./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor547417957 <...> DUID 00:04:f8:b5:8a:47:ae:09:95:3a:43:2d:d7:42:86:31:94:89 forked to background, child pid 4645 [ 31.130399][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.144255][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts. execve("./syz-executor547417957", ["./syz-executor547417957"], 0x7ffdf7c5d2b0 /* 10 vars */) = 0 brk(NULL) = 0x555556c08000 brk(0x555556c08d40) = 0x555556c08d40 arch_prctl(ARCH_SET_FS, 0x555556c08400) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556c086d0) = 5067 set_robust_list(0x555556c086e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f18a9dc9ea0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f18a9dc93f0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f18a9dc9f40, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f18a9dc93f0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor547417957", 4096) = 27 brk(0x555556c29d40) = 0x555556c29d40 brk(0x555556c2a000) = 0x555556c2a000 mprotect(0x7f18a9e8c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=704, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5067}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1c\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x26\x00\x00\x00\x48\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 704 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5067}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 access("/proc/net", R_OK) = 0 access("/proc/net/unix", R_OK) = 0 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5067}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5067}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5067}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5067}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5067}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f18a9dc3370, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f18a9dc93f0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f18a9dc3370, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f18a9dc93f0}, NULL, 8) = 0 getpid() = 5067 mkdir("./syzkaller.vtEFZj", 0700) = 0 chmod("./syzkaller.vtEFZj", 0777) = 0 chdir("./syzkaller.vtEFZj") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5069 attached , child_tidptr=0x555556c086d0) = 5069 [pid 5069] set_robust_list(0x555556c086e0, 24) = 0 [pid 5069] chdir("./0") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5069] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5070], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5070 [pid 5069] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5070 attached [pid 5070] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5070] memfd_create("syzkaller", 0) = 3 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5070] munmap(0x7f18a1998000, 4194304) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5070] close(3) = 0 [pid 5070] mkdir("./file0", 0777) = 0 syzkaller login: [ 56.538989][ T5070] loop0: detected capacity change from 0 to 8192 [ 56.551833][ T5070] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 56.564992][ T5070] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 56.574769][ T5070] REISERFS (device loop0): using ordered data mode [ 56.581342][ T5070] reiserfs: using flush barriers [ 56.588363][ T5070] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 56.604790][ T5070] REISERFS (device loop0): checking transaction log (loop0) [pid 5070] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5070] chdir("./file0") = 0 [pid 5070] ioctl(4, LOOP_CLR_FD) = 0 [pid 5070] close(4) = 0 [pid 5070] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5070] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5069] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... openat resumed>) = 4 [pid 5070] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5069] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5070] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5069] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... mmap resumed>) = 0x20000000 [pid 5070] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5070] ioctl(4, FS_IOC_GETVERSION [pid 5069] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5069] <... futex resumed>) = 0 [pid 5070] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] exit_group(0 [pid 5070] <... futex resumed>) = ? [pid 5069] <... exit_group resumed>) = ? [pid 5070] +++ exited with 0 +++ [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 56.653622][ T5070] REISERFS (device loop0): Using r5 hash to sort names [ 56.661318][ T5070] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5074 ./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x555556c086e0, 24) = 0 [pid 5074] chdir("./1") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5074] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5075], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5075 [pid 5074] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5075 attached [pid 5075] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5075] munmap(0x7f18a1998000, 4194304) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file0", 0777) = 0 [ 56.820589][ T5075] loop0: detected capacity change from 0 to 8192 [ 56.831840][ T5075] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 56.844922][ T5075] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 56.854291][ T5075] REISERFS (device loop0): using ordered data mode [ 56.860805][ T5075] reiserfs: using flush barriers [ 56.866781][ T5075] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 56.883117][ T5075] REISERFS (device loop0): checking transaction log (loop0) [pid 5075] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file0") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 1 [pid 5075] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5075] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 1 [pid 5075] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5075] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 1 [pid 5075] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5075] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5074] exit_group(0) = ? [pid 5075] <... futex resumed>) = ? [pid 5075] +++ exited with 0 +++ [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 56.930609][ T5075] REISERFS (device loop0): Using r5 hash to sort names [ 56.938109][ T5075] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached [pid 5077] set_robust_list(0x555556c086e0, 24) = 0 [pid 5077] chdir("./2") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5077] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555556c086d0) = 5077 [pid 5077] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5078], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5078 [pid 5077] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5078] memfd_create("syzkaller", 0) = 3 [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5078] munmap(0x7f18a1998000, 4194304) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5078] close(3) = 0 [pid 5078] mkdir("./file0", 0777) = 0 [ 57.082727][ T5078] loop0: detected capacity change from 0 to 8192 [ 57.094242][ T5078] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 57.107406][ T5078] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 57.116957][ T5078] REISERFS (device loop0): using ordered data mode [ 57.123681][ T5078] reiserfs: using flush barriers [ 57.129359][ T5078] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 57.145938][ T5078] REISERFS (device loop0): checking transaction log (loop0) [pid 5078] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5078] chdir("./file0") = 0 [pid 5078] ioctl(4, LOOP_CLR_FD) = 0 [pid 5078] close(4) = 0 [pid 5078] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... futex resumed>) = 0 [pid 5078] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5078] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5078] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5078] <... futex resumed>) = 1 [pid 5078] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5078] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5077] exit_group(0) = ? [pid 5078] <... futex resumed>) = ? [pid 5078] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 57.194742][ T5078] REISERFS (device loop0): Using r5 hash to sort names [ 57.201801][ T5078] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 5080] set_robust_list(0x555556c086e0, 24) = 0 [pid 5080] chdir("./3") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5080] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5081], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5081 [pid 5080] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5081] munmap(0x7f18a1998000, 4194304) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./file0", 0777) = 0 [ 57.345516][ T5081] loop0: detected capacity change from 0 to 8192 [ 57.356352][ T5081] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 57.369375][ T5081] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 57.378746][ T5081] REISERFS (device loop0): using ordered data mode [ 57.385416][ T5081] reiserfs: using flush barriers [ 57.391123][ T5081] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 57.407612][ T5081] REISERFS (device loop0): checking transaction log (loop0) [pid 5081] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./file0") = 0 [pid 5081] ioctl(4, LOOP_CLR_FD) = 0 [pid 5081] close(4) = 0 [pid 5081] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5081] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5080] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5081] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5081] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5080] exit_group(0) = ? [pid 5081] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 57.455051][ T5081] REISERFS (device loop0): Using r5 hash to sort names [ 57.462731][ T5081] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x555556c086e0, 24) = 0 [pid 5083] chdir("./4" [pid 5067] <... clone resumed>, child_tidptr=0x555556c086d0) = 5083 [pid 5083] <... chdir resumed>) = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5083] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5083] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5084 attached , parent_tid=[5084], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5084 [pid 5083] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5084] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5084] memfd_create("syzkaller", 0) = 3 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5084] munmap(0x7f18a1998000, 4194304) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5084] close(3) = 0 [pid 5084] mkdir("./file0", 0777) = 0 [ 57.618749][ T5084] loop0: detected capacity change from 0 to 8192 [ 57.630009][ T5084] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 57.643091][ T5084] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 57.652556][ T5084] REISERFS (device loop0): using ordered data mode [ 57.659161][ T5084] reiserfs: using flush barriers [ 57.665195][ T5084] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 57.681522][ T5084] REISERFS (device loop0): checking transaction log (loop0) [pid 5084] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5084] chdir("./file0") = 0 [pid 5084] ioctl(4, LOOP_CLR_FD) = 0 [pid 5084] close(4) = 0 [pid 5084] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 1 [pid 5084] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5084] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 1 [pid 5084] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5084] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... futex resumed>) = 1 [pid 5084] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5084] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5083] exit_group(0) = ? [pid 5084] <... futex resumed>) = ? [pid 5084] +++ exited with 0 +++ [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 57.728517][ T5084] REISERFS (device loop0): Using r5 hash to sort names [ 57.735969][ T5084] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5086 ./strace-static-x86_64: Process 5086 attached [pid 5086] set_robust_list(0x555556c086e0, 24) = 0 [pid 5086] chdir("./5") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5086] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5087 attached , parent_tid=[5087], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5087 [pid 5087] set_robust_list(0x7f18a9db89e0, 24 [pid 5086] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... set_robust_list resumed>) = 0 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5087] memfd_create("syzkaller", 0) = 3 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5087] munmap(0x7f18a1998000, 4194304) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./file0", 0777) = 0 [ 57.879583][ T5087] loop0: detected capacity change from 0 to 8192 [ 57.891531][ T5087] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 57.908649][ T5087] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 57.917894][ T5087] REISERFS (device loop0): using ordered data mode [ 57.924443][ T5087] reiserfs: using flush barriers [ 57.930332][ T5087] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 57.946791][ T5087] REISERFS (device loop0): checking transaction log (loop0) [pid 5087] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5087] chdir("./file0") = 0 [pid 5087] ioctl(4, LOOP_CLR_FD) = 0 [pid 5087] close(4) = 0 [pid 5087] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5087] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5087] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5087] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5086] exit_group(0) = ? [pid 5087] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 57.988537][ T5087] REISERFS (device loop0): Using r5 hash to sort names [ 57.995694][ T5087] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5089 ./strace-static-x86_64: Process 5089 attached [pid 5089] set_robust_list(0x555556c086e0, 24) = 0 [pid 5089] chdir("./6") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5089] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5089] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5090 attached , parent_tid=[5090], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5090 [pid 5090] set_robust_list(0x7f18a9db89e0, 24 [pid 5089] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... set_robust_list resumed>) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5090] memfd_create("syzkaller", 0) = 3 [pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5090] munmap(0x7f18a1998000, 4194304) = 0 [pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5090] close(3) = 0 [pid 5090] mkdir("./file0", 0777) = 0 [ 58.150874][ T5090] loop0: detected capacity change from 0 to 8192 [ 58.161209][ T5090] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 58.174410][ T5090] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 58.183668][ T5090] REISERFS (device loop0): using ordered data mode [ 58.190179][ T5090] reiserfs: using flush barriers [ 58.196020][ T5090] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 58.212519][ T5090] REISERFS (device loop0): checking transaction log (loop0) [pid 5090] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5090] chdir("./file0") = 0 [pid 5090] ioctl(4, LOOP_CLR_FD) = 0 [pid 5090] close(4) = 0 [pid 5090] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5090] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5089] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5090] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5090] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5089] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5090] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5089] <... futex resumed>) = 0 [pid 5090] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] exit_group(0) = ? [pid 5090] <... futex resumed>) = ? [pid 5090] +++ exited with 0 +++ [pid 5089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 58.260287][ T5090] REISERFS (device loop0): Using r5 hash to sort names [ 58.267799][ T5090] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5092 ./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x555556c086e0, 24) = 0 [pid 5092] chdir("./7") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5092] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5093] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... clone resumed>, parent_tid=[5093], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5093 [pid 5092] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = 1 [pid 5093] memfd_create("syzkaller", 0) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5092] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5093] munmap(0x7f18a1998000, 4194304) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] mkdir("./file0", 0777) = 0 [ 58.428781][ T5093] loop0: detected capacity change from 0 to 8192 [ 58.439107][ T5093] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 58.452244][ T5093] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 58.461610][ T5093] REISERFS (device loop0): using ordered data mode [ 58.468213][ T5093] reiserfs: using flush barriers [ 58.474240][ T5093] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 58.490621][ T5093] REISERFS (device loop0): checking transaction log (loop0) [pid 5093] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./file0") = 0 [pid 5093] ioctl(4, LOOP_CLR_FD) = 0 [pid 5093] close(4) = 0 [pid 5093] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5092] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... openat resumed>) = 4 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5093] <... futex resumed>) = 1 [pid 5092] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5092] <... futex resumed>) = 0 [pid 5093] <... mmap resumed>) = 0x20000000 [pid 5092] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5092] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 1 [pid 5093] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5093] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] exit_group(0 [pid 5093] <... futex resumed>) = ? [pid 5092] <... exit_group resumed>) = ? [pid 5093] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 [ 58.531111][ T5093] REISERFS (device loop0): Using r5 hash to sort names [ 58.538212][ T5093] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5095 ./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x555556c086e0, 24) = 0 [pid 5095] chdir("./8") = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5095] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5095] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5095] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5096 attached , parent_tid=[5096], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5096 [pid 5096] set_robust_list(0x7f18a9db89e0, 24 [pid 5095] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... set_robust_list resumed>) = 0 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5096] memfd_create("syzkaller", 0) = 3 [pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5096] munmap(0x7f18a1998000, 4194304) = 0 [pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5096] close(3) = 0 [pid 5096] mkdir("./file0", 0777) = 0 [ 58.676950][ T5096] loop0: detected capacity change from 0 to 8192 [ 58.687128][ T5096] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 58.700191][ T5096] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 58.709478][ T5096] REISERFS (device loop0): using ordered data mode [ 58.716010][ T5096] reiserfs: using flush barriers [ 58.721728][ T5096] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 58.738205][ T5096] REISERFS (device loop0): checking transaction log (loop0) [pid 5096] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5096] chdir("./file0") = 0 [pid 5096] ioctl(4, LOOP_CLR_FD) = 0 [pid 5096] close(4) = 0 [pid 5096] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... futex resumed>) = 1 [pid 5096] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5096] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... futex resumed>) = 1 [pid 5096] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5096] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... futex resumed>) = 1 [pid 5096] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5096] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] <... futex resumed>) = 0 [pid 5095] exit_group(0) = ? [pid 5096] <... futex resumed>) = ? [pid 5096] +++ exited with 0 +++ [pid 5095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 [ 58.785306][ T5096] REISERFS (device loop0): Using r5 hash to sort names [ 58.792539][ T5096] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5098 ./strace-static-x86_64: Process 5098 attached [pid 5098] set_robust_list(0x555556c086e0, 24) = 0 [pid 5098] chdir("./9") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5098] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5099], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5099 [pid 5098] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5099] memfd_create("syzkaller", 0) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5099] munmap(0x7f18a1998000, 4194304) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] mkdir("./file0", 0777) = 0 [ 58.936023][ T5099] loop0: detected capacity change from 0 to 8192 [ 58.947314][ T5099] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 58.960600][ T5099] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 58.969968][ T5099] REISERFS (device loop0): using ordered data mode [ 58.976689][ T5099] reiserfs: using flush barriers [ 58.982841][ T5099] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 58.999324][ T5099] REISERFS (device loop0): checking transaction log (loop0) [pid 5099] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./file0") = 0 [pid 5099] ioctl(4, LOOP_CLR_FD) = 0 [pid 5099] close(4) = 0 [pid 5099] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 1 [pid 5099] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5099] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 1 [pid 5099] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5099] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... futex resumed>) = 1 [pid 5099] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5099] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5098] exit_group(0) = ? [pid 5099] <... futex resumed>) = ? [pid 5099] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 59.049675][ T5099] REISERFS (device loop0): Using r5 hash to sort names [ 59.057294][ T5099] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5101 ./strace-static-x86_64: Process 5101 attached [pid 5101] set_robust_list(0x555556c086e0, 24) = 0 [pid 5101] chdir("./10") = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5101] setpgid(0, 0) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5101] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5101] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5102 attached , parent_tid=[5102], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5102 [pid 5102] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5102] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5101] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5102] memfd_create("syzkaller", 0) = 3 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5102] munmap(0x7f18a1998000, 4194304) = 0 [pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5102] close(3) = 0 [pid 5102] mkdir("./file0", 0777) = 0 [ 59.212633][ T5102] loop0: detected capacity change from 0 to 8192 [ 59.223049][ T5102] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 59.236046][ T5102] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 59.245289][ T5102] REISERFS (device loop0): using ordered data mode [ 59.251803][ T5102] reiserfs: using flush barriers [ 59.257839][ T5102] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 59.274326][ T5102] REISERFS (device loop0): checking transaction log (loop0) [pid 5102] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5102] chdir("./file0") = 0 [pid 5102] ioctl(4, LOOP_CLR_FD) = 0 [pid 5102] close(4) = 0 [pid 5102] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = 0 [pid 5102] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5102] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = 1 [pid 5102] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5102] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5101] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = 1 [pid 5102] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5102] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5101] exit_group(0) = ? [pid 5102] <... futex resumed>) = ? [pid 5102] +++ exited with 0 +++ [pid 5101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 [ 59.316039][ T5102] REISERFS (device loop0): Using r5 hash to sort names [ 59.323403][ T5102] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached , child_tidptr=0x555556c086d0) = 5104 [pid 5104] set_robust_list(0x555556c086e0, 24) = 0 [pid 5104] chdir("./11") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5104] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5105 attached , parent_tid=[5105], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5105 [pid 5104] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5105] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5105] memfd_create("syzkaller", 0) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5105] munmap(0x7f18a1998000, 4194304) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] mkdir("./file0", 0777) = 0 [ 59.471761][ T5105] loop0: detected capacity change from 0 to 8192 [ 59.482102][ T5105] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 59.495354][ T5105] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 59.504852][ T5105] REISERFS (device loop0): using ordered data mode [ 59.511378][ T5105] reiserfs: using flush barriers [ 59.517316][ T5105] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 59.533924][ T5105] REISERFS (device loop0): checking transaction log (loop0) [pid 5105] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./file0") = 0 [pid 5105] ioctl(4, LOOP_CLR_FD) = 0 [pid 5105] close(4) = 0 [pid 