991][ T5125] loop0: detected capacity change from 0 to 8192
[   74.796847][ T5125] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   74.809877][ T5125] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   74.819153][ T5125] REISERFS (device loop0): using ordered data mode
[   74.825684][ T5125] reiserfs: using flush barriers
[pid  5125] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5125] chdir("./file0")            = 0
[pid  5125] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5125] close(4)                    = 0
[pid  5125] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5125] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5125] ftruncate(5, 33587195)      = 0
[   74.832031][ T5125] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   74.848535][ T5125] REISERFS (device loop0): checking transaction log (loop0)
[   74.856809][ T5125] REISERFS (device loop0): Using tea hash to sort names
[   74.864220][ T5125] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5125] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5125] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5125] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[   74.992601][ T5125] 
[   74.994976][ T5125] ======================================================
[   75.001973][ T5125] WARNING: possible circular locking dependency detected
[   75.008970][ T5125] 6.7.0-rc4-syzkaller #0 Not tainted
[   75.014227][ T5125] ------------------------------------------------------
[   75.021221][ T5125] syz-executor940/5125 is trying to acquire lock:
[   75.027610][ T5125] ffff888140681090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x7a/0xd0
[   75.036568][ T5125] 
[   75.036568][ T5125] but task is already holding lock:
[   75.043911][ T5125] ffff88807afca510 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x197/0x470
[   75.052937][ T5125] 
[   75.052937][ T5125] which lock already depends on the new lock.
[   75.052937][ T5125] 
[   75.063315][ T5125] 
[   75.063315][ T5125] the existing dependency chain (in reverse order) is:
[   75.072308][ T5125] 
[   75.072308][ T5125] -> #3 (sb_pagefaults){.+.+}-{0:0}:
[   75.079759][ T5125]        lock_acquire+0x1e3/0x530
[   75.084766][ T5125]        filemap_page_mkwrite+0x16f/0x640
[   75.090466][ T5125]        do_page_mkwrite+0x197/0x470
[   75.095733][ T5125]        do_wp_page+0x1d07/0x4d40
[   75.100735][ T5125]        handle_mm_fault+0x1b1c/0x6680
[   75.106172][ T5125]        exc_page_fault+0x456/0x870
[   75.111358][ T5125]        asm_exc_page_fault+0x26/0x30
[   75.116709][ T5125] 
[   75.116709][ T5125] -> #2 (&vma->vm_lock->lock){++++}-{3:3}:
[   75.124680][ T5125]        lock_acquire+0x1e3/0x530
[   75.129695][ T5125]        down_write+0x3a/0x50
[   75.134350][ T5125]        vma_link+0x2c9/0x540
[   75.139005][ T5125]        insert_vm_struct+0x19f/0x260
[   75.144360][ T5125]        alloc_bprm+0x4d5/0x900
[   75.149199][ T5125]        kernel_execve+0x96/0xa20
[   75.154204][ T5125]        call_usermodehelper_exec_async+0x233/0x370
[   75.160771][ T5125]        ret_from_fork+0x48/0x80
[   75.165686][ T5125]        ret_from_fork_asm+0x11/0x20
[   75.170949][ T5125] 