5105] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 1 [pid 5105] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5105] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 1 [pid 5105] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5105] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 1 [pid 5105] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5105] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5104] exit_group(0) = ? [pid 5105] <... futex resumed>) = ? [pid 5105] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 59.583243][ T5105] REISERFS (device loop0): Using r5 hash to sort names [ 59.590514][ T5105] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5107 ./strace-static-x86_64: Process 5107 attached [pid 5107] set_robust_list(0x555556c086e0, 24) = 0 [pid 5107] chdir("./12") = 0 [pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5107] setpgid(0, 0) = 0 [pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5107] write(3, "1000", 4) = 4 [pid 5107] close(3) = 0 [pid 5107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5107] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5107] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5107] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5108 attached , parent_tid=[5108], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5108 [pid 5108] set_robust_list(0x7f18a9db89e0, 24 [pid 5107] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5108] memfd_create("syzkaller", 0 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5108] <... memfd_create resumed>) = 3 [pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5108] munmap(0x7f18a1998000, 4194304) = 0 [pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5108] close(3) = 0 [pid 5108] mkdir("./file0", 0777) = 0 [ 59.745035][ T5108] loop0: detected capacity change from 0 to 8192 [ 59.756074][ T5108] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 59.769126][ T5108] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 59.778414][ T5108] REISERFS (device loop0): using ordered data mode [ 59.784943][ T5108] reiserfs: using flush barriers [ 59.790871][ T5108] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 59.807722][ T5108] REISERFS (device loop0): checking transaction log (loop0) [pid 5108] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5108] chdir("./file0") = 0 [pid 5108] ioctl(4, LOOP_CLR_FD) = 0 [pid 5108] close(4) = 0 [pid 5108] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... futex resumed>) = 1 [pid 5108] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5108] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... futex resumed>) = 1 [pid 5108] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5108] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5107] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] <... futex resumed>) = 1 [pid 5108] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5108] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... futex resumed>) = 0 [pid 5107] exit_group(0) = ? [pid 5108] <... futex resumed>) = ? [pid 5108] +++ exited with 0 +++ [pid 5107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 59.855792][ T5108] REISERFS (device loop0): Using r5 hash to sort names [ 59.863269][ T5108] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5110 ./strace-static-x86_64: Process 5110 attached [pid 5110] set_robust_list(0x555556c086e0, 24) = 0 [pid 5110] chdir("./13") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5110] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5111], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5111 ./strace-static-x86_64: Process 5111 attached [pid 5110] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5111] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5111] munmap(0x7f18a1998000, 4194304) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] mkdir("./file0", 0777) = 0 [ 60.017157][ T5111] loop0: detected capacity change from 0 to 8192 [ 60.026779][ T5111] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 60.040292][ T5111] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 60.049944][ T5111] REISERFS (device loop0): using ordered data mode [ 60.056548][ T5111] reiserfs: using flush barriers [ 60.062601][ T5111] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 60.078976][ T5111] REISERFS (device loop0): checking transaction log (loop0) [pid 5111] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./file0") = 0 [pid 5111] ioctl(4, LOOP_CLR_FD) = 0 [pid 5111] close(4) = 0 [pid 5111] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5111] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5111] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... futex resumed>) = 1 [pid 5111] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5111] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5110] exit_group(0) = ? [pid 5111] <... futex resumed>) = ? [pid 5111] +++ exited with 0 +++ [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 60.126203][ T5111] REISERFS (device loop0): Using r5 hash to sort names [ 60.133323][ T5111] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5113 ./strace-static-x86_64: Process 5113 attached [pid 5113] set_robust_list(0x555556c086e0, 24) = 0 [pid 5113] chdir("./14") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5113] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5114 attached , parent_tid=[5114], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5114 [pid 5114] set_robust_list(0x7f18a9db89e0, 24 [pid 5113] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... set_robust_list resumed>) = 0 [pid 5113] <... futex resumed>) = 0 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5113] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5114] munmap(0x7f18a1998000, 4194304) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] mkdir("./file0", 0777) = 0 [ 60.289726][ T5114] loop0: detected capacity change from 0 to 8192 [ 60.300457][ T5114] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 60.313498][ T5114] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 60.322693][ T5114] REISERFS (device loop0): using ordered data mode [ 60.329183][ T5114] reiserfs: using flush barriers [ 60.335253][ T5114] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 60.351856][ T5114] REISERFS (device loop0): checking transaction log (loop0) [pid 5114] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./file0") = 0 [pid 5114] ioctl(4, LOOP_CLR_FD) = 0 [pid 5114] close(4) = 0 [pid 5114] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = 1 [pid 5114] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5114] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = 1 [pid 5114] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5114] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... futex resumed>) = 1 [pid 5114] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5114] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] exit_group(0) = ? [pid 5114] <... futex resumed>) = ? [pid 5114] +++ exited with 0 +++ [pid 5113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 60.399105][ T5114] REISERFS (device loop0): Using r5 hash to sort names [ 60.406477][ T5114] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5116 ./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x555556c086e0, 24) = 0 [pid 5116] chdir("./15") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5116] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5117 attached [pid 5117] set_robust_list(0x7f18a9db89e0, 24 [pid 5116] <... clone resumed>, parent_tid=[5117], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5117 [pid 5117] <... set_robust_list resumed>) = 0 [pid 5116] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] memfd_create("syzkaller", 0 [pid 5116] <... futex resumed>) = 0 [pid 5117] <... memfd_create resumed>) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5116] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5117] munmap(0x7f18a1998000, 4194304) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./file0", 0777) = 0 [ 60.568195][ T5117] loop0: detected capacity change from 0 to 8192 [ 60.579150][ T5117] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 60.592145][ T5117] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 60.601292][ T5117] REISERFS (device loop0): using ordered data mode [ 60.608071][ T5117] reiserfs: using flush barriers [ 60.614068][ T5117] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 60.630745][ T5117] REISERFS (device loop0): checking transaction log (loop0) [pid 5117] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] chdir("./file0") = 0 [pid 5117] ioctl(4, LOOP_CLR_FD) = 0 [pid 5117] close(4) = 0 [pid 5117] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = 1 [pid 5117] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5117] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = 1 [pid 5117] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5117] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = 1 [pid 5117] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5117] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] exit_group(0) = ? [pid 5117] <... futex resumed>) = ? [pid 5117] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 60.677895][ T5117] REISERFS (device loop0): Using r5 hash to sort names [ 60.684986][ T5117] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5119 ./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x555556c086e0, 24) = 0 [pid 5119] chdir("./16") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5119] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5120 attached , parent_tid=[5120], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5120 [pid 5119] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5120] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5120] memfd_create("syzkaller", 0) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5120] munmap(0x7f18a1998000, 4194304) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file0", 0777) = 0 [ 60.837735][ T5120] loop0: detected capacity change from 0 to 8192 [ 60.848731][ T5120] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 60.862043][ T5120] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 60.871285][ T5120] REISERFS (device loop0): using ordered data mode [ 60.878041][ T5120] reiserfs: using flush barriers [ 60.884265][ T5120] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 60.900814][ T5120] REISERFS (device loop0): checking transaction log (loop0) [pid 5120] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file0") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [pid 5120] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 1 [pid 5120] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5120] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 1 [pid 5120] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5120] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... futex resumed>) = 1 [pid 5120] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5120] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5119] exit_group(0) = ? [pid 5120] <... futex resumed>) = ? [pid 5120] +++ exited with 0 +++ [pid 5119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 60.943184][ T5120] REISERFS (device loop0): Using r5 hash to sort names [ 60.950254][ T5120] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5122 ./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x555556c086e0, 24) = 0 [pid 5122] chdir("./17") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5122] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5123], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5123 [pid 5122] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5123 attached [pid 5123] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5123] memfd_create("syzkaller", 0) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5123] munmap(0x7f18a1998000, 4194304) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] mkdir("./file0", 0777) = 0 [ 61.105405][ T5123] loop0: detected capacity change from 0 to 8192 [ 61.115519][ T5123] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 61.128546][ T5123] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 61.138026][ T5123] REISERFS (device loop0): using ordered data mode [ 61.144724][ T5123] reiserfs: using flush barriers [ 61.150500][ T5123] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 61.167182][ T5123] REISERFS (device loop0): checking transaction log (loop0) [pid 5123] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./file0") = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5123] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5123] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5123] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] exit_group(0) = ? [pid 5123] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 61.225258][ T5123] REISERFS (device loop0): Using r5 hash to sort names [ 61.232374][ T5123] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5125 ./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x555556c086e0, 24) = 0 [pid 5125] chdir("./18") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5125] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5126], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5126 [pid 5125] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5126 attached [pid 5126] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5126] munmap(0x7f18a1998000, 4194304) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file0", 0777) = 0 [ 61.390556][ T5126] loop0: detected capacity change from 0 to 8192 [ 61.401923][ T5126] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 61.414998][ T5126] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 61.424279][ T5126] REISERFS (device loop0): using ordered data mode [ 61.430793][ T5126] reiserfs: using flush barriers [ 61.436819][ T5126] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 61.453169][ T5126] REISERFS (device loop0): checking transaction log (loop0) [pid 5126] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file0") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... openat resumed>) = 4 [pid 5126] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 0 [pid 5126] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5126] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... futex resumed>) = 1 [pid 5126] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5126] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] exit_group(0) = ? [pid 5126] <... futex resumed>) = ? [pid 5126] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 61.500126][ T5126] REISERFS (device loop0): Using r5 hash to sort names [ 61.507253][ T5126] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5128 ./strace-static-x86_64: Process 5128 attached [pid 5128] set_robust_list(0x555556c086e0, 24) = 0 [pid 5128] chdir("./19") = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5128] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5129 attached , parent_tid=[5129], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5129 [pid 5128] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5129] memfd_create("syzkaller", 0) = 3 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5129] munmap(0x7f18a1998000, 4194304) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] mkdir("./file0", 0777) = 0 [ 61.657355][ T5129] loop0: detected capacity change from 0 to 8192 [ 61.667213][ T5129] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 61.680255][ T5129] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 61.689566][ T5129] REISERFS (device loop0): using ordered data mode [ 61.696138][ T5129] reiserfs: using flush barriers [ 61.701842][ T5129] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 61.718315][ T5129] REISERFS (device loop0): checking transaction log (loop0) [pid 5129] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] chdir("./file0") = 0 [pid 5129] ioctl(4, LOOP_CLR_FD) = 0 [pid 5129] close(4) = 0 [pid 5129] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... futex resumed>) = 0 [pid 5129] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5128] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... openat resumed>) = 4 [pid 5129] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... futex resumed>) = 0 [pid 5129] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5128] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... mmap resumed>) = 0x20000000 [pid 5129] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] ioctl(4, FS_IOC_GETVERSION [pid 5128] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... futex resumed>) = 0 [pid 5128] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5129] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] exit_group(0 [pid 5129] <... futex resumed>) = ? [pid 5128] <... exit_group resumed>) = ? [pid 5129] +++ exited with 0 +++ [pid 5128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 [ 61.762730][ T5129] REISERFS (device loop0): Using r5 hash to sort names [ 61.769890][ T5129] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5131 ./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x555556c086e0, 24) = 0 [pid 5131] chdir("./20") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5131] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5132], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5132 ./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5132] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5132] <... futex resumed>) = 0 [pid 5131] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5132] memfd_create("syzkaller", 0) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5132] munmap(0x7f18a1998000, 4194304) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./file0", 0777) = 0 [ 61.929403][ T5132] loop0: detected capacity change from 0 to 8192 [ 61.939151][ T5132] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 61.952346][ T5132] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 61.961542][ T5132] REISERFS (device loop0): using ordered data mode [ 61.968403][ T5132] reiserfs: using flush barriers [ 61.974316][ T5132] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 61.991220][ T5132] REISERFS (device loop0): checking transaction log (loop0) [pid 5132] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./file0") = 0 [pid 5132] ioctl(4, LOOP_CLR_FD) = 0 [pid 5132] close(4) = 0 [pid 5132] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 1 [pid 5132] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5132] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 1 [pid 5132] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5132] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... futex resumed>) = 1 [pid 5132] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5132] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] exit_group(0) = ? [pid 5132] <... futex resumed>) = ? [pid 5132] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 [ 62.039250][ T5132] REISERFS (device loop0): Using r5 hash to sort names [ 62.046501][ T5132] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5134 ./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x555556c086e0, 24) = 0 [pid 5134] chdir("./21") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5134] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5135 attached [pid 5135] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5135] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... clone resumed>, parent_tid=[5135], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5135 [pid 5134] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5134] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5135] munmap(0x7f18a1998000, 4194304) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] mkdir("./file0", 0777) = 0 [ 62.204331][ T5135] loop0: detected capacity change from 0 to 8192 [ 62.213927][ T5135] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 62.226983][ T5135] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 62.236245][ T5135] REISERFS (device loop0): using ordered data mode [ 62.242782][ T5135] reiserfs: using flush barriers [ 62.248700][ T5135] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 62.265182][ T5135] REISERFS (device loop0): checking transaction log (loop0) [pid 5135] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./file0") = 0 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5135] <... futex resumed>) = 1 [pid 5134] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... openat resumed>) = 4 [pid 5135] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5134] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... mmap resumed>) = 0x20000000 [pid 5135] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] ioctl(4, FS_IOC_GETVERSION [pid 5134] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5134] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] exit_group(0 [pid 5135] <... futex resumed>) = ? [pid 5134] <... exit_group resumed>) = ? [pid 5135] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 [ 62.312173][ T5135] REISERFS (device loop0): Using r5 hash to sort names [ 62.319433][ T5135] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached [pid 5137] set_robust_list(0x555556c086e0, 24) = 0 [pid 5137] chdir("./22") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs" [pid 5067] <... clone resumed>, child_tidptr=0x555556c086d0) = 5137 [pid 5137] <... symlink resumed>) = 0 [pid 5137] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5137] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5138], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5138 [pid 5137] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5138 attached [pid 5138] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5138] memfd_create("syzkaller", 0) = 3 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5138] munmap(0x7f18a1998000, 4194304) = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5138] close(3) = 0 [pid 5138] mkdir("./file0", 0777) = 0 [ 62.471721][ T5138] loop0: detected capacity change from 0 to 8192 [ 62.483176][ T5138] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 62.496214][ T5138] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 62.505502][ T5138] REISERFS (device loop0): using ordered data mode [ 62.512075][ T5138] reiserfs: using flush barriers [ 62.517928][ T5138] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 62.534936][ T5138] REISERFS (device loop0): checking transaction log (loop0) [pid 5138] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5138] chdir("./file0") = 0 [pid 5138] ioctl(4, LOOP_CLR_FD) = 0 [pid 5138] close(4) = 0 [pid 5138] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... futex resumed>) = 1 [pid 5138] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5138] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5138] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5138] ioctl(4, FS_IOC_GETVERSION [pid 5137] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5137] <... futex resumed>) = 0 [pid 5138] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... futex resumed>) = 0 [pid 5137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] exit_group(0) = ? [pid 5138] +++ exited with 0 +++ [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 62.582188][ T5138] REISERFS (device loop0): Using r5 hash to sort names [ 62.589594][ T5138] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5140 ./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x555556c086e0, 24) = 0 [pid 5140] chdir("./23") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5140] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5141], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5141 [pid 5140] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5141 attached [pid 5141] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5141] memfd_create("syzkaller", 0) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5141] munmap(0x7f18a1998000, 4194304) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] mkdir("./file0", 0777) = 0 [ 62.740038][ T5141] loop0: detected capacity change from 0 to 8192 [ 62.750545][ T5141] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 62.763928][ T5141] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 62.773237][ T5141] REISERFS (device loop0): using ordered data mode [ 62.779749][ T5141] reiserfs: using flush barriers [ 62.785918][ T5141] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 62.802368][ T5141] REISERFS (device loop0): checking transaction log (loop0) [pid 5141] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5141] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./file0") = 0 [pid 5141] ioctl(4, LOOP_CLR_FD) = 0 [pid 5141] close(4) = 0 [pid 5141] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... futex resumed>) = 1 [pid 5141] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5141] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... futex resumed>) = 1 [pid 5141] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5141] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... futex resumed>) = 1 [pid 5141] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5141] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] exit_group(0 [pid 5141] <... futex resumed>) = ? [pid 5140] <... exit_group resumed>) = ? [pid 5141] +++ exited with 0 +++ [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 62.850572][ T5141] REISERFS (device loop0): Using r5 hash to sort names [ 62.857877][ T5141] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5143 ./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x555556c086e0, 24) = 0 [pid 5143] chdir("./24") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5143] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5144], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5144 [pid 5143] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5144] memfd_create("syzkaller", 0) = 3 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5144] munmap(0x7f18a1998000, 4194304) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5144] close(3) = 0 [pid 5144] mkdir("./file0", 0777) = 0 [ 63.000612][ T5144] loop0: detected capacity change from 0 to 8192 [ 63.010068][ T5144] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 63.023276][ T5144] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 63.032761][ T5144] REISERFS (device loop0): using ordered data mode [ 63.039328][ T5144] reiserfs: using flush barriers [ 63.045413][ T5144] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 63.062080][ T5144] REISERFS (device loop0): checking transaction log (loop0) [pid 5144] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5144] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] chdir("./file0") = 0 [pid 5144] ioctl(4, LOOP_CLR_FD) = 0 [pid 5144] close(4) = 0 [pid 5144] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 1 [pid 5144] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5144] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 1 [pid 5144] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5144] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... futex resumed>) = 1 [pid 5144] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5144] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] exit_group(0) = ? [pid 5144] <... futex resumed>) = ? [pid 5144] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 [ 63.108178][ T5144] REISERFS (device loop0): Using r5 hash to sort names [ 63.115347][ T5144] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5146 ./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x555556c086e0, 24) = 0 [pid 5146] chdir("./25") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5146] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5147 attached , parent_tid=[5147], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5147 [pid 5146] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5147] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5147] memfd_create("syzkaller", 0) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5147] munmap(0x7f18a1998000, 4194304) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./file0", 0777) = 0 [ 63.278197][ T5147] loop0: detected capacity change from 0 to 8192 [ 63.288030][ T5147] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 63.301256][ T5147] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 63.310698][ T5147] REISERFS (device loop0): using ordered data mode [ 63.317400][ T5147] reiserfs: using flush barriers [ 63.323283][ T5147] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 63.339902][ T5147] REISERFS (device loop0): checking transaction log (loop0) [pid 5147] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5147] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./file0") = 0 [pid 5147] ioctl(4, LOOP_CLR_FD) = 0 [pid 5147] close(4) = 0 [pid 5147] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [pid 5147] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5147] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [pid 5147] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5147] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 1 [pid 5147] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5147] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] exit_group(0) = ? [pid 5147] <... futex resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 [ 63.385504][ T5147] REISERFS (device loop0): Using r5 hash to sort names [ 63.392611][ T5147] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5149 ./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x555556c086e0, 24) = 0 [pid 5149] chdir("./26") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5149] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5150], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5150 [pid 5149] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5150] memfd_create("syzkaller", 0) = 3 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5150] munmap(0x7f18a1998000, 4194304) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5150] close(3) = 0 [pid 5150] mkdir("./file0", 0777) = 0 [ 63.537060][ T5150] loop0: detected capacity change from 0 to 8192 [ 63.546751][ T5150] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 63.559843][ T5150] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 63.569156][ T5150] REISERFS (device loop0): using ordered data mode [ 63.575713][ T5150] reiserfs: using flush barriers [ 63.581641][ T5150] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 63.598228][ T5150] REISERFS (device loop0): checking transaction log (loop0) [pid 5150] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5150] chdir("./file0") = 0 [pid 5150] ioctl(4, LOOP_CLR_FD) = 0 [pid 5150] close(4) = 0 [pid 5150] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... futex resumed>) = 1 [pid 5150] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5150] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... futex resumed>) = 1 [pid 5150] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5150] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5149] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... futex resumed>) = 1 [pid 5150] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5150] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5149] exit_group(0) = ? [pid 5150] <... futex resumed>) = ? [pid 5150] +++ exited with 0 +++ [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 [ 63.647510][ T5150] REISERFS (device loop0): Using r5 hash to sort names [ 63.655341][ T5150] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5152 ./strace-static-x86_64: Process 5152 attached [pid 5152] set_robust_list(0x555556c086e0, 24) = 0 [pid 5152] chdir("./27") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5152] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5153], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5153 [pid 5152] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5153 attached [pid 5153] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5153] memfd_create("syzkaller", 0) = 3 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5153] munmap(0x7f18a1998000, 4194304) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] mkdir("./file0", 0777) = 0 [ 63.817367][ T5153] loop0: detected capacity change from 0 to 8192 [ 63.827520][ T5153] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 63.840529][ T5153] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 63.850065][ T5153] REISERFS (device loop0): using ordered data mode [ 63.856890][ T5153] reiserfs: using flush barriers [ 63.862805][ T5153] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 63.879332][ T5153] REISERFS (device loop0): checking transaction log (loop0) [pid 5153] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5153] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5153] chdir("./file0") = 0 [pid 5153] ioctl(4, LOOP_CLR_FD) = 0 [pid 5153] close(4) = 0 [pid 5153] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5153] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... futex resumed>) = 1 [pid 5153] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5153] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... futex resumed>) = 1 [pid 5153] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5153] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] exit_group(0) = ? [pid 5153] <... futex resumed>) = ? [pid 5153] +++ exited with 0 +++ [pid 5152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 [ 63.927714][ T5153] REISERFS (device loop0): Using r5 hash to sort names [ 63.935364][ T5153] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5155 ./strace-static-x86_64: Process 5155 attached [pid 5155] set_robust_list(0x555556c086e0, 24) = 0 [pid 5155] chdir("./28") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5155] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5155] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5156 attached , parent_tid=[5156], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5156 [pid 5155] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5156] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5156] memfd_create("syzkaller", 0) = 3 [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5156] munmap(0x7f18a1998000, 4194304) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5156] close(3) = 0 [pid 5156] mkdir("./file0", 0777) = 0 [ 64.090578][ T5156] loop0: detected capacity change from 0 to 8192 [ 64.102082][ T5156] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 64.115132][ T5156] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 64.124358][ T5156] REISERFS (device loop0): using ordered data mode [ 64.130883][ T5156] reiserfs: using flush barriers [ 64.137005][ T5156] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 64.153461][ T5156] REISERFS (device loop0): checking transaction log (loop0) [pid 5156] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5156] chdir("./file0") = 0 [pid 5156] ioctl(4, LOOP_CLR_FD) = 0 [pid 5156] close(4) = 0 [pid 5156] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = 0 [pid 5155] <... futex resumed>) = 1 [pid 5156] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5155] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5156] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5155] <... futex resumed>) = 0 [pid 5156] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5155] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... mmap resumed>) = 0x20000000 [pid 5156] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5156] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5155] <... futex resumed>) = 0 [pid 5156] ioctl(4, FS_IOC_GETVERSION [pid 5155] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5156] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5156] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] exit_group(0 [pid 5156] <... futex resumed>) = ? [pid 5155] <... exit_group resumed>) = ? [pid 5156] +++ exited with 0 +++ [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 [ 64.197536][ T5156] REISERFS (device loop0): Using r5 hash to sort names [ 64.204654][ T5156] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5158 attached [pid 5158] set_robust_list(0x555556c086e0, 24) = 0 [pid 5158] chdir("./29") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5158] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5159], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5159 [pid 5158] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5159 attached [pid 5159] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5159] memfd_create("syzkaller", 0) = 3 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5067] <... clone resumed>, child_tidptr=0x555556c086d0) = 5158 [pid 5159] <... mmap resumed>) = 0x7f18a1998000 [pid 5159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5159] munmap(0x7f18a1998000, 4194304) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5159] close(3) = 0 [pid 5159] mkdir("./file0", 0777) = 0 [ 64.348709][ T5159] loop0: detected capacity change from 0 to 8192 [ 64.359773][ T5159] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 64.372947][ T5159] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 64.382541][ T5159] REISERFS (device loop0): using ordered data mode [ 64.389050][ T5159] reiserfs: using flush barriers [ 64.394858][ T5159] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 64.411253][ T5159] REISERFS (device loop0): checking transaction log (loop0) [pid 5159] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5159] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5159] chdir("./file0") = 0 [pid 5159] ioctl(4, LOOP_CLR_FD) = 0 [pid 5159] close(4) = 0 [pid 5159] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5158] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... openat resumed>) = 4 [pid 5159] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5158] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... mmap resumed>) = 0x20000000 [pid 5159] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = 0 [pid 5159] ioctl(4, FS_IOC_GETVERSION [pid 5158] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5159] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] exit_group(0 [pid 5159] <... futex resumed>) = ? [pid 5158] <... exit_group resumed>) = ? [pid 5159] +++ exited with 0 +++ [pid 5158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 64.458487][ T5159] REISERFS (device loop0): Using r5 hash to sort names [ 64.465955][ T5159] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5161 ./strace-static-x86_64: Process 5161 attached [pid 5161] set_robust_list(0x555556c086e0, 24) = 0 [pid 5161] chdir("./30") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5161] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5162 attached , parent_tid=[5162], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5162 [pid 5161] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5162] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5162] memfd_create("syzkaller", 0) = 3 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5162] munmap(0x7f18a1998000, 4194304) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5162] close(3) = 0 [pid 5162] mkdir("./file0", 0777) = 0 [ 64.630519][ T5162] loop0: detected capacity change from 0 to 8192 [ 64.641508][ T5162] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 64.654587][ T5162] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 64.663855][ T5162] REISERFS (device loop0): using ordered data mode [ 64.670347][ T5162] reiserfs: using flush barriers [ 64.676199][ T5162] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 64.692608][ T5162] REISERFS (device loop0): checking transaction log (loop0) [pid 5162] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5162] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5162] chdir("./file0") = 0 [pid 5162] ioctl(4, LOOP_CLR_FD) = 0 [pid 5162] close(4) = 0 [pid 5162] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5162] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5162] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... futex resumed>) = 1 [pid 5162] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5162] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] exit_group(0) = ? [pid 5162] +++ exited with 0 +++ [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./30/binderfs") = 0 [ 64.741315][ T5162] REISERFS (device loop0): Using r5 hash to sort names [ 64.748708][ T5162] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5164 ./strace-static-x86_64: Process 5164 attached [pid 5164] set_robust_list(0x555556c086e0, 24) = 0 [pid 5164] chdir("./31") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5164] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5164] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5165 attached , parent_tid=[5165], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5165 [pid 5165] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5165] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5164] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5165] memfd_create("syzkaller", 0) = 3 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5165] munmap(0x7f18a1998000, 4194304) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5165] close(3) = 0 [pid 5165] mkdir("./file0", 0777) = 0 [ 64.905782][ T5165] loop0: detected capacity change from 0 to 8192 [ 64.915570][ T5165] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 64.928803][ T5165] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 64.938145][ T5165] REISERFS (device loop0): using ordered data mode [ 64.944848][ T5165] reiserfs: using flush barriers [ 64.951047][ T5165] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 64.967539][ T5165] REISERFS (device loop0): checking transaction log (loop0) [pid 5165] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5165] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5165] chdir("./file0") = 0 [pid 5165] ioctl(4, LOOP_CLR_FD) = 0 [pid 5165] close(4) = 0 [pid 5165] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... futex resumed>) = 1 [pid 5165] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5165] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... futex resumed>) = 1 [pid 5165] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5165] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... futex resumed>) = 1 [pid 5165] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5165] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5164] exit_group(0) = ? [pid 5165] <... futex resumed>) = ? [pid 5165] +++ exited with 0 +++ [pid 5164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./31/binderfs") = 0 [ 65.014553][ T5165] REISERFS (device loop0): Using r5 hash to sort names [ 65.021674][ T5165] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5167 ./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x555556c086e0, 24) = 0 [pid 5167] chdir("./32") = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5167] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5167] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5167] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5168 attached , parent_tid=[5168], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5168 [pid 5168] set_robust_list(0x7f18a9db89e0, 24 [pid 5167] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... set_robust_list resumed>) = 0 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5168] memfd_create("syzkaller", 0) = 3 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5168] munmap(0x7f18a1998000, 4194304) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5168] close(3) = 0 [pid 5168] mkdir("./file0", 0777) = 0 [ 65.171049][ T5168] loop0: detected capacity change from 0 to 8192 [ 65.180631][ T5168] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 65.194061][ T5168] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 65.203382][ T5168] REISERFS (device loop0): using ordered data mode [ 65.209945][ T5168] reiserfs: using flush barriers [ 65.216025][ T5168] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 65.232516][ T5168] REISERFS (device loop0): checking transaction log (loop0) [pid 5168] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5168] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5168] chdir("./file0") = 0 [pid 5168] ioctl(4, LOOP_CLR_FD) = 0 [pid 5168] close(4) = 0 [pid 5168] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5168] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5168] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5167] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... mmap resumed>) = 0x20000000 [pid 5168] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... futex resumed>) = 0 [pid 5168] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5168] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5167] exit_group(0) = ? [pid 5168] +++ exited with 0 +++ [pid 5167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./32/binderfs") = 0 [ 65.277971][ T5168] REISERFS (device loop0): Using r5 hash to sort names [ 65.285496][ T5168] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5170 ./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x555556c086e0, 24) = 0 [pid 5170] chdir("./33") = 0 [pid 5170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5170] setpgid(0, 0) = 0 [pid 5170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5170] write(3, "1000", 4) = 4 [pid 5170] close(3) = 0 [pid 5170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5170] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5170] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5170] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5171], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5171 ./strace-static-x86_64: Process 5171 attached [pid 5171] set_robust_list(0x7f18a9db89e0, 24 [pid 5170] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] <... set_robust_list resumed>) = 0 [pid 5170] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5171] memfd_create("syzkaller", 0) = 3 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5171] munmap(0x7f18a1998000, 4194304) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5171] close(3) = 0 [pid 5171] mkdir("./file0", 0777) = 0 [ 65.432332][ T5171] loop0: detected capacity change from 0 to 8192 [ 65.443329][ T5171] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 65.456379][ T5171] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 65.465634][ T5171] REISERFS (device loop0): using ordered data mode [ 65.472188][ T5171] reiserfs: using flush barriers [ 65.478044][ T5171] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 65.494777][ T5171] REISERFS (device loop0): checking transaction log (loop0) [pid 5171] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5171] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5171] chdir("./file0") = 0 [pid 5171] ioctl(4, LOOP_CLR_FD) = 0 [pid 5171] close(4) = 0 [pid 5171] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5171] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5170] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... openat resumed>) = 4 [pid 5171] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5171] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5170] <... futex resumed>) = 0 [pid 5171] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5170] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5170] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5170] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5171] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5171] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] exit_group(0 [pid 5171] <... futex resumed>) = ? [pid 5170] <... exit_group resumed>) = ? [pid 5171] +++ exited with 0 +++ [pid 5170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5170, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./33/binderfs") = 0 [ 65.536208][ T5171] REISERFS (device loop0): Using r5 hash to sort names [ 65.543317][ T5171] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5173 ./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x555556c086e0, 24) = 0 [pid 5173] chdir("./34") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5173] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5174], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5174 [pid 5173] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5174 attached [pid 5174] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5174] memfd_create("syzkaller", 0) = 3 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5174] munmap(0x7f18a1998000, 4194304) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5174] close(3) = 0 [pid 5174] mkdir("./file0", 0777) = 0 [ 65.692981][ T5174] loop0: detected capacity change from 0 to 8192 [ 65.702352][ T5174] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 65.715774][ T5174] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 65.725476][ T5174] REISERFS (device loop0): using ordered data mode [ 65.732090][ T5174] reiserfs: using flush barriers [ 65.737805][ T5174] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 65.754279][ T5174] REISERFS (device loop0): checking transaction log (loop0) [pid 5174] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5174] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5174] chdir("./file0") = 0 [pid 5174] ioctl(4, LOOP_CLR_FD) = 0 [pid 5174] close(4) = 0 [pid 5174] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = 0 [pid 5174] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5174] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = 1 [pid 5174] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5174] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = 1 [pid 5174] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5174] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] exit_group(0) = ? [pid 5174] <... futex resumed>) = ? [pid 5174] +++ exited with 0 +++ [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./34/binderfs") = 0 [ 65.801518][ T5174] REISERFS (device loop0): Using r5 hash to sort names [ 65.808938][ T5174] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5176 ./strace-static-x86_64: Process 5176 attached [pid 5176] set_robust_list(0x555556c086e0, 24) = 0 [pid 5176] chdir("./35") = 0 [pid 5176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5176] setpgid(0, 0) = 0 [pid 5176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5176] write(3, "1000", 4) = 4 [pid 5176] close(3) = 0 [pid 5176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5176] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5176] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5176] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5177], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5177 [pid 5176] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5177 attached [pid 5177] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5177] memfd_create("syzkaller", 0) = 3 [pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5177] munmap(0x7f18a1998000, 4194304) = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5177] close(3) = 0 [pid 5177] mkdir("./file0", 0777) = 0 [ 65.954619][ T5177] loop0: detected capacity change from 0 to 8192 [ 65.974869][ T5177] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 65.988029][ T5177] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 65.997425][ T5177] REISERFS (device loop0): using ordered data mode [ 66.004225][ T5177] reiserfs: using flush barriers [ 66.010096][ T5177] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 66.026910][ T5177] REISERFS (device loop0): checking transaction log (loop0) [pid 5177] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5177] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5177] chdir("./file0") = 0 [pid 5177] ioctl(4, LOOP_CLR_FD) = 0 [pid 5177] close(4) = 0 [pid 5177] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] <... futex resumed>) = 1 [pid 5177] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5177] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] <... futex resumed>) = 1 [pid 5177] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5177] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] <... futex resumed>) = 1 [pid 5177] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5177] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5176] exit_group(0) = ? [pid 5177] <... futex resumed>) = ? [pid 5177] +++ exited with 0 +++ [pid 5176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5176, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./35/binderfs") = 0 [ 66.068546][ T5177] REISERFS (device loop0): Using r5 hash to sort names [ 66.076110][ T5177] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5179 ./strace-static-x86_64: Process 5179 attached [pid 5179] set_robust_list(0x555556c086e0, 24) = 0 [pid 5179] chdir("./36") = 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5179] setpgid(0, 0) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5179] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5179] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5180], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5180 ./strace-static-x86_64: Process 5180 attached [pid 5179] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5180] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5180] memfd_create("syzkaller", 0) = 3 [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5180] munmap(0x7f18a1998000, 4194304) = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5180] close(3) = 0 [pid 5180] mkdir("./file0", 0777) = 0 [ 66.223720][ T5180] loop0: detected capacity change from 0 to 8192 [ 66.233602][ T5180] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 66.246908][ T5180] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 66.256527][ T5180] REISERFS (device loop0): using ordered data mode [ 66.263269][ T5180] reiserfs: using flush barriers [ 66.268936][ T5180] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 66.285599][ T5180] REISERFS (device loop0): checking transaction log (loop0) [pid 5180] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5180] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5180] chdir("./file0") = 0 [pid 5180] ioctl(4, LOOP_CLR_FD) = 0 [pid 5180] close(4) = 0 [pid 5180] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5179] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... openat resumed>) = 4 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5179] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... mmap resumed>) = 0x20000000 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... futex resumed>) = 1 [pid 5180] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5180] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5179] exit_group(0) = ? [pid 5180] <... futex resumed>) = ? [pid 5180] +++ exited with 0 +++ [pid 5179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./36/binderfs") = 0 [ 66.332064][ T5180] REISERFS (device loop0): Using r5 hash to sort names [ 66.339312][ T5180] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5182 ./strace-static-x86_64: Process 5182 attached [pid 5182] set_robust_list(0x555556c086e0, 24) = 0 [pid 5182] chdir("./37") = 0 [pid 5182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5182] setpgid(0, 0) = 0 [pid 5182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5182] write(3, "1000", 4) = 4 [pid 5182] close(3) = 0 [pid 5182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5182] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5182] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5182] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5183], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5183 [pid 5182] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5183 attached [pid 5183] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5183] memfd_create("syzkaller", 0) = 3 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5183] munmap(0x7f18a1998000, 4194304) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5183] close(3) = 0 [pid 5183] mkdir("./file0", 0777) = 0 [ 66.485694][ T5183] loop0: detected capacity change from 0 to 8192 [ 66.496352][ T5183] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 66.509471][ T5183] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 66.518828][ T5183] REISERFS (device loop0): using ordered data mode [ 66.525618][ T5183] reiserfs: using flush barriers [ 66.531439][ T5183] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 66.547964][ T5183] REISERFS (device loop0): checking transaction log (loop0) [pid 5183] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5183] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5183] chdir("./file0") = 0 [pid 5183] ioctl(4, LOOP_CLR_FD) = 0 [pid 5183] close(4) = 0 [pid 5183] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5183] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5182] <... futex resumed>) = 0 [pid 5183] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5182] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... openat resumed>) = 4 [pid 5183] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5183] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5182] <... futex resumed>) = 0 [pid 5183] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5182] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... mmap resumed>) = 0x20000000 [pid 5183] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5183] ioctl(4, FS_IOC_GETVERSION [pid 5182] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5182] <... futex resumed>) = 0 [pid 5183] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... futex resumed>) = 0 [pid 5182] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] exit_group(0 [pid 5183] <... futex resumed>) = ? [pid 5182] <... exit_group resumed>) = ? [pid 5183] +++ exited with 0 +++ [pid 5182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5182, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./37/binderfs") = 0 [ 66.597098][ T5183] REISERFS (device loop0): Using r5 hash to sort names [ 66.604214][ T5183] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5185 attached , child_tidptr=0x555556c086d0) = 5185 [pid 5185] set_robust_list(0x555556c086e0, 24) = 0 [pid 5185] chdir("./38") = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 [pid 5185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5185] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5185] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5186 attached [pid 5186] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5186] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... clone resumed>, parent_tid=[5186], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5186 [pid 5185] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5185] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5186] memfd_create("syzkaller", 0) = 3 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5186] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5186] munmap(0x7f18a1998000, 4194304) = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5186] close(3) = 0 [pid 5186] mkdir("./file0", 0777) = 0 [ 66.766020][ T5186] loop0: detected capacity change from 0 to 8192 [ 66.777021][ T5186] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 66.790102][ T5186] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 66.799334][ T5186] REISERFS (device loop0): using ordered data mode [ 66.805892][ T5186] reiserfs: using flush barriers [ 66.811596][ T5186] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 66.828022][ T5186] REISERFS (device loop0): checking transaction log (loop0) [pid 5186] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5186] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5186] chdir("./file0") = 0 [pid 5186] ioctl(4, LOOP_CLR_FD) = 0 [pid 5186] close(4) = 0 [pid 5186] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [pid 5185] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... openat resumed>) = 4 [pid 5186] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5185] <... futex resumed>) = 0 [pid 5186] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5185] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... mmap resumed>) = 0x20000000 [pid 5186] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5185] <... futex resumed>) = 0 [pid 5186] ioctl(4, FS_IOC_GETVERSION [pid 5185] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5186] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5185] exit_group(0) = ? [pid 5186] +++ exited with 0 +++ [pid 5185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./38/binderfs") = 0 [ 66.875181][ T5186] REISERFS (device loop0): Using r5 hash to sort names [ 66.882422][ T5186] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x555556c086e0, 24) = 0 [pid 5188] chdir("./39") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5188] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5188] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5189], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5189 [pid 5188] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5189 attached [pid 5189] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5189] memfd_create("syzkaller", 0) = 3 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5067] <... clone resumed>, child_tidptr=0x555556c086d0) = 5188 [pid 5189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5189] munmap(0x7f18a1998000, 4194304) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5189] close(3) = 0 [pid 5189] mkdir("./file0", 0777) = 0 [ 67.038117][ T5189] loop0: detected capacity change from 0 to 8192 [ 67.049612][ T5189] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 67.062732][ T5189] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 67.072047][ T5189] REISERFS (device loop0): using ordered data mode [ 67.078555][ T5189] reiserfs: using flush barriers [ 67.084601][ T5189] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 67.101250][ T5189] REISERFS (device loop0): checking transaction log (loop0) [pid 5189] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5189] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5189] chdir("./file0") = 0 [pid 5189] ioctl(4, LOOP_CLR_FD) = 0 [pid 5189] close(4) = 0 [pid 5189] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 1 [pid 5189] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5189] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 1 [pid 5189] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5189] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 1 [pid 5189] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5189] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] exit_group(0) = ? [pid 5189] <... futex resumed>) = ? [pid 5189] +++ exited with 0 +++ [pid 5188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./39/binderfs") = 0 [ 67.149180][ T5189] REISERFS (device loop0): Using r5 hash to sort names [ 67.156732][ T5189] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5191 ./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x555556c086e0, 24) = 0 [pid 5191] chdir("./40") = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5191] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5192], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5192 [pid 5191] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5192 attached [pid 5191] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5192] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5192] memfd_create("syzkaller", 0) = 3 [pid 5192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5192] munmap(0x7f18a1998000, 4194304) = 0 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5192] close(3) = 0 [pid 5192] mkdir("./file0", 0777) = 0 [ 67.304591][ T5192] loop0: detected capacity change from 0 to 8192 [ 67.314205][ T5192] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 67.327379][ T5192] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 67.336881][ T5192] REISERFS (device loop0): using ordered data mode [ 67.343487][ T5192] reiserfs: using flush barriers [ 67.349105][ T5192] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 67.365642][ T5192] REISERFS (device loop0): checking transaction log (loop0) [pid 5192] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5192] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5192] chdir("./file0") = 0 [pid 5192] ioctl(4, LOOP_CLR_FD) = 0 [pid 5192] close(4) = 0 [pid 5192] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5191] <... futex resumed>) = 1 [pid 5192] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5191] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... openat resumed>) = 4 [pid 5192] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5192] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5191] <... futex resumed>) = 1 [pid 5192] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5191] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... mmap resumed>) = 0x20000000 [pid 5192] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] ioctl(4, FS_IOC_GETVERSION [pid 5191] <... futex resumed>) = 0 [pid 5192] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5191] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5192] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] exit_group(0 [pid 5192] <... futex resumed>) = ? [pid 5191] <... exit_group resumed>) = ? [pid 5192] +++ exited with 0 +++ [pid 5191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./40/binderfs") = 0 [ 67.408939][ T5192] REISERFS (device loop0): Using r5 hash to sort names [ 67.416225][ T5192] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5194 attached , child_tidptr=0x555556c086d0) = 5194 [pid 5194] set_robust_list(0x555556c086e0, 24) = 0 [pid 5194] chdir("./41") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5194] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5194] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5195 attached , parent_tid=[5195], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5195 [pid 5195] set_robust_list(0x7f18a9db89e0, 24 [pid 5194] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] <... set_robust_list resumed>) = 0 [pid 5194] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5195] munmap(0x7f18a1998000, 4194304) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5195] close(3) = 0 [pid 5195] mkdir("./file0", 0777) = 0 [ 67.565714][ T5195] loop0: detected capacity change from 0 to 8192 [ 67.576664][ T5195] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 67.589913][ T5195] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 67.599226][ T5195] REISERFS (device loop0): using ordered data mode [ 67.605835][ T5195] reiserfs: using flush barriers [ 67.611569][ T5195] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 67.627969][ T5195] REISERFS (device loop0): checking transaction log (loop0) [pid 5195] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5195] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5195] chdir("./file0") = 0 [pid 5195] ioctl(4, LOOP_CLR_FD) = 0 [pid 5195] close(4) = 0 [pid 5195] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 1 [pid 5195] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5194] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... openat resumed>) = 4 [pid 5195] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] <... futex resumed>) = 0 [pid 5195] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5194] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... mmap resumed>) = 0x20000000 [pid 5195] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] ioctl(4, FS_IOC_GETVERSION [pid 5194] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] exit_group(0 [pid 5195] <... futex resumed>) = ? [pid 5194] <... exit_group resumed>) = ? [pid 5195] +++ exited with 0 +++ [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./41/binderfs") = 0 [ 67.675251][ T5195] REISERFS (device loop0): Using r5 hash to sort names [ 67.682352][ T5195] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5197 ./strace-static-x86_64: Process 5197 attached [pid 5197] set_robust_list(0x555556c086e0, 24) = 0 [pid 5197] chdir("./42") = 0 [pid 5197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5197] setpgid(0, 0) = 0 [pid 5197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5197] write(3, "1000", 4) = 4 [pid 5197] close(3) = 0 [pid 5197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5197] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5197] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5197] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5198 attached , parent_tid=[5198], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5198 [pid 5198] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5198] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5198] memfd_create("syzkaller", 0) = 3 [pid 5198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5197] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5198] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5198] munmap(0x7f18a1998000, 4194304) = 0 [pid 5198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5198] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5198] close(3) = 0 [pid 5198] mkdir("./file0", 0777) = 0 [ 67.847075][ T5198] loop0: detected capacity change from 0 to 8192 [ 67.856983][ T5198] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 67.870280][ T5198] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 67.879686][ T5198] REISERFS (device loop0): using ordered data mode [ 67.886517][ T5198] reiserfs: using flush barriers [ 67.892620][ T5198] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 67.909059][ T5198] REISERFS (device loop0): checking transaction log (loop0) [pid 5198] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5198] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5198] chdir("./file0") = 0 [pid 5198] ioctl(4, LOOP_CLR_FD) = 0 [pid 5198] close(4) = 0 [pid 5198] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5198] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5197] <... futex resumed>) = 0 [pid 5198] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5197] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... openat resumed>) = 4 [pid 5198] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5198] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5197] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... mmap resumed>) = 0x20000000 [pid 5197] <... futex resumed>) = 0 [pid 5198] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] ioctl(4, FS_IOC_GETVERSION [pid 5197] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5197] <... futex resumed>) = 0 [pid 5198] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] exit_group(0 [pid 5198] <... futex resumed>) = ? [pid 5197] <... exit_group resumed>) = ? [pid 5198] +++ exited with 0 +++ [pid 5197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5197, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./42/binderfs") = 0 [ 67.951199][ T5198] REISERFS (device loop0): Using r5 hash to sort names [ 67.958311][ T5198] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5200 ./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x555556c086e0, 24) = 0 [pid 5200] chdir("./43") = 0 [pid 5200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5200] setpgid(0, 0) = 0 [pid 5200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5200] write(3, "1000", 4) = 4 [pid 5200] close(3) = 0 [pid 5200] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5200] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5200] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5200] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5201], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5201 [pid 5200] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5201 attached [pid 5201] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5201] memfd_create("syzkaller", 0) = 3 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5201] munmap(0x7f18a1998000, 4194304) = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5201] close(3) = 0 [pid 5201] mkdir("./file0", 0777) = 0 [ 68.141404][ T5201] loop0: detected capacity change from 0 to 8192 [ 68.151556][ T5201] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 68.164820][ T5201] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 68.174320][ T5201] REISERFS (device loop0): using ordered data mode [ 68.180817][ T5201] reiserfs: using flush barriers [ 68.186833][ T5201] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 68.203591][ T5201] REISERFS (device loop0): checking transaction log (loop0) [pid 5201] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5201] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5201] chdir("./file0") = 0 [pid 5201] ioctl(4, LOOP_CLR_FD) = 0 [pid 5201] close(4) = 0 [pid 5201] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... openat resumed>) = 4 [pid 5201] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5201] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5200] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5200] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5201] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = 0 [pid 5200] exit_group(0) = ? [pid 5201] <... futex resumed>) = ? [ 68.251357][ T5201] REISERFS (device loop0): Using r5 hash to sort names [ 68.258807][ T5201] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5201] +++ exited with 0 +++ [pid 5200] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5200, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5203 ./strace-static-x86_64: Process 5203 attached [pid 5203] set_robust_list(0x555556c086e0, 24) = 0 [pid 5203] chdir("./44") = 0 [pid 5203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5203] setpgid(0, 0) = 0 [pid 5203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5203] write(3, "1000", 4) = 4 [pid 5203] close(3) = 0 [pid 5203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5203] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5203] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5203] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5204 attached , parent_tid=[5204], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5204 [pid 5204] set_robust_list(0x7f18a9db89e0, 24 [pid 5203] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] <... set_robust_list resumed>) = 0 [pid 5203] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5204] memfd_create("syzkaller", 0) = 3 [pid 5204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5204] munmap(0x7f18a1998000, 4194304) = 0 [pid 5204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5204] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5204] close(3) = 0 [pid 5204] mkdir("./file0", 0777) = 0 [ 68.435955][ T5204] loop0: detected capacity change from 0 to 8192 [ 68.445193][ T5204] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 68.458342][ T5204] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 68.467673][ T5204] REISERFS (device loop0): using ordered data mode [ 68.474311][ T5204] reiserfs: using flush barriers [ 68.480137][ T5204] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 68.496611][ T5204] REISERFS (device loop0): checking transaction log (loop0) [pid 5204] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5204] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5204] chdir("./file0") = 0 [pid 5204] ioctl(4, LOOP_CLR_FD) = 0 [pid 5204] close(4) = 0 [pid 5204] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5204] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] <... futex resumed>) = 0 [pid 5204] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5203] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... openat resumed>) = 4 [pid 5204] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] <... futex resumed>) = 0 [pid 5204] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5203] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... mmap resumed>) = 0x20000000 [pid 5203] <... futex resumed>) = 0 [pid 5204] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... futex resumed>) = 0 [pid 5203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] ioctl(4, FS_IOC_GETVERSION [pid 5203] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5203] <... futex resumed>) = 0 [pid 5204] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... futex resumed>) = 0 [pid 5203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] exit_group(0 [pid 5204] <... futex resumed>) = ? [pid 5203] <... exit_group resumed>) = ? [pid 5204] +++ exited with 0 +++ [pid 5203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5203, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./44/binderfs") = 0 [ 68.541749][ T5204] REISERFS (device loop0): Using r5 hash to sort names [ 68.549414][ T5204] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5206 ./strace-static-x86_64: Process 5206 attached [pid 5206] set_robust_list(0x555556c086e0, 24) = 0 [pid 5206] chdir("./45") = 0 [pid 5206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5206] setpgid(0, 0) = 0 [pid 5206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5206] write(3, "1000", 4) = 4 [pid 5206] close(3) = 0 [pid 5206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5206] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5206] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5206] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5207 attached [pid 5207] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5207] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] <... clone resumed>, parent_tid=[5207], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5207 [pid 5206] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] memfd_create("syzkaller", 0 [pid 5206] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5207] <... memfd_create resumed>) = 3 [pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5207] munmap(0x7f18a1998000, 4194304) = 0 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5207] close(3) = 0 [pid 5207] mkdir("./file0", 0777) = 0 [ 68.702489][ T5207] loop0: detected capacity change from 0 to 8192 [ 68.712734][ T5207] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 68.725751][ T5207] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 68.735267][ T5207] REISERFS (device loop0): using ordered data mode [ 68.741789][ T5207] reiserfs: using flush barriers [ 68.747964][ T5207] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 68.764532][ T5207] REISERFS (device loop0): checking transaction log (loop0) [pid 5207] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5207] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5207] chdir("./file0") = 0 [pid 5207] ioctl(4, LOOP_CLR_FD) = 0 [pid 5207] close(4) = 0 [pid 5207] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5207] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5206] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] <... openat resumed>) = 4 [pid 5207] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5207] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5206] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] <... mmap resumed>) = 0x20000000 [pid 5207] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5207] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5207] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5207] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] <... futex resumed>) = 0 [pid 5206] exit_group(0) = ? [pid 5207] +++ exited with 0 +++ [pid 5206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5206, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./45/binderfs") = 0 [ 68.805299][ T5207] REISERFS (device loop0): Using r5 hash to sort names [ 68.812369][ T5207] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5209 ./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x555556c086e0, 24) = 0 [pid 5209] chdir("./46") = 0 [pid 5209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5209] setpgid(0, 0) = 0 [pid 5209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5209] write(3, "1000", 4) = 4 [pid 5209] close(3) = 0 [pid 5209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5209] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5209] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5209] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5210 attached , parent_tid=[5210], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5210 [pid 5209] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5210] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5210] memfd_create("syzkaller", 0) = 3 [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5210] munmap(0x7f18a1998000, 4194304) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5210] close(3) = 0 [pid 5210] mkdir("./file0", 0777) = 0 [ 68.976445][ T5210] loop0: detected capacity change from 0 to 8192 [ 68.986685][ T5210] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 68.999753][ T5210] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 69.008969][ T5210] REISERFS (device loop0): using ordered data mode [ 69.015507][ T5210] reiserfs: using flush barriers [ 69.021441][ T5210] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 69.037882][ T5210] REISERFS (device loop0): checking transaction log (loop0) [pid 5210] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5210] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5210] chdir("./file0") = 0 [pid 5210] ioctl(4, LOOP_CLR_FD) = 0 [pid 5210] close(4) = 0 [pid 5210] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5209] <... futex resumed>) = 0 [pid 5210] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5209] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] <... openat resumed>) = 4 [pid 5209] <... futex resumed>) = 0 [pid 5210] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... futex resumed>) = 0 [pid 5209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5210] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5209] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] <... mmap resumed>) = 0x20000000 [pid 5209] <... futex resumed>) = 0 [pid 5210] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... futex resumed>) = 0 [pid 5209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5210] ioctl(4, FS_IOC_GETVERSION [pid 5209] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5209] <... futex resumed>) = 0 [pid 5210] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... futex resumed>) = 0 [pid 5209] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5210] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] exit_group(0 [pid 5210] <... futex resumed>) = ? [pid 5209] <... exit_group resumed>) = ? [pid 5210] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5209, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./46/binderfs") = 0 [ 69.085423][ T5210] REISERFS (device loop0): Using r5 hash to sort names [ 69.092576][ T5210] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5212 ./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x555556c086e0, 24) = 0 [pid 5212] chdir("./47") = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5212] setpgid(0, 0) = 0 [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5212] write(3, "1000", 4) = 4 [pid 5212] close(3) = 0 [pid 5212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5212] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5212] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5212] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5213 attached , parent_tid=[5213], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5213 [pid 5212] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5212] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5213] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5213] memfd_create("syzkaller", 0) = 3 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5213] munmap(0x7f18a1998000, 4194304) = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5213] close(3) = 0 [pid 5213] mkdir("./file0", 0777) = 0 [ 69.245520][ T5213] loop0: detected capacity change from 0 to 8192 [ 69.256235][ T5213] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 69.269556][ T5213] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 69.279001][ T5213] REISERFS (device loop0): using ordered data mode [ 69.285902][ T5213] reiserfs: using flush barriers [ 69.292070][ T5213] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 69.308802][ T5213] REISERFS (device loop0): checking transaction log (loop0) [pid 5213] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5213] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5213] chdir("./file0") = 0 [pid 5213] ioctl(4, LOOP_CLR_FD) = 0 [pid 5213] close(4) = 0 [pid 5213] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5213] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5212] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... openat resumed>) = 4 [pid 5213] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5213] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5212] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... mmap resumed>) = 0x20000000 [pid 5213] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] ioctl(4, FS_IOC_GETVERSION [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5213] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5213] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5213] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] exit_group(0 [pid 5213] <... futex resumed>) = ? [pid 5212] <... exit_group resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./47/binderfs") = 0 [ 69.360889][ T5213] REISERFS (device loop0): Using r5 hash to sort names [ 69.368276][ T5213] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5215 ./strace-static-x86_64: Process 5215 attached [pid 5215] set_robust_list(0x555556c086e0, 24) = 0 [pid 5215] chdir("./48") = 0 [pid 5215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5215] setpgid(0, 0) = 0 [pid 5215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5215] write(3, "1000", 4) = 4 [pid 5215] close(3) = 0 [pid 5215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5215] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5215] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5215] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5216], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5216 [pid 5215] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5216 attached [pid 5216] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5216] memfd_create("syzkaller", 0) = 3 [pid 5216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5216] munmap(0x7f18a1998000, 4194304) = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5216] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5216] close(3) = 0 [pid 5216] mkdir("./file0", 0777) = 0 [ 69.534042][ T5216] loop0: detected capacity change from 0 to 8192 [ 69.544561][ T5216] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 69.557808][ T5216] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 69.567374][ T5216] REISERFS (device loop0): using ordered data mode [ 69.574093][ T5216] reiserfs: using flush barriers [ 69.579791][ T5216] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 69.596341][ T5216] REISERFS (device loop0): checking transaction log (loop0) [pid 5216] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5216] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5216] chdir("./file0") = 0 [pid 5216] ioctl(4, LOOP_CLR_FD) = 0 [pid 5216] close(4) = 0 [pid 5216] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 0 [pid 5216] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5216] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 1 [pid 5216] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5216] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5215] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... futex resumed>) = 1 [pid 5216] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5216] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5215] exit_group(0) = ? [pid 5216] +++ exited with 0 +++ [pid 5215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5215, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./48/binderfs") = 0 [ 69.653988][ T5216] REISERFS (device loop0): Using r5 hash to sort names [ 69.661184][ T5216] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5218 ./strace-static-x86_64: Process 5218 attached [pid 5218] set_robust_list(0x555556c086e0, 24) = 0 [pid 5218] chdir("./49") = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5218] setpgid(0, 0) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5218] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5218] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5218] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5219], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5219 ./strace-static-x86_64: Process 5219 attached [pid 5218] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5219] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5219] memfd_create("syzkaller", 0) = 3 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5219] munmap(0x7f18a1998000, 4194304) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5219] close(3) = 0 [pid 5219] mkdir("./file0", 0777) = 0 [ 69.814269][ T5219] loop0: detected capacity change from 0 to 8192 [ 69.825223][ T5219] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 69.838297][ T5219] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 69.847572][ T5219] REISERFS (device loop0): using ordered data mode [ 69.854201][ T5219] reiserfs: using flush barriers [ 69.860029][ T5219] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 69.876689][ T5219] REISERFS (device loop0): checking transaction log (loop0) [pid 5219] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5219] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5219] chdir("./file0") = 0 [pid 5219] ioctl(4, LOOP_CLR_FD) = 0 [pid 5219] close(4) = 0 [pid 5219] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5219] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5218] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5218] <... futex resumed>) = 1 [pid 5219] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5218] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] <... mmap resumed>) = 0x20000000 [pid 5219] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5219] ioctl(4, FS_IOC_GETVERSION [pid 5218] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5218] <... futex resumed>) = 0 [pid 5219] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] <... futex resumed>) = 0 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5219] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] exit_group(0 [pid 5219] <... futex resumed>) = ? [pid 5218] <... exit_group resumed>) = ? [pid 5219] +++ exited with 0 +++ [pid 5218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./49/binderfs") = 0 [ 69.918435][ T5219] REISERFS (device loop0): Using r5 hash to sort names [ 69.925652][ T5219] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5221 ./strace-static-x86_64: Process 5221 attached [pid 5221] set_robust_list(0x555556c086e0, 24) = 0 [pid 5221] chdir("./50") = 0 [pid 5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5221] setpgid(0, 0) = 0 [pid 5221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5221] write(3, "1000", 4) = 4 [pid 5221] close(3) = 0 [pid 5221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5221] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5221] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5221] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5222 attached , parent_tid=[5222], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5222 [pid 5222] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5222] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5221] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5222] memfd_create("syzkaller", 0) = 3 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5222] munmap(0x7f18a1998000, 4194304) = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5222] close(3) = 0 [pid 5222] mkdir("./file0", 0777) = 0 [ 70.076406][ T5222] loop0: detected capacity change from 0 to 8192 [ 70.086347][ T5222] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 70.099658][ T5222] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 70.109300][ T5222] REISERFS (device loop0): using ordered data mode [ 70.116056][ T5222] reiserfs: using flush barriers [ 70.121709][ T5222] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 70.138384][ T5222] REISERFS (device loop0): checking transaction log (loop0) [pid 5222] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5222] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5222] chdir("./file0") = 0 [pid 5222] ioctl(4, LOOP_CLR_FD) = 0 [pid 5222] close(4) = 0 [pid 5222] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5222] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5221] <... futex resumed>) = 1 [pid 5222] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5221] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5221] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... futex resumed>) = 0 [pid 5222] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5222] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5221] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] ioctl(4, FS_IOC_GETVERSION [pid 5221] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5222] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5222] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5221] exit_group(0) = ? [pid 5222] <... futex resumed>) = ? [pid 5222] +++ exited with 0 +++ [pid 5221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5221, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./50/binderfs") = 0 [ 70.189582][ T5222] REISERFS (device loop0): Using r5 hash to sort names [ 70.196776][ T5222] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5224 ./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x555556c086e0, 24) = 0 [pid 5224] chdir("./51") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5224] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5224] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5225 attached , parent_tid=[5225], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5225 [pid 5225] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5225] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5225] <... futex resumed>) = 0 [pid 5225] memfd_create("syzkaller", 0) = 3 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5225] munmap(0x7f18a1998000, 4194304) = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5225] close(3) = 0 [pid 5225] mkdir("./file0", 0777) = 0 [ 70.349929][ T5225] loop0: detected capacity change from 0 to 8192 [ 70.360106][ T5225] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 70.373516][ T5225] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 70.382839][ T5225] REISERFS (device loop0): using ordered data mode [ 70.389385][ T5225] reiserfs: using flush barriers [ 70.395689][ T5225] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 70.412065][ T5225] REISERFS (device loop0): checking transaction log (loop0) [pid 5225] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5225] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5225] chdir("./file0") = 0 [pid 5225] ioctl(4, LOOP_CLR_FD) = 0 [pid 5225] close(4) = 0 [pid 5225] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... openat resumed>) = 4 [pid 5225] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5225] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... futex resumed>) = 1 [pid 5225] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5225] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5224] exit_group(0) = ? [pid 5225] <... futex resumed>) = ? [pid 5225] +++ exited with 0 +++ [pid 5224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./51/binderfs") = 0 [ 70.453569][ T5225] REISERFS (device loop0): Using r5 hash to sort names [ 70.460860][ T5225] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5227 attached , child_tidptr=0x555556c086d0) = 5227 [pid 5227] set_robust_list(0x555556c086e0, 24) = 0 [pid 5227] chdir("./52") = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5227] setpgid(0, 0) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5227] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5227] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5227] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5228 attached , parent_tid=[5228], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5228 [pid 5227] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5228] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5228] memfd_create("syzkaller", 0) = 3 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5228] munmap(0x7f18a1998000, 4194304) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5228] close(3) = 0 [pid 5228] mkdir("./file0", 0777) = 0 [ 70.623029][ T5228] loop0: detected capacity change from 0 to 8192 [ 70.633133][ T5228] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 70.646359][ T5228] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 70.655997][ T5228] REISERFS (device loop0): using ordered data mode [ 70.662559][ T5228] reiserfs: using flush barriers [ 70.668367][ T5228] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 70.684889][ T5228] REISERFS (device loop0): checking transaction log (loop0) [pid 5228] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5228] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5228] chdir("./file0") = 0 [pid 5228] ioctl(4, LOOP_CLR_FD) = 0 [pid 5228] close(4) = 0 [pid 5228] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5228] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5227] <... futex resumed>) = 0 [pid 5228] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5227] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... openat resumed>) = 4 [pid 5228] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5228] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5228] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5227] exit_group(0) = ? [pid 5228] +++ exited with 0 +++ [pid 5227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5227, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./52/binderfs") = 0 [ 70.731728][ T5228] REISERFS (device loop0): Using r5 hash to sort names [ 70.738813][ T5228] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5230 ./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x555556c086e0, 24) = 0 [pid 5230] chdir("./53") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5230] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5230] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5231 attached , parent_tid=[5231], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5231 [pid 5230] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5231] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5231] memfd_create("syzkaller", 0) = 3 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5231] munmap(0x7f18a1998000, 4194304) = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5231] close(3) = 0 [pid 5231] mkdir("./file0", 0777) = 0 [ 70.891621][ T5231] loop0: detected capacity change from 0 to 8192 [ 70.901627][ T5231] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 70.915118][ T5231] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 70.924686][ T5231] REISERFS (device loop0): using ordered data mode [ 70.931418][ T5231] reiserfs: using flush barriers [ 70.937631][ T5231] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 70.954352][ T5231] REISERFS (device loop0): checking transaction log (loop0) [pid 5231] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5231] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5231] chdir("./file0") = 0 [pid 5231] ioctl(4, LOOP_CLR_FD) = 0 [pid 5231] close(4) = 0 [pid 5231] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5231] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5230] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... openat resumed>) = 4 [pid 5231] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5231] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5230] <... futex resumed>) = 0 [pid 5231] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5230] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... mmap resumed>) = 0x20000000 [pid 5231] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5231] ioctl(4, FS_IOC_GETVERSION [pid 5230] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5230] <... futex resumed>) = 0 [pid 5231] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5231] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] exit_group(0 [pid 5231] <... futex resumed>) = ? [pid 5230] <... exit_group resumed>) = ? [pid 5231] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5230, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./53/binderfs") = 0 [ 70.997245][ T5231] REISERFS (device loop0): Using r5 hash to sort names [ 71.004409][ T5231] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5233 ./strace-static-x86_64: Process 5233 attached [pid 5233] set_robust_list(0x555556c086e0, 24) = 0 [pid 5233] chdir("./54") = 0 [pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5233] setpgid(0, 0) = 0 [pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5233] write(3, "1000", 4) = 4 [pid 5233] close(3) = 0 [pid 5233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5233] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5233] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5234], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5234 [pid 5233] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5234 attached [pid 5234] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5234] memfd_create("syzkaller", 0) = 3 [ 71.104698][ T1210] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.111273][ T1210] ieee802154 phy1 wpan1: encryption failed: -22 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5234] munmap(0x7f18a1998000, 4194304) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] mkdir("./file0", 0777) = 0 [ 71.240940][ T5234] loop0: detected capacity change from 0 to 8192 [ 71.263037][ T5234] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 71.276487][ T5234] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 71.286142][ T5234] REISERFS (device loop0): using ordered data mode [ 71.293184][ T5234] reiserfs: using flush barriers [ 71.300150][ T5234] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 71.317270][ T5234] REISERFS (device loop0): checking transaction log (loop0) [pid 5234] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5234] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./file0") = 0 [pid 5234] ioctl(4, LOOP_CLR_FD) = 0 [pid 5234] close(4) = 0 [pid 5234] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... futex resumed>) = 1 [pid 5234] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5234] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... futex resumed>) = 1 [pid 5234] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5234] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... futex resumed>) = 1 [pid 5234] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5234] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5233] exit_group(0) = ? [pid 5234] <... futex resumed>) = ? [pid 5234] +++ exited with 0 +++ [pid 5233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5233, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 71.444491][ T5234] REISERFS (device loop0): Using r5 hash to sort names [ 71.452210][ T5234] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. unlink("./54/binderfs") = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5236 ./strace-static-x86_64: Process 5236 attached [pid 5236] set_robust_list(0x555556c086e0, 24) = 0 [pid 5236] chdir("./55") = 0 [pid 5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5236] setpgid(0, 0) = 0 [pid 5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5236] write(3, "1000", 4) = 4 [pid 5236] close(3) = 0 [pid 5236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5236] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5236] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5236] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5237 attached , parent_tid=[5237], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5237 [pid 5236] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5237] memfd_create("syzkaller", 0) = 3 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5237] munmap(0x7f18a1998000, 4194304) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5237] close(3) = 0 [pid 5237] mkdir("./file0", 0777) = 0 [ 71.678693][ T5237] loop0: detected capacity change from 0 to 8192 [ 71.690777][ T5237] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 71.704275][ T5237] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 71.713745][ T5237] REISERFS (device loop0): using ordered data mode [ 71.720241][ T5237] reiserfs: using flush barriers [ 71.726352][ T5237] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 71.742918][ T5237] REISERFS (device loop0): checking transaction log (loop0) [pid 5237] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5237] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5237] chdir("./file0") = 0 [pid 5237] ioctl(4, LOOP_CLR_FD) = 0 [pid 5237] close(4) = 0 [pid 5237] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5237] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5237] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5236] <... futex resumed>) = 0 [pid 5237] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5236] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] <... futex resumed>) = 0 [pid 5236] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] ioctl(4, FS_IOC_GETVERSION [pid 5236] <... futex resumed>) = 0 [pid 5237] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5237] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] exit_group(0 [pid 5237] <... futex resumed>) = ? [pid 5236] <... exit_group resumed>) = ? [pid 5237] +++ exited with 0 +++ [pid 5236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5236, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./55/binderfs") = 0 [ 71.789999][ T5237] REISERFS (device loop0): Using r5 hash to sort names [ 71.797396][ T5237] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5239 ./strace-static-x86_64: Process 5239 attached [pid 5239] set_robust_list(0x555556c086e0, 24) = 0 [pid 5239] chdir("./56") = 0 [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5239] setpgid(0, 0) = 0 [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5239] write(3, "1000", 4) = 4 [pid 5239] close(3) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5239] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5239] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5240 attached , parent_tid=[5240], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5240 [pid 5239] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5240] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5240] memfd_create("syzkaller", 0) = 3 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5240] munmap(0x7f18a1998000, 4194304) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5240] close(3) = 0 [pid 5240] mkdir("./file0", 0777) = 0 [ 71.956270][ T5240] loop0: detected capacity change from 0 to 8192 [ 71.966509][ T5240] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 71.979555][ T5240] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 71.988943][ T5240] REISERFS (device loop0): using ordered data mode [ 71.995901][ T5240] reiserfs: using flush barriers [ 72.001795][ T5240] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 72.018538][ T5240] REISERFS (device loop0): checking transaction log (loop0) [pid 5240] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5240] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5240] chdir("./file0") = 0 [pid 5240] ioctl(4, LOOP_CLR_FD) = 0 [pid 5240] close(4) = 0 [pid 5240] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [pid 5240] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5240] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [pid 5240] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5240] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 1 [pid 5240] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5240] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5239] exit_group(0) = ? [pid 5240] <... futex resumed>) = ? [pid 5240] +++ exited with 0 +++ [pid 5239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./56/binderfs") = 0 [ 72.065907][ T5240] REISERFS (device loop0): Using r5 hash to sort names [ 72.073379][ T5240] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5242 ./strace-static-x86_64: Process 5242 attached [pid 5242] set_robust_list(0x555556c086e0, 24) = 0 [pid 5242] chdir("./57") = 0 [pid 5242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5242] setpgid(0, 0) = 0 [pid 5242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5242] write(3, "1000", 4) = 4 [pid 5242] close(3) = 0 [pid 5242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5242] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5242] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5242] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5243 attached [pid 5243] set_robust_list(0x7f18a9db89e0, 24 [pid 5242] <... clone resumed>, parent_tid=[5243], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5243 [pid 5243] <... set_robust_list resumed>) = 0 [pid 5243] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5242] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5242] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5243] memfd_create("syzkaller", 0) = 3 [pid 5243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5243] munmap(0x7f18a1998000, 4194304) = 0 [pid 5243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5243] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5243] close(3) = 0 [pid 5243] mkdir("./file0", 0777) = 0 [ 72.217128][ T5243] loop0: detected capacity change from 0 to 8192 [ 72.227027][ T5243] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 72.240716][ T5243] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 72.250105][ T5243] REISERFS (device loop0): using ordered data mode [ 72.256876][ T5243] reiserfs: using flush barriers [ 72.262892][ T5243] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 72.279286][ T5243] REISERFS (device loop0): checking transaction log (loop0) [pid 5243] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5243] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5243] chdir("./file0") = 0 [pid 5243] ioctl(4, LOOP_CLR_FD) = 0 [pid 5243] close(4) = 0 [pid 5243] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 1 [pid 5243] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5243] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 1 [pid 5243] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5243] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... futex resumed>) = 1 [pid 5243] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5243] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] exit_group(0) = ? [pid 5243] <... futex resumed>) = ? [pid 5243] +++ exited with 0 +++ [pid 5242] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5242, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./57/binderfs") = 0 [ 72.326917][ T5243] REISERFS (device loop0): Using r5 hash to sort names [ 72.334359][ T5243] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5245 ./strace-static-x86_64: Process 5245 attached [pid 5245] set_robust_list(0x555556c086e0, 24) = 0 [pid 5245] chdir("./58") = 0 [pid 5245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5245] setpgid(0, 0) = 0 [pid 5245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5245] write(3, "1000", 4) = 4 [pid 5245] close(3) = 0 [pid 5245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5245] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5245] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5246], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5246 [pid 5245] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5246 attached [pid 5246] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5246] memfd_create("syzkaller", 0) = 3 [pid 5246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5246] munmap(0x7f18a1998000, 4194304) = 0 [pid 5246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5246] close(3) = 0 [pid 5246] mkdir("./file0", 0777) = 0 [ 72.478899][ T5246] loop0: detected capacity change from 0 to 8192 [ 72.489879][ T5246] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 72.503118][ T5246] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 72.512412][ T5246] REISERFS (device loop0): using ordered data mode [ 72.519172][ T5246] reiserfs: using flush barriers [ 72.525301][ T5246] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 72.542123][ T5246] REISERFS (device loop0): checking transaction log (loop0) [pid 5246] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5246] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5246] chdir("./file0") = 0 [pid 5246] ioctl(4, LOOP_CLR_FD) = 0 [pid 5246] close(4) = 0 [pid 5246] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = 0 [pid 5246] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5245] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... openat resumed>) = 4 [pid 5246] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5245] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... mmap resumed>) = 0x20000000 [pid 5246] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = 0 [pid 5246] ioctl(4, FS_IOC_GETVERSION [pid 5245] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5246] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5245] <... futex resumed>) = 0 [pid 5246] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] exit_group(0) = ? [pid 5246] <... futex resumed>) = ? [pid 5246] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5245, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 72.583457][ T5246] REISERFS (device loop0): Using r5 hash to sort names [ 72.590504][ T5246] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5248 ./strace-static-x86_64: Process 5248 attached [pid 5248] set_robust_list(0x555556c086e0, 24) = 0 [pid 5248] chdir("./59") = 0 [pid 5248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5248] setpgid(0, 0) = 0 [pid 5248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5248] write(3, "1000", 4) = 4 [pid 5248] close(3) = 0 [pid 5248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5248] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5248] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5248] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5249], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5249 [pid 5248] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5249 attached [pid 5249] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5249] memfd_create("syzkaller", 0) = 3 [pid 5249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5249] munmap(0x7f18a1998000, 4194304) = 0 [pid 5249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5249] close(3) = 0 [pid 5249] mkdir("./file0", 0777) = 0 [ 72.748786][ T5249] loop0: detected capacity change from 0 to 8192 [ 72.759404][ T5249] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 72.772514][ T5249] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 72.781728][ T5249] REISERFS (device loop0): using ordered data mode [ 72.788309][ T5249] reiserfs: using flush barriers [ 72.794375][ T5249] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 72.810793][ T5249] REISERFS (device loop0): checking transaction log (loop0) [pid 5249] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5249] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5249] chdir("./file0") = 0 [pid 5249] ioctl(4, LOOP_CLR_FD) = 0 [pid 5249] close(4) = 0 [pid 5249] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5248] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5249] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5248] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... mmap resumed>) = 0x20000000 [pid 5249] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] <... futex resumed>) = 0 [pid 5249] ioctl(4, FS_IOC_GETVERSION [pid 5248] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5248] <... futex resumed>) = 0 [pid 5249] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] <... futex resumed>) = 0 [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5249] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5248] exit_group(0 [pid 5249] <... futex resumed>) = ? [pid 5248] <... exit_group resumed>) = ? [pid 5249] +++ exited with 0 +++ [pid 5248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5248, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./59/binderfs") = 0 [ 72.858106][ T5249] REISERFS (device loop0): Using r5 hash to sort names [ 72.865229][ T5249] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5251 ./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x555556c086e0, 24) = 0 [pid 5251] chdir("./60") = 0 [pid 5251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5251] setpgid(0, 0) = 0 [pid 5251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5251] write(3, "1000", 4) = 4 [pid 5251] close(3) = 0 [pid 5251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5251] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5251] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5252], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5252 [pid 5251] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5252 attached [pid 5252] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5251] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5252] munmap(0x7f18a1998000, 4194304) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] mkdir("./file0", 0777) = 0 [ 73.032403][ T5252] loop0: detected capacity change from 0 to 8192 [ 73.043089][ T5252] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 73.056061][ T5252] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 73.065452][ T5252] REISERFS (device loop0): using ordered data mode [ 73.072073][ T5252] reiserfs: using flush barriers [ 73.078013][ T5252] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 73.094868][ T5252] REISERFS (device loop0): checking transaction log (loop0) [pid 5252] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5252] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./file0") = 0 [pid 5252] ioctl(4, LOOP_CLR_FD) = 0 [pid 5252] close(4) = 0 [pid 5252] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5252] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5251] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 0 [pid 5252] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5252] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 1 [pid 5252] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5252] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... futex resumed>) = 1 [pid 5252] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5252] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] exit_group(0) = ? [pid 5252] <... futex resumed>) = ? [pid 5252] +++ exited with 0 +++ [pid 5251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5251, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./60/binderfs") = 0 [ 73.145079][ T5252] REISERFS (device loop0): Using r5 hash to sort names [ 73.152264][ T5252] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5254 attached , child_tidptr=0x555556c086d0) = 5254 [pid 5254] set_robust_list(0x555556c086e0, 24) = 0 [pid 5254] chdir("./61") = 0 [pid 5254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5254] setpgid(0, 0) = 0 [pid 5254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5254] write(3, "1000", 4) = 4 [pid 5254] close(3) = 0 [pid 5254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5254] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5254] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5254] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5255], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5255 [pid 5254] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5255 attached [pid 5255] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5255] memfd_create("syzkaller", 0) = 3 [pid 5255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5255] munmap(0x7f18a1998000, 4194304) = 0 [pid 5255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5255] close(3) = 0 [pid 5255] mkdir("./file0", 0777) = 0 [ 73.309582][ T5255] loop0: detected capacity change from 0 to 8192 [ 73.324633][ T5255] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 73.337762][ T5255] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 73.347152][ T5255] REISERFS (device loop0): using ordered data mode [ 73.353807][ T5255] reiserfs: using flush barriers [ 73.360123][ T5255] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 73.376708][ T5255] REISERFS (device loop0): checking transaction log (loop0) [pid 5255] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5255] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5255] chdir("./file0") = 0 [pid 5255] ioctl(4, LOOP_CLR_FD) = 0 [pid 5255] close(4) = 0 [pid 5255] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... futex resumed>) = 1 [pid 5255] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5255] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... futex resumed>) = 1 [pid 5255] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5255] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... futex resumed>) = 0 [pid 5255] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5255] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5255] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] exit_group(0 [pid 5255] <... futex resumed>) = ? [pid 5254] <... exit_group resumed>) = ? [pid 5255] +++ exited with 0 +++ [pid 5254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5254, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./61/binderfs") = 0 [ 73.435691][ T5255] REISERFS (device loop0): Using r5 hash to sort names [ 73.443178][ T5255] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5257 attached , child_tidptr=0x555556c086d0) = 5257 [pid 5257] set_robust_list(0x555556c086e0, 24) = 0 [pid 5257] chdir("./62") = 0 [pid 5257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5257] setpgid(0, 0) = 0 [pid 5257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5257] write(3, "1000", 4) = 4 [pid 5257] close(3) = 0 [pid 5257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5257] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5257] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5257] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5258 attached , parent_tid=[5258], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5258 [pid 5258] set_robust_list(0x7f18a9db89e0, 24 [pid 5257] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... set_robust_list resumed>) = 0 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5258] memfd_create("syzkaller", 0) = 3 [pid 5258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5258] munmap(0x7f18a1998000, 4194304) = 0 [pid 5258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5258] close(3) = 0 [pid 5258] mkdir("./file0", 0777) = 0 [ 73.580237][ T5258] loop0: detected capacity change from 0 to 8192 [ 73.591227][ T5258] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 73.604283][ T5258] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 73.613584][ T5258] REISERFS (device loop0): using ordered data mode [ 73.620094][ T5258] reiserfs: using flush barriers [ 73.625870][ T5258] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 73.642319][ T5258] REISERFS (device loop0): checking transaction log (loop0) [pid 5258] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5258] chdir("./file0") = 0 [pid 5258] ioctl(4, LOOP_CLR_FD) = 0 [pid 5258] close(4) = 0 [pid 5258] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5258] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] <... futex resumed>) = 0 [pid 5257] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = 0 [pid 5257] <... futex resumed>) = 1 [pid 5258] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5257] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... mmap resumed>) = 0x20000000 [pid 5258] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5258] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5257] <... futex resumed>) = 0 [pid 5258] ioctl(4, FS_IOC_GETVERSION [pid 5257] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5258] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5258] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5257] exit_group(0 [pid 5258] <... futex resumed>) = ? [pid 5257] <... exit_group resumed>) = ? [pid 5258] +++ exited with 0 +++ [pid 5257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5257, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./62/binderfs") = 0 [ 73.689151][ T5258] REISERFS (device loop0): Using r5 hash to sort names [ 73.696553][ T5258] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5260 ./strace-static-x86_64: Process 5260 attached [pid 5260] set_robust_list(0x555556c086e0, 24) = 0 [pid 5260] chdir("./63") = 0 [pid 5260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5260] setpgid(0, 0) = 0 [pid 5260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5260] write(3, "1000", 4) = 4 [pid 5260] close(3) = 0 [pid 5260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5260] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5260] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5260] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5261], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5261 [pid 5260] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5260] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5261 attached [pid 5261] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5261] memfd_create("syzkaller", 0) = 3 [pid 5261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5261] munmap(0x7f18a1998000, 4194304) = 0 [pid 5261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5261] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5261] close(3) = 0 [pid 5261] mkdir("./file0", 0777) = 0 [ 73.852308][ T5261] loop0: detected capacity change from 0 to 8192 [ 73.862079][ T5261] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 73.875606][ T5261] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 73.885071][ T5261] REISERFS (device loop0): using ordered data mode [ 73.891587][ T5261] reiserfs: using flush barriers [ 73.897456][ T5261] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 73.914055][ T5261] REISERFS (device loop0): checking transaction log (loop0) [pid 5261] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5261] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5261] chdir("./file0") = 0 [pid 5261] ioctl(4, LOOP_CLR_FD) = 0 [pid 5261] close(4) = 0 [pid 5261] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5260] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5261] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... futex resumed>) = 0 [pid 5260] <... futex resumed>) = 1 [pid 5261] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5260] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... mmap resumed>) = 0x20000000 [pid 5261] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5261] ioctl(4, FS_IOC_GETVERSION [pid 5260] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5260] <... futex resumed>) = 0 [pid 5261] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... futex resumed>) = 0 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5260] exit_group(0 [pid 5261] <... futex resumed>) = ? [pid 5260] <... exit_group resumed>) = ? [pid 5261] +++ exited with 0 +++ [pid 5260] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5260, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./63/binderfs") = 0 [ 73.962650][ T5261] REISERFS (device loop0): Using r5 hash to sort names [ 73.969847][ T5261] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5263 ./strace-static-x86_64: Process 5263 attached [pid 5263] set_robust_list(0x555556c086e0, 24) = 0 [pid 5263] chdir("./64") = 0 [pid 5263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5263] setpgid(0, 0) = 0 [pid 5263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5263] write(3, "1000", 4) = 4 [pid 5263] close(3) = 0 [pid 5263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5263] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5263] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5264 attached [pid 5264] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5263] <... clone resumed>, parent_tid=[5264], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5264 [pid 5263] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5264] memfd_create("syzkaller", 0) = 3 [pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5264] munmap(0x7f18a1998000, 4194304) = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5264] close(3) = 0 [pid 5264] mkdir("./file0", 0777) = 0 [ 74.124445][ T5264] loop0: detected capacity change from 0 to 8192 [ 74.135702][ T5264] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 74.148726][ T5264] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 74.158078][ T5264] REISERFS (device loop0): using ordered data mode [ 74.164706][ T5264] reiserfs: using flush barriers [ 74.170567][ T5264] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 74.187310][ T5264] REISERFS (device loop0): checking transaction log (loop0) [pid 5264] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5264] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5264] chdir("./file0") = 0 [pid 5264] ioctl(4, LOOP_CLR_FD) = 0 [pid 5264] close(4) = 0 [pid 5264] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5264] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] <... futex resumed>) = 0 [pid 5264] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5263] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... mmap resumed>) = 0x20000000 [pid 5264] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] <... futex resumed>) = 0 [pid 5264] ioctl(4, FS_IOC_GETVERSION [pid 5263] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5264] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] <... futex resumed>) = 0 [pid 5264] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5263] exit_group(0) = ? [pid 5264] <... futex resumed>) = ? [pid 5264] +++ exited with 0 +++ [pid 5263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5263, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./64/binderfs") = 0 [ 74.234963][ T5264] REISERFS (device loop0): Using r5 hash to sort names [ 74.242360][ T5264] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5266 ./strace-static-x86_64: Process 5266 attached [pid 5266] set_robust_list(0x555556c086e0, 24) = 0 [pid 5266] chdir("./65") = 0 [pid 5266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5266] setpgid(0, 0) = 0 [pid 5266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5266] write(3, "1000", 4) = 4 [pid 5266] close(3) = 0 [pid 