[   75.170949][ T5125] -> #1 (&mm->mmap_lock){++++}-{3:3}:
[   75.178483][ T5125]        lock_acquire+0x1e3/0x530
[   75.183488][ T5125]        __might_fault+0xc1/0x120
[   75.188499][ T5125]        reiserfs_ioctl+0x125/0x2f0
[   75.193690][ T5125]        __se_sys_ioctl+0xf8/0x170
[   75.198783][ T5125]        do_syscall_64+0x45/0x110
[   75.203789][ T5125]        entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   75.210185][ T5125] 
[   75.210185][ T5125] -> #0 (&sbi->lock){+.+.}-{3:3}:
[   75.217371][ T5125]        validate_chain+0x1909/0x5ab0
[   75.222724][ T5125]        __lock_acquire+0x1345/0x1fd0
[   75.228095][ T5125]        lock_acquire+0x1e3/0x530
[   75.233101][ T5125]        __mutex_lock+0x136/0xd60
[   75.238106][ T5125]        reiserfs_write_lock+0x7a/0xd0
[   75.243550][ T5125]        reiserfs_dirty_inode+0xf2/0x240
[   75.249164][ T5125]        __mark_inode_dirty+0x305/0xda0
[   75.254691][ T5125]        file_update_time+0x39b/0x3e0
[   75.260044][ T5125]        filemap_page_mkwrite+0x27b/0x640
[   75.265744][ T5125]        do_page_mkwrite+0x197/0x470
[   75.271007][ T5125]        do_wp_page+0x1d07/0x4d40
[   75.276011][ T5125]        handle_mm_fault+0x1b1c/0x6680
[   75.281448][ T5125]        exc_page_fault+0x456/0x870
[   75.286625][ T5125]        asm_exc_page_fault+0x26/0x30
[   75.291984][ T5125] 
[   75.291984][ T5125] other info that might help us debug this:
[   75.291984][ T5125] 
[   75.302188][ T5125] Chain exists of:
[   75.302188][ T5125]   &sbi->lock --> &vma->vm_lock->lock --> sb_pagefaults
[   75.302188][ T5125] 
[   75.314939][ T5125]  Possible unsafe locking scenario:
[   75.314939][ T5125] 
[   75.322364][ T5125]        CPU0                    CPU1
[   75.327708][ T5125]        ----                    ----
[   75.333054][ T5125]   rlock(sb_pagefaults);
[   75.337364][ T5125]                                lock(&vma->vm_lock->lock);
[   75.344626][ T5125]                                lock(sb_pagefaults);
[   75.351367][ T5125]   lock(&sbi->lock);
[   75.355354][ T5125] 
[   75.355354][ T5125]  *** DEADLOCK ***
[   75.355354][ T5125] 
[   75.363479][ T5125] 2 locks held by syz-executor940/5125:
[   75.369020][ T5125]  #0: ffff88807a51aec8 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f6/0x6f0
[   75.379264][ T5125]  #1: ffff88807afca510 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x197/0x470
[   75.388727][ T5125] 
[   75.388727][ T5125] stack backtrace:
[   75.394594][ T5125] CPU: 0 PID: 5125 Comm: syz-executor940 Not tainted 6.7.0-rc4-syzkaller #0
[   75.403244][ T5125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[   75.413280][ T5125] Call Trace:
[   75.416543][ T5125]  <TASK>
[   75.419463][ T5125]  dump_stack_lvl+0x1e7/0x2d0
[   75.424128][ T5125]  ? nf_tcp_handle_invalid+0x650/0x650
[   75.429587][ T5125]  ? print_circular_bug+0x12b/0x1a0
[   75.434768][ T5125]  check_noncircular+0x366/0x490
[   75.439688][ T5125]  ? reacquire_held_locks+0x690/0x690
[   75.445046][ T5125]  ? print_deadlock_bug+0x610/0x610
[   75.450224][ T5125]  ? lockdep_lock+0x123/0x2b0
[   75.454883][ T5125]  ? folio_unlock+0x126/0x2f0
[   75.459541][ T5125]  ? reacquire_held_locks+0x690/0x690