5266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5266] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5266] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5267 attached , parent_tid=[5267], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5267 [pid 5267] set_robust_list(0x7f18a9db89e0, 24 [pid 5266] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... set_robust_list resumed>) = 0 [pid 5266] <... futex resumed>) = 0 [pid 5267] memfd_create("syzkaller", 0 [pid 5266] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5267] <... memfd_create resumed>) = 3 [pid 5267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5267] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5267] munmap(0x7f18a1998000, 4194304) = 0 [pid 5267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5267] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5267] close(3) = 0 [pid 5267] mkdir("./file0", 0777) = 0 [ 74.397135][ T5267] loop0: detected capacity change from 0 to 8192 [ 74.416782][ T5267] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 74.429764][ T5267] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 74.439370][ T5267] REISERFS (device loop0): using ordered data mode [ 74.446076][ T5267] reiserfs: using flush barriers [ 74.451724][ T5267] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 74.468417][ T5267] REISERFS (device loop0): checking transaction log (loop0) [pid 5267] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5267] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5267] chdir("./file0") = 0 [pid 5267] ioctl(4, LOOP_CLR_FD) = 0 [pid 5267] close(4) = 0 [pid 5267] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5267] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... futex resumed>) = 0 [pid 5266] <... futex resumed>) = 1 [pid 5267] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5266] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... openat resumed>) = 4 [pid 5267] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5266] <... futex resumed>) = 0 [pid 5267] <... mmap resumed>) = 0x20000000 [pid 5266] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5267] ioctl(4, FS_IOC_GETVERSION [pid 5266] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5266] <... futex resumed>) = 0 [pid 5266] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5267] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] exit_group(0 [pid 5267] <... futex resumed>) = ? [pid 5266] <... exit_group resumed>) = ? [pid 5267] +++ exited with 0 +++ [pid 5266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5266, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./65/binderfs") = 0 [ 74.515203][ T5267] REISERFS (device loop0): Using r5 hash to sort names [ 74.522401][ T5267] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5269 ./strace-static-x86_64: Process 5269 attached [pid 5269] set_robust_list(0x555556c086e0, 24) = 0 [pid 5269] chdir("./66") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [pid 5269] close(3) = 0 [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5269] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5269] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5270], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5270 [pid 5269] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5270 attached [pid 5270] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5270] memfd_create("syzkaller", 0) = 3 [pid 5270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5270] munmap(0x7f18a1998000, 4194304) = 0 [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5270] close(3) = 0 [pid 5270] mkdir("./file0", 0777) = 0 [ 74.683019][ T5270] loop0: detected capacity change from 0 to 8192 [ 74.692897][ T5270] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 74.705911][ T5270] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 74.715518][ T5270] REISERFS (device loop0): using ordered data mode [ 74.722105][ T5270] reiserfs: using flush barriers [ 74.727889][ T5270] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 74.744346][ T5270] REISERFS (device loop0): checking transaction log (loop0) [pid 5270] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5270] chdir("./file0") = 0 [pid 5270] ioctl(4, LOOP_CLR_FD) = 0 [pid 5270] close(4) = 0 [pid 5270] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5270] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5269] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... openat resumed>) = 4 [pid 5269] <... futex resumed>) = 0 [pid 5270] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... futex resumed>) = 0 [pid 5269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5270] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5269] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5270] <... mmap resumed>) = 0x20000000 [pid 5269] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5270] ioctl(4, FS_IOC_GETVERSION [pid 5269] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5269] <... futex resumed>) = 0 [pid 5270] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... futex resumed>) = 0 [pid 5269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5270] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] exit_group(0 [pid 5270] <... futex resumed>) = ? [pid 5269] <... exit_group resumed>) = ? [pid 5270] +++ exited with 0 +++ [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./66/binderfs") = 0 [ 74.785204][ T5270] REISERFS (device loop0): Using r5 hash to sort names [ 74.792279][ T5270] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5272 ./strace-static-x86_64: Process 5272 attached [pid 5272] set_robust_list(0x555556c086e0, 24) = 0 [pid 5272] chdir("./67") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5272] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5272] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5273], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5273 [pid 5272] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5273 attached [pid 5273] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5273] memfd_create("syzkaller", 0) = 3 [pid 5273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5273] munmap(0x7f18a1998000, 4194304) = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5273] close(3) = 0 [pid 5273] mkdir("./file0", 0777) = 0 [ 74.928397][ T5273] loop0: detected capacity change from 0 to 8192 [ 74.939780][ T5273] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 74.952818][ T5273] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 74.962053][ T5273] REISERFS (device loop0): using ordered data mode [ 74.968595][ T5273] reiserfs: using flush barriers [ 74.974616][ T5273] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 74.991191][ T5273] REISERFS (device loop0): checking transaction log (loop0) [pid 5273] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5273] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5273] chdir("./file0") = 0 [pid 5273] ioctl(4, LOOP_CLR_FD) = 0 [pid 5273] close(4) = 0 [pid 5273] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5273] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5273] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 1 [pid 5273] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5273] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5272] exit_group(0) = ? [pid 5273] +++ exited with 0 +++ [pid 5272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5272, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./67/binderfs") = 0 [ 75.039572][ T5273] REISERFS (device loop0): Using r5 hash to sort names [ 75.047276][ T5273] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5275 ./strace-static-x86_64: Process 5275 attached [pid 5275] set_robust_list(0x555556c086e0, 24) = 0 [pid 5275] chdir("./68") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5275] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5276 attached , parent_tid=[5276], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5276 [pid 5276] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5276] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5275] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5276] memfd_create("syzkaller", 0) = 3 [pid 5276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5276] munmap(0x7f18a1998000, 4194304) = 0 [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5276] close(3) = 0 [pid 5276] mkdir("./file0", 0777) = 0 [ 75.196817][ T5276] loop0: detected capacity change from 0 to 8192 [ 75.206666][ T5276] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 75.219934][ T5276] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 75.229674][ T5276] REISERFS (device loop0): using ordered data mode [ 75.236628][ T5276] reiserfs: using flush barriers [ 75.242901][ T5276] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 75.259529][ T5276] REISERFS (device loop0): checking transaction log (loop0) [pid 5276] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5276] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5276] chdir("./file0") = 0 [pid 5276] ioctl(4, LOOP_CLR_FD) = 0 [pid 5276] close(4) = 0 [pid 5276] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5275] <... futex resumed>) = 1 [pid 5276] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5275] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... openat resumed>) = 4 [pid 5276] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5276] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] <... futex resumed>) = 0 [pid 5276] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5275] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... mmap resumed>) = 0x20000000 [pid 5276] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5276] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... futex resumed>) = 0 [pid 5276] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5276] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] exit_group(0) = ? [pid 5276] +++ exited with 0 +++ [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./68/binderfs") = 0 [ 75.301741][ T5276] REISERFS (device loop0): Using r5 hash to sort names [ 75.308844][ T5276] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5278 attached , child_tidptr=0x555556c086d0) = 5278 [pid 5278] set_robust_list(0x555556c086e0, 24) = 0 [pid 5278] chdir("./69") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5278] setpgid(0, 0) = 0 [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5278] write(3, "1000", 4) = 4 [pid 5278] close(3) = 0 [pid 5278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5278] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5278] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5279 attached [pid 5279] set_robust_list(0x7f18a9db89e0, 24 [pid 5278] <... clone resumed>, parent_tid=[5279], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5279 [pid 5279] <... set_robust_list resumed>) = 0 [pid 5279] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5279] <... futex resumed>) = 0 [pid 5279] memfd_create("syzkaller", 0) = 3 [pid 5279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5279] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5279] munmap(0x7f18a1998000, 4194304) = 0 [pid 5279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5279] close(3) = 0 [pid 5279] mkdir("./file0", 0777) = 0 [ 75.449181][ T5279] loop0: detected capacity change from 0 to 8192 [ 75.459610][ T5279] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 75.472576][ T5279] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 75.481716][ T5279] REISERFS (device loop0): using ordered data mode [ 75.488477][ T5279] reiserfs: using flush barriers [ 75.494610][ T5279] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 75.511096][ T5279] REISERFS (device loop0): checking transaction log (loop0) [pid 5279] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5279] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5279] chdir("./file0") = 0 [pid 5279] ioctl(4, LOOP_CLR_FD) = 0 [pid 5279] close(4) = 0 [pid 5279] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5279] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... futex resumed>) = 0 [pid 5279] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5279] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... futex resumed>) = 1 [pid 5279] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5279] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... futex resumed>) = 1 [pid 5279] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5279] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] exit_group(0) = ? [pid 5279] <... futex resumed>) = ? [pid 5279] +++ exited with 0 +++ [pid 5278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./69/binderfs") = 0 [ 75.552366][ T5279] REISERFS (device loop0): Using r5 hash to sort names [ 75.559680][ T5279] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5281 ./strace-static-x86_64: Process 5281 attached [pid 5281] set_robust_list(0x555556c086e0, 24) = 0 [pid 5281] chdir("./70") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5281] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5282], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5282 [pid 5281] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5282 attached [pid 5282] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5282] memfd_create("syzkaller", 0) = 3 [pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5282] munmap(0x7f18a1998000, 4194304) = 0 [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5282] close(3) = 0 [pid 5282] mkdir("./file0", 0777) = 0 [ 75.695174][ T5282] loop0: detected capacity change from 0 to 8192 [ 75.704790][ T5282] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 75.717949][ T5282] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 75.727647][ T5282] REISERFS (device loop0): using ordered data mode [ 75.734412][ T5282] reiserfs: using flush barriers [ 75.740239][ T5282] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 75.757018][ T5282] REISERFS (device loop0): checking transaction log (loop0) [pid 5282] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5282] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5282] chdir("./file0") = 0 [pid 5282] ioctl(4, LOOP_CLR_FD) = 0 [pid 5282] close(4) = 0 [pid 5282] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5282] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5282] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5281] <... futex resumed>) = 0 [pid 5282] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5281] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... mmap resumed>) = 0x20000000 [pid 5282] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5282] ioctl(4, FS_IOC_GETVERSION [pid 5281] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5281] <... futex resumed>) = 0 [pid 5282] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5282] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] exit_group(0 [pid 5282] <... futex resumed>) = ? [pid 5281] <... exit_group resumed>) = ? [pid 5282] +++ exited with 0 +++ [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./70/binderfs") = 0 [ 75.799222][ T5282] REISERFS (device loop0): Using r5 hash to sort names [ 75.806469][ T5282] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5284 ./strace-static-x86_64: Process 5284 attached [pid 5284] set_robust_list(0x555556c086e0, 24) = 0 [pid 5284] chdir("./71") = 0 [pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5284] setpgid(0, 0) = 0 [pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5284] write(3, "1000", 4) = 4 [pid 5284] close(3) = 0 [pid 5284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5284] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5284] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5284] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5285], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5285 ./strace-static-x86_64: Process 5285 attached [pid 5285] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5285] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... futex resumed>) = 0 [pid 5284] <... futex resumed>) = 1 [pid 5285] memfd_create("syzkaller", 0) = 3 [pid 5285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5284] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5285] <... mmap resumed>) = 0x7f18a1998000 [pid 5285] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5285] munmap(0x7f18a1998000, 4194304) = 0 [pid 5285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5285] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5285] close(3) = 0 [pid 5285] mkdir("./file0", 0777) = 0 [ 75.963439][ T5285] loop0: detected capacity change from 0 to 8192 [ 75.973152][ T5285] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 75.986180][ T5285] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 75.995815][ T5285] REISERFS (device loop0): using ordered data mode [ 76.002517][ T5285] reiserfs: using flush barriers [ 76.008390][ T5285] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 76.025057][ T5285] REISERFS (device loop0): checking transaction log (loop0) [pid 5285] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5285] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5285] chdir("./file0") = 0 [pid 5285] ioctl(4, LOOP_CLR_FD) = 0 [pid 5285] close(4) = 0 [pid 5285] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 1 [pid 5285] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5285] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 1 [pid 5285] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5285] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 1 [pid 5285] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5285] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] exit_group(0) = ? [pid 5285] <... futex resumed>) = ? [pid 5285] +++ exited with 0 +++ [pid 5284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5284, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./71/binderfs") = 0 [ 76.072658][ T5285] REISERFS (device loop0): Using r5 hash to sort names [ 76.079806][ T5285] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5287 ./strace-static-x86_64: Process 5287 attached [pid 5287] set_robust_list(0x555556c086e0, 24) = 0 [pid 5287] chdir("./72") = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5287] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5287] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5287] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5288 attached [pid 5288] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5288] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] <... clone resumed>, parent_tid=[5288], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5288 [pid 5287] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] <... futex resumed>) = 0 [pid 5288] memfd_create("syzkaller", 0) = 3 [pid 5288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5287] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5288] munmap(0x7f18a1998000, 4194304) = 0 [pid 5288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5288] close(3) = 0 [pid 5288] mkdir("./file0", 0777) = 0 [ 76.223528][ T7] cfg80211: failed to load regulatory.db [ 76.244446][ T5288] loop0: detected capacity change from 0 to 8192 [ 76.254200][ T5288] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 76.267506][ T5288] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 76.276797][ T5288] REISERFS (device loop0): using ordered data mode [ 76.283411][ T5288] reiserfs: using flush barriers [ 76.289485][ T5288] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 76.305866][ T5288] REISERFS (device loop0): checking transaction log (loop0) [pid 5288] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5288] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5288] chdir("./file0") = 0 [pid 5288] ioctl(4, LOOP_CLR_FD) = 0 [pid 5288] close(4) = 0 [pid 5288] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... futex resumed>) = 0 [pid 5288] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5288] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5288] <... futex resumed>) = 1 [pid 5287] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5287] <... futex resumed>) = 0 [pid 5288] <... mmap resumed>) = 0x20000000 [pid 5287] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] ioctl(4, FS_IOC_GETVERSION [pid 5287] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5287] <... futex resumed>) = 0 [pid 5288] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... futex resumed>) = 0 [pid 5287] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5288] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] exit_group(0 [pid 5288] <... futex resumed>) = ? [pid 5287] <... exit_group resumed>) = ? [pid 5288] +++ exited with 0 +++ [pid 5287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5287, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./72/binderfs") = 0 [ 76.347858][ T5288] REISERFS (device loop0): Using r5 hash to sort names [ 76.355232][ T5288] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5290 ./strace-static-x86_64: Process 5290 attached [pid 5290] set_robust_list(0x555556c086e0, 24) = 0 [pid 5290] chdir("./73") = 0 [pid 5290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5290] setpgid(0, 0) = 0 [pid 5290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5290] write(3, "1000", 4) = 4 [pid 5290] close(3) = 0 [pid 5290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5290] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5290] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5290] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5291], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5291 [pid 5290] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5291 attached [pid 5291] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5291] memfd_create("syzkaller", 0) = 3 [pid 5291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5291] munmap(0x7f18a1998000, 4194304) = 0 [pid 5291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5291] close(3) = 0 [pid 5291] mkdir("./file0", 0777) = 0 [ 76.501128][ T5291] loop0: detected capacity change from 0 to 8192 [ 76.510893][ T5291] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 76.524900][ T5291] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 76.534544][ T5291] REISERFS (device loop0): using ordered data mode [ 76.541273][ T5291] reiserfs: using flush barriers [ 76.547420][ T5291] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 76.564247][ T5291] REISERFS (device loop0): checking transaction log (loop0) [pid 5291] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5291] chdir("./file0") = 0 [pid 5291] ioctl(4, LOOP_CLR_FD) = 0 [pid 5291] close(4) = 0 [pid 5291] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5290] <... futex resumed>) = 0 [pid 5291] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5290] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... openat resumed>) = 4 [pid 5290] <... futex resumed>) = 0 [pid 5291] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] <... futex resumed>) = 0 [pid 5290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5291] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5290] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... mmap resumed>) = 0x20000000 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5290] <... futex resumed>) = 0 [pid 5291] ioctl(4, FS_IOC_GETVERSION [pid 5290] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5290] <... futex resumed>) = 0 [pid 5291] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] <... futex resumed>) = 0 [pid 5290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5291] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5290] exit_group(0 [pid 5291] <... futex resumed>) = ? [pid 5290] <... exit_group resumed>) = ? [pid 5291] +++ exited with 0 +++ [pid 5290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5290, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./73/binderfs") = 0 [ 76.606367][ T5291] REISERFS (device loop0): Using r5 hash to sort names [ 76.613482][ T5291] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5293 ./strace-static-x86_64: Process 5293 attached [pid 5293] set_robust_list(0x555556c086e0, 24) = 0 [pid 5293] chdir("./74") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5293] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5293] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5294 attached , parent_tid=[5294], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5294 [pid 5294] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5294] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5293] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5294] memfd_create("syzkaller", 0) = 3 [pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5294] munmap(0x7f18a1998000, 4194304) = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5294] close(3) = 0 [pid 5294] mkdir("./file0", 0777) = 0 [ 76.760408][ T5294] loop0: detected capacity change from 0 to 8192 [ 76.771333][ T5294] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 76.784414][ T5294] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 76.793669][ T5294] REISERFS (device loop0): using ordered data mode [ 76.800160][ T5294] reiserfs: using flush barriers [ 76.806035][ T5294] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 76.822393][ T5294] REISERFS (device loop0): checking transaction log (loop0) [pid 5294] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5294] chdir("./file0") = 0 [pid 5294] ioctl(4, LOOP_CLR_FD) = 0 [pid 5294] close(4) = 0 [pid 5294] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... openat resumed>) = 4 [pid 5294] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5293] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... mmap resumed>) = 0x20000000 [pid 5294] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5294] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] exit_group(0) = ? [pid 5294] +++ exited with 0 +++ [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./74/binderfs") = 0 [ 76.863599][ T5294] REISERFS (device loop0): Using r5 hash to sort names [ 76.870701][ T5294] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5296 ./strace-static-x86_64: Process 5296 attached [pid 5296] set_robust_list(0x555556c086e0, 24) = 0 [pid 