[   75.464894][ T5125]  ? _find_first_zero_bit+0xd4/0x100
[   75.470162][ T5125]  validate_chain+0x1909/0x5ab0
[   75.474998][ T5125]  ? validate_chain+0x11c/0x5ab0
[   75.479913][ T5125]  ? __lock_acquire+0x1345/0x1fd0
[   75.484916][ T5125]  ? reacquire_held_locks+0x690/0x690
[   75.490282][ T5125]  ? validate_chain+0x11c/0x5ab0
[   75.495217][ T5125]  ? reacquire_held_locks+0x690/0x690
[   75.500584][ T5125]  ? reacquire_held_locks+0x690/0x690
[   75.505943][ T5125]  ? validate_chain+0x11c/0x5ab0
[   75.510869][ T5125]  ? mark_lock+0x9a/0x350
[   75.515193][ T5125]  __lock_acquire+0x1345/0x1fd0
[   75.520054][ T5125]  lock_acquire+0x1e3/0x530
[   75.524548][ T5125]  ? reiserfs_write_lock+0x7a/0xd0
[   75.529656][ T5125]  ? read_lock_is_recursive+0x20/0x20
[   75.535021][ T5125]  ? __might_sleep+0xe0/0xe0
[   75.539605][ T5125]  __mutex_lock+0x136/0xd60
[   75.544102][ T5125]  ? reiserfs_write_lock+0x7a/0xd0
[   75.549462][ T5125]  ? print_irqtrace_events+0x220/0x220
[   75.554904][ T5125]  ? reiserfs_write_lock+0x7a/0xd0
[   75.560004][ T5125]  ? mutex_lock_nested+0x20/0x20
[   75.564934][ T5125]  ? ktime_get_real_ts64+0x470/0x470
[   75.570206][ T5125]  ? ktime_get_coarse_real_ts64+0x3a/0x120
[   75.576005][ T5125]  ? lockdep_hardirqs_on+0x98/0x140
[   75.581189][ T5125]  reiserfs_write_lock+0x7a/0xd0
[   75.586113][ T5125]  reiserfs_dirty_inode+0xf2/0x240
[   75.591209][ T5125]  ? reiserfs_free_inode+0x30/0x30
[   75.596306][ T5125]  ? current_time+0x1e0/0x2b0
[   75.600964][ T5125]  ? reiserfs_free_inode+0x30/0x30
[   75.606059][ T5125]  __mark_inode_dirty+0x305/0xda0
[   75.611068][ T5125]  file_update_time+0x39b/0x3e0
[   75.615905][ T5125]  filemap_page_mkwrite+0x27b/0x640
[   75.621090][ T5125]  ? do_page_mkwrite+0x197/0x470
[   75.626015][ T5125]  do_page_mkwrite+0x197/0x470
[   75.630760][ T5125]  do_wp_page+0x1d07/0x4d40
[   75.635247][ T5125]  ? folio_put+0xc0/0xc0
[   75.639470][ T5125]  ? read_lock_is_recursive+0x20/0x20
[   75.644828][ T5125]  ? do_raw_spin_lock+0x14e/0x370
[   75.649836][ T5125]  ? __lock_acquire+0x1345/0x1fd0
[   75.654844][ T5125]  handle_mm_fault+0x1b1c/0x6680
[   75.659767][ T5125]  ? handle_mm_fault+0x11d/0x6680
[   75.664792][ T5125]  ? numa_migrate_prep+0x260/0x260
[   75.669884][ T5125]  ? mtree_range_walk+0x6a0/0x7e0
[   75.674892][ T5125]  ? lock_vma_under_rcu+0x187/0x6f0
[   75.680071][ T5125]  ? __lock_acquire+0x1fd0/0x1fd0
[   75.685075][ T5125]  ? lock_vma_under_rcu+0x2f6/0x6f0
[   75.690273][ T5125]  ? lock_vma_under_rcu+0x5df/0x6f0
[   75.695450][ T5125]  ? lock_vma_under_rcu+0x187/0x6f0
[   75.700633][ T5125]  ? exc_page_fault+0x110/0x870
[   75.705461][ T5125]  exc_page_fault+0x456/0x870
[   75.710118][ T5125]  asm_exc_page_fault+0x26/0x30
[   75.714950][ T5125] RIP: 0033:0x7f97996f8e64
[   75.719349][ T5125] Code: 8b 0d d0 d2 0a 00 50 be 00 00 00 20 bf 09 00 00 00 31 c0 48 b9 92 c1 2b 12 ad e3 88 80 6a 00 e8 b2 43 03 00 31 d2 31 c9 31 f6 <89> 14 25 04 01 00 20 bf a9 01 00 00 31 c0 89 14 25 08 01 00 20 89
[   75.738938][ T5125] RSP: 002b:00007ffdadc34f70 EFLAGS: 00010246
[pid  5125] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5125] exit_group(0)               = ?
[pid  5125] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[   75.744992][ T5125] RAX: 0000000020000000 RBX: 0000000000000003 RCX: 0000000000000000
[   75.752945][ T5125] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[   75.760897][ T5125] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000000
[   75.768846][ T5125] R10: 0000000004002011 R11: 0000000000000246 R12: 00007ffdadc34f9c
[   75.776798][ T5125] R13: 0000000000000022 R14: 431bde82d7b634db R15: 00007ffdadc34fd0
[   75.784772][ T5125]  </TASK>
unlink("./34/binderfs")                 = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./34/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./34")                           = 0
mkdir("./35", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555fe2650) = 5127
./strace-static-x86_64: Process 5127 attached
[pid  5127] set_robust_list(0x555555fe2660, 24) = 0
[pid  5127] chdir("./35")               = 0
[pid  5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5127] setpgid(0, 0)               = 0
[pid  5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5127] write(3, "1000", 4)         = 4
[pid  5127] close(3)                    = 0
[pid  5127] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5127] memfd_create("syzkaller", 0) = 3
[pid  5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5127] munmap(0x7f97912ee000, 138412032) = 0
[pid  5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5127] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5127] close(3)                    = 0
[pid  5127] mkdir("./file0", 0777)      = 0
[   76.096192][ T5127] loop0: detected capacity change from 0 to 8192
[   76.109998][ T5127] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   76.123014][ T5127] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   76.132221][ T5127] REISERFS (device loop0): using ordered data mode
[   76.138743][ T5127] reiserfs: using flush barriers
[pid  5127] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5127] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5127] chdir("./file0")            = 0
[pid  5127] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5127] close(4)                    = 0
[pid  5127] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5127] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[   76.144585][ T5127] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   76.160873][ T5127] REISERFS (device loop0): checking transaction log (loop0)
[   76.169011][ T5127] REISERFS (device loop0): Using tea hash to sort names
[   76.176191][ T5127] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5127] ftruncate(5, 33587195)      = 0
[pid  5127] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5127] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5127] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5127] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5127] exit_group(0)               = ?
[pid  5127] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs")                 = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./35/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./35")                           = 0
mkdir("./36", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5129 attached
, child_tidptr=0x555555fe2650) = 5129
[pid  5129] set_robust_list(0x555555fe2660, 24) = 0
[pid  5129] chdir("./36")               = 0
[pid  5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5129] setpgid(0, 0)               = 0
[pid  5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5129] write(3, "1000", 4)         = 4
[pid  5129] close(3)                    = 0
[pid  5129] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5129] memfd_create("syzkaller", 0) = 3
[pid  5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5129] munmap(0x7f97912ee000, 138412032) = 0
[pid  5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5129] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5129] close(3)                    = 0
[pid  5129] mkdir("./file0", 0777)      = 0
[   76.579339][ T5129] loop0: detected capacity change from 0 to 8192
[   76.602964][ T5129] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   76.615954][ T5129] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[pid  5129] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5129] chdir("./file0")            = 0
[pid  5129] ioctl(4, LOOP_CLR_FD)       = 0
[   76.625158][ T5129] REISERFS (device loop0): using ordered data mode
[   76.631644][ T5129] reiserfs: using flush barriers
[   76.637555][ T5129] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   76.653899][ T5129] REISERFS (device loop0): checking transaction log (loop0)
[   76.661856][ T5129] REISERFS (device loop0): Using tea hash to sort names
[   76.669192][ T5129] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5129] close(4)                    = 0
[pid  5129] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5129] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5129] ftruncate(5, 33587195)      = 0
[pid  5129] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5129] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5129] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5129] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5129] exit_group(0)               = ?
[pid  5129] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   76.743481][    T9] cfg80211: failed to load regulatory.db
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs")                 = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./36/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./36")                           = 0
mkdir("./37", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5131 attached
 <unfinished ...>
[pid  5131] set_robust_list(0x555555fe2660, 24) = 0
[pid  5131] chdir("./37")               = 0
[pid  5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5131] setpgid(0, 0)               = 0
[pid  5054] <... clone resumed>, child_tidptr=0x555555fe2650) = 5131
[pid  5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5131] write(3, "1000", 4)         = 4
[pid  5131] close(3)                    = 0
[pid  5131] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5131] memfd_create("syzkaller", 0) = 3
[pid  5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5131] munmap(0x7f97912ee000, 138412032) = 0
[pid  5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5131] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5131] close(3)                    = 0
[pid  5131] mkdir("./file0", 0777)      = 0
[   76.988312][ T5131] loop0: detected capacity change from 0 to 8192
[   77.001669][ T5131] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   77.014680][ T5131] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   77.024001][ T5131] REISERFS (device loop0): using ordered data mode
[   77.030512][ T5131] reiserfs: using flush barriers
[pid  5131] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5131] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5131] chdir("./file0")            = 0
[pid  5131] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5131] close(4)                    = 0
[pid  5131] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5131] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[   77.036548][ T5131] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   77.052979][ T5131] REISERFS (device loop0): checking transaction log (loop0)
[   77.060969][ T5131] REISERFS (device loop0): Using tea hash to sort names
[   77.068258][ T5131] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5131] ftruncate(5, 33587195)      = 0
[pid  5131] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5131] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5131] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5131] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5131] exit_group(0)               = ?
[pid  5131] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} ---
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs")                 = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./37/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./37")                           = 0
mkdir("./38", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5133 attached
, child_tidptr=0x555555fe2650) = 5133
[pid  5133] set_robust_list(0x555555fe2660, 24) = 0
[pid  5133] chdir("./38")               = 0
[pid  5133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5133] setpgid(0, 0)               = 0
[pid  5133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5133] write(3, "1000", 4)         = 4
[pid  5133] close(3)                    = 0
[pid  5133] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5133] memfd_create("syzkaller", 0) = 3
[pid  5133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5133] munmap(0x7f97912ee000, 138412032) = 0
[pid  5133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5133] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5133] close(3)                    = 0
[pid  5133] mkdir("./file0", 0777)      = 0
[   77.557402][ T5133] loop0: detected capacity change from 0 to 8192
[   77.566278][ T5133] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   77.579248][ T5133] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   77.588553][ T5133] REISERFS (device loop0): using ordered data mode
[   77.595114][ T5133] reiserfs: using flush barriers
[pid  5133] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5133] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5133] chdir("./file0")            = 0
[pid  5133] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5133] close(4)                    = 0
[pid  5133] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[pid  5133] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5133] ftruncate(5, 33587195)      = 0
[pid  5133] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5133] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   77.600837][ T5133] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   77.617271][ T5133] REISERFS (device loop0): checking transaction log (loop0)
[   77.625191][ T5133] REISERFS (device loop0): Using tea hash to sort names
[   77.632330][ T5133] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5133] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5133] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5133] exit_group(0)               = ?
[pid  5133] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5133, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} ---
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs")                 = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./38/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./38")                           = 0
mkdir("./39", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5135 attached
, child_tidptr=0x555555fe2650) = 5135
[pid  5135] set_robust_list(0x555555fe2660, 24) = 0
[pid  5135] chdir("./39")               = 0
[pid  5135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5135] setpgid(0, 0)               = 0
[pid  5135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5135] write(3, "1000", 4)         = 4
[pid  5135] close(3)                    = 0
[pid  5135] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5135] memfd_create("syzkaller", 0) = 3
[pid  5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f97912ee000
[pid  5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5135] munmap(0x7f97912ee000, 138412032) = 0
[pid  5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5135] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5135] close(3)                    = 0
[pid  5135] mkdir("./file0", 0777)      = 0
[   78.046261][ T5135] loop0: detected capacity change from 0 to 8192
[   78.060604][ T5135] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   78.073648][ T5135] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   78.082805][ T5135] REISERFS (device loop0): using ordered data mode
[   78.089337][ T5135] reiserfs: using flush barriers
[pid  5135] mount("/dev/loop0", "./file0", "reiserfs", MS_NODEV|MS_NOEXEC|MS_SILENT, "") = 0
[pid  5135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5135] chdir("./file0")            = 0
[pid  5135] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5135] close(4)                    = 0
[pid  5135] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_NOATIME, 000) = 4
[   78.095238][ T5135] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   78.111664][ T5135] REISERFS (device loop0): checking transaction log (loop0)
[   78.119700][ T5135] REISERFS (device loop0): Using tea hash to sort names
[   78.127105][ T5135] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5135] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000) = 5
[pid  5135] ftruncate(5, 33587195)      = 0
[pid  5135] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 6
[pid  5135] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5135] mmap(0x20000000, 6291456, PROT_WRITE|PROT_GROWSUP|0x8088e3ad102bc190, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 6, 0) = 0x20000000
[pid  5135] io_uring_setup(0, 0x20000100) = -1 EINVAL (Invalid argument)
[pid  5135] exit_group(0)               = ?
[pid  5135] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5135, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555fe36f0 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs")                 = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555555feb730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555feb730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./39/file0")                     = 0
getdents64(3, 0x555555fe36f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./39")                           = 0
mkdir("./40", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached
, child_tidptr=0x555555fe2650) = 5137
[pid  5137] set_robust_list(0x555555fe2660, 24) = 0
[pid  5137] chdir("./40")               = 0
[pid  5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5137] setpgid(0, 0)               = 0
[pid  5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5137] write(3, "1000", 4)         = 4
[pid  5137] close(3)                    = 0
[pid  5137] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5137] memfd_create("syzkaller", 0) = 3