5296] chdir("./75") = 0 [pid 5296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5296] setpgid(0, 0) = 0 [pid 5296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5296] write(3, "1000", 4) = 4 [pid 5296] close(3) = 0 [pid 5296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5296] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5296] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5296] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5297 attached , parent_tid=[5297], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5297 [pid 5297] set_robust_list(0x7f18a9db89e0, 24 [pid 5296] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5297] <... set_robust_list resumed>) = 0 [pid 5297] memfd_create("syzkaller", 0) = 3 [pid 5297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5297] munmap(0x7f18a1998000, 4194304) = 0 [pid 5297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5297] close(3) = 0 [pid 5297] mkdir("./file0", 0777) = 0 [ 77.023796][ T5297] loop0: detected capacity change from 0 to 8192 [ 77.035802][ T5297] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 77.048859][ T5297] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 77.058089][ T5297] REISERFS (device loop0): using ordered data mode [ 77.064670][ T5297] reiserfs: using flush barriers [ 77.070483][ T5297] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 77.086968][ T5297] REISERFS (device loop0): checking transaction log (loop0) [pid 5297] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5297] chdir("./file0") = 0 [pid 5297] ioctl(4, LOOP_CLR_FD) = 0 [pid 5297] close(4) = 0 [pid 5297] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5297] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5297] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5296] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] <... mmap resumed>) = 0x20000000 [pid 5296] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] <... futex resumed>) = 0 [pid 5296] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] ioctl(4, FS_IOC_GETVERSION [pid 5296] <... futex resumed>) = 0 [pid 5297] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5296] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5297] <... futex resumed>) = 0 [pid 5297] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] exit_group(0 [pid 5297] <... futex resumed>) = ? [pid 5296] <... exit_group resumed>) = ? [pid 5297] +++ exited with 0 +++ [pid 5296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5296, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./75/binderfs") = 0 [ 77.128369][ T5297] REISERFS (device loop0): Using r5 hash to sort names [ 77.135584][ T5297] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5299 ./strace-static-x86_64: Process 5299 attached [pid 5299] set_robust_list(0x555556c086e0, 24) = 0 [pid 5299] chdir("./76") = 0 [pid 5299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5299] setpgid(0, 0) = 0 [pid 5299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5299] write(3, "1000", 4) = 4 [pid 5299] close(3) = 0 [pid 5299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5299] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5299] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5299] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5300 attached , parent_tid=[5300], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5300 [pid 5300] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5300] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] <... futex resumed>) = 0 [pid 5300] memfd_create("syzkaller", 0 [pid 5299] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5300] <... memfd_create resumed>) = 3 [pid 5300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5300] munmap(0x7f18a1998000, 4194304) = 0 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5300] close(3) = 0 [pid 5300] mkdir("./file0", 0777) = 0 [ 77.307746][ T5300] loop0: detected capacity change from 0 to 8192 [ 77.317745][ T5300] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 77.331340][ T5300] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 77.340616][ T5300] REISERFS (device loop0): using ordered data mode [ 77.347177][ T5300] reiserfs: using flush barriers [ 77.353183][ T5300] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 77.369529][ T5300] REISERFS (device loop0): checking transaction log (loop0) [pid 5300] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5300] chdir("./file0") = 0 [pid 5300] ioctl(4, LOOP_CLR_FD) = 0 [pid 5300] close(4) = 0 [pid 5300] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [pid 5300] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5300] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [pid 5300] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5300] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [pid 5300] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5300] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] exit_group(0) = ? [pid 5300] <... futex resumed>) = ? [pid 5300] +++ exited with 0 +++ [pid 5299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5299, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./76/binderfs") = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5302 ./strace-static-x86_64: Process 5302 attached [pid 5302] set_robust_list(0x555556c086e0, 24) = 0 [pid 5302] chdir("./77") = 0 [pid 5302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5302] setpgid(0, 0) = 0 [pid 5302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5302] write(3, "1000", 4) = 4 [pid 5302] close(3) = 0 [pid 5302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5302] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5302] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5302] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5303], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5303 [pid 5302] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5303 attached [pid 5303] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5303] memfd_create("syzkaller", 0) = 3 [pid 5303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [ 77.411727][ T5300] REISERFS (device loop0): Using r5 hash to sort names [ 77.419134][ T5300] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5303] munmap(0x7f18a1998000, 4194304) = 0 [pid 5303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5303] close(3) = 0 [pid 5303] mkdir("./file0", 0777) = 0 [ 77.539410][ T5303] loop0: detected capacity change from 0 to 8192 [ 77.549713][ T5303] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 77.562711][ T5303] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 77.571877][ T5303] REISERFS (device loop0): using ordered data mode [ 77.578762][ T5303] reiserfs: using flush barriers [ 77.585035][ T5303] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 77.601635][ T5303] REISERFS (device loop0): checking transaction log (loop0) [pid 5303] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5303] chdir("./file0") = 0 [pid 5303] ioctl(4, LOOP_CLR_FD) = 0 [pid 5303] close(4) = 0 [pid 5303] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] <... futex resumed>) = 1 [pid 5303] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5303] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] <... futex resumed>) = 1 [pid 5303] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5303] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] <... futex resumed>) = 1 [pid 5303] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5303] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = 0 [pid 5302] exit_group(0) = ? [pid 5303] <... futex resumed>) = ? [pid 5303] +++ exited with 0 +++ [pid 5302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5302, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./77/binderfs") = 0 [ 77.650655][ T5303] REISERFS (device loop0): Using r5 hash to sort names [ 77.657994][ T5303] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5305 ./strace-static-x86_64: Process 5305 attached [pid 5305] set_robust_list(0x555556c086e0, 24) = 0 [pid 5305] chdir("./78") = 0 [pid 5305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5305] setpgid(0, 0) = 0 [pid 5305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5305] write(3, "1000", 4) = 4 [pid 5305] close(3) = 0 [pid 5305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5305] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5305] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5305] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5306 attached , parent_tid=[5306], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5306 [pid 5306] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5306] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] <... futex resumed>) = 0 [pid 5306] memfd_create("syzkaller", 0 [pid 5305] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5306] <... memfd_create resumed>) = 3 [pid 5306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5306] munmap(0x7f18a1998000, 4194304) = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5306] close(3) = 0 [pid 5306] mkdir("./file0", 0777) = 0 [ 77.796492][ T5306] loop0: detected capacity change from 0 to 8192 [ 77.805817][ T5306] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 77.818846][ T5306] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 77.828036][ T5306] REISERFS (device loop0): using ordered data mode [ 77.834615][ T5306] reiserfs: using flush barriers [ 77.840523][ T5306] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 77.856938][ T5306] REISERFS (device loop0): checking transaction log (loop0) [pid 5306] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5306] chdir("./file0") = 0 [pid 5306] ioctl(4, LOOP_CLR_FD) = 0 [pid 5306] close(4) = 0 [pid 5306] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5305] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... openat resumed>) = 4 [pid 5306] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5306] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5306] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5305] exit_group(0) = ? [pid 5306] +++ exited with 0 +++ [pid 5305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5305, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./78/binderfs") = 0 [ 77.899966][ T5306] REISERFS (device loop0): Using r5 hash to sort names [ 77.907394][ T5306] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5308 ./strace-static-x86_64: Process 5308 attached [pid 5308] set_robust_list(0x555556c086e0, 24) = 0 [pid 5308] chdir("./79") = 0 [pid 5308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5308] setpgid(0, 0) = 0 [pid 5308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5308] write(3, "1000", 4) = 4 [pid 5308] close(3) = 0 [pid 5308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5308] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5308] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5309 attached , parent_tid=[5309], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5309 [pid 5309] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5309] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5308] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5309] memfd_create("syzkaller", 0) = 3 [pid 5309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5309] munmap(0x7f18a1998000, 4194304) = 0 [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5309] close(3) = 0 [pid 5309] mkdir("./file0", 0777) = 0 [ 78.076674][ T5309] loop0: detected capacity change from 0 to 8192 [ 78.087435][ T5309] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 78.100509][ T5309] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 78.109882][ T5309] REISERFS (device loop0): using ordered data mode [ 78.116495][ T5309] reiserfs: using flush barriers [ 78.122471][ T5309] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 78.139191][ T5309] REISERFS (device loop0): checking transaction log (loop0) [pid 5309] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5309] chdir("./file0") = 0 [pid 5309] ioctl(4, LOOP_CLR_FD) = 0 [pid 5309] close(4) = 0 [pid 5309] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5309] <... futex resumed>) = 1 [pid 5308] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5309] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5309] <... futex resumed>) = 1 [pid 5308] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5309] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5309] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5309] <... futex resumed>) = 1 [pid 5308] exit_group(0) = ? [pid 5309] +++ exited with 0 +++ [pid 5308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5308, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./79/binderfs") = 0 [ 78.189850][ T5309] REISERFS (device loop0): Using r5 hash to sort names [ 78.197265][ T5309] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5311 ./strace-static-x86_64: Process 5311 attached [pid 5311] set_robust_list(0x555556c086e0, 24) = 0 [pid 5311] chdir("./80") = 0 [pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5311] setpgid(0, 0) = 0 [pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5311] write(3, "1000", 4) = 4 [pid 5311] close(3) = 0 [pid 5311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5311] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5311] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5311] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5312 attached [pid 5312] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5312] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] <... clone resumed>, parent_tid=[5312], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5312 [pid 5311] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] <... futex resumed>) = 0 [pid 5312] memfd_create("syzkaller", 0 [pid 5311] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5312] <... memfd_create resumed>) = 3 [pid 5312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5312] munmap(0x7f18a1998000, 4194304) = 0 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5312] close(3) = 0 [pid 5312] mkdir("./file0", 0777) = 0 [ 78.354316][ T5312] loop0: detected capacity change from 0 to 8192 [ 78.364403][ T5312] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 78.377446][ T5312] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 78.386761][ T5312] REISERFS (device loop0): using ordered data mode [ 78.393308][ T5312] reiserfs: using flush barriers [ 78.399197][ T5312] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 78.415656][ T5312] REISERFS (device loop0): checking transaction log (loop0) [pid 5312] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5312] chdir("./file0") = 0 [pid 5312] ioctl(4, LOOP_CLR_FD) = 0 [pid 5312] close(4) = 0 [pid 5312] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... futex resumed>) = 1 [pid 5312] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5312] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... futex resumed>) = 1 [pid 5312] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5312] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5312] <... futex resumed>) = 1 [pid 5311] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5312] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] exit_group(0 [pid 5312] <... futex resumed>) = ? [pid 5311] <... exit_group resumed>) = ? [pid 5312] +++ exited with 0 +++ [pid 5311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5311, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 78.463408][ T5312] REISERFS (device loop0): Using r5 hash to sort names [ 78.470460][ T5312] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5314 ./strace-static-x86_64: Process 5314 attached [pid 5314] set_robust_list(0x555556c086e0, 24) = 0 [pid 5314] chdir("./81") = 0 [pid 5314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5314] setpgid(0, 0) = 0 [pid 5314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5314] write(3, "1000", 4) = 4 [pid 5314] close(3) = 0 [pid 5314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5314] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5314] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5314] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5315], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5315 [pid 5314] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5315 attached [pid 5315] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5315] memfd_create("syzkaller", 0) = 3 [pid 5315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5315] munmap(0x7f18a1998000, 4194304) = 0 [pid 5315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5315] close(3) = 0 [pid 5315] mkdir("./file0", 0777) = 0 [ 78.642093][ T5315] loop0: detected capacity change from 0 to 8192 [ 78.651855][ T5315] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 78.665429][ T5315] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 78.675088][ T5315] REISERFS (device loop0): using ordered data mode [ 78.681827][ T5315] reiserfs: using flush barriers [ 78.688064][ T5315] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 78.704838][ T5315] REISERFS (device loop0): checking transaction log (loop0) [pid 5315] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5315] chdir("./file0") = 0 [pid 5315] ioctl(4, LOOP_CLR_FD) = 0 [pid 5315] close(4) = 0 [pid 5315] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... futex resumed>) = 0 [pid 5315] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5315] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... futex resumed>) = 1 [pid 5315] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5315] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5315] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5314] <... futex resumed>) = 0 [pid 5315] ioctl(4, FS_IOC_GETVERSION [pid 5314] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5315] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5315] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] exit_group(0 [pid 5315] <... futex resumed>) = ? [pid 5314] <... exit_group resumed>) = ? [pid 5315] +++ exited with 0 +++ [pid 5314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5314, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./81/binderfs") = 0 [ 78.752142][ T5315] REISERFS (device loop0): Using r5 hash to sort names [ 78.759310][ T5315] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5317 ./strace-static-x86_64: Process 5317 attached [pid 5317] set_robust_list(0x555556c086e0, 24) = 0 [pid 5317] chdir("./82") = 0 [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5317] setpgid(0, 0) = 0 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5317] write(3, "1000", 4) = 4 [pid 5317] close(3) = 0 [pid 5317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5317] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5317] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5318], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5318 [pid 5317] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5318 attached [pid 5318] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5318] memfd_create("syzkaller", 0) = 3 [pid 5318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5318] munmap(0x7f18a1998000, 4194304) = 0 [pid 5318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5318] close(3) = 0 [pid 5318] mkdir("./file0", 0777) = 0 [ 78.916989][ T5318] loop0: detected capacity change from 0 to 8192 [ 78.926593][ T5318] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 78.939607][ T5318] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 78.948854][ T5318] REISERFS (device loop0): using ordered data mode [ 78.955428][ T5318] reiserfs: using flush barriers [ 78.961202][ T5318] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 78.977661][ T5318] REISERFS (device loop0): checking transaction log (loop0) [pid 5318] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5318] chdir("./file0") = 0 [pid 5318] ioctl(4, LOOP_CLR_FD) = 0 [pid 5318] close(4) = 0 [pid 5318] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... futex resumed>) = 0 [pid 5318] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5318] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... futex resumed>) = 1 [pid 5318] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5318] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... futex resumed>) = 1 [pid 5318] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5318] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] exit_group(0) = ? [pid 5318] <... futex resumed>) = ? [pid 5318] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./82/binderfs") = 0 [ 79.026168][ T5318] REISERFS (device loop0): Using r5 hash to sort names [ 79.033697][ T5318] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5320 ./strace-static-x86_64: Process 5320 attached [pid 5320] set_robust_list(0x555556c086e0, 24) = 0 [pid 5320] chdir("./83") = 0 [pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5320] setpgid(0, 0) = 0 [pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5320] write(3, "1000", 4) = 4 [pid 5320] close(3) = 0 [pid 5320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5320] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5320] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5320] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5321 attached , parent_tid=[5321], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5321 [pid 5321] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5321] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] <... futex resumed>) = 0 [pid 5320] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5321] memfd_create("syzkaller", 0) = 3 [pid 5321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5321] munmap(0x7f18a1998000, 4194304) = 0 [pid 5321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5321] close(3) = 0 [pid 5321] mkdir("./file0", 0777) = 0 [ 79.185263][ T5321] loop0: detected capacity change from 0 to 8192 [ 79.195972][ T5321] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 79.209100][ T5321] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 79.218374][ T5321] REISERFS (device loop0): using ordered data mode [ 79.224987][ T5321] reiserfs: using flush barriers [ 79.230877][ T5321] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 79.247351][ T5321] REISERFS (device loop0): checking transaction log (loop0) [pid 5321] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5321] chdir("./file0") = 0 [pid 5321] ioctl(4, LOOP_CLR_FD) = 0 [pid 5321] close(4) = 0 [pid 5321] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... futex resumed>) = 0 [pid 5321] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5321] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5321] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = 0 [pid 5321] <... futex resumed>) = 1 [pid 5320] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5321] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5320] exit_group(0) = ? [pid 5321] +++ exited with 0 +++ [pid 5320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5320, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./83/binderfs") = 0 [ 79.294293][ T5321] REISERFS (device loop0): Using r5 hash to sort names [ 79.301715][ T5321] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5323 attached , child_tidptr=0x555556c086d0) = 5323 [pid 5323] set_robust_list(0x555556c086e0, 24) = 0 [pid 5323] chdir("./84") = 0 [pid 5323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5323] setpgid(0, 0) = 0 [pid 5323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5323] write(3, "1000", 4) = 4 [pid 5323] close(3) = 0 [pid 5323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5323] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5323] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5324], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5324 [pid 5323] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5324 attached [pid 5324] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5324] memfd_create("syzkaller", 0) = 3 [pid 5324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5324] munmap(0x7f18a1998000, 4194304) = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5324] close(3) = 0 [pid 5324] mkdir("./file0", 0777) = 0 [ 79.460814][ T5324] loop0: detected capacity change from 0 to 8192 [ 79.470580][ T5324] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 79.483652][ T5324] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 79.493335][ T5324] REISERFS (device loop0): using ordered data mode [ 79.499900][ T5324] reiserfs: using flush barriers [ 79.505842][ T5324] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 79.522342][ T5324] REISERFS (device loop0): checking transaction log (loop0) [pid 5324] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5324] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5324] chdir("./file0") = 0 [pid 5324] ioctl(4, LOOP_CLR_FD) = 0 [pid 5324] close(4) = 0 [pid 5324] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5324] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 0 [pid 5323] <... futex resumed>) = 1 [pid 5324] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5323] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... openat resumed>) = 4 [pid 5324] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5323] <... futex resumed>) = 0 [pid 5324] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5323] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... mmap resumed>) = 0x20000000 [pid 5324] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5324] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5323] exit_group(0) = ? [pid 5324] +++ exited with 0 +++ [pid 5323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5323, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./84/binderfs") = 0 [ 79.571660][ T5324] REISERFS (device loop0): Using r5 hash to sort names [ 79.578755][ T5324] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5326 ./strace-static-x86_64: Process 5326 attached [pid 5326] set_robust_list(0x555556c086e0, 24) = 0 [pid 5326] chdir("./85") = 0 [pid 5326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5326] setpgid(0, 0) = 0 [pid 5326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5326] write(3, "1000", 4) = 4 [pid 5326] close(3) = 0 [pid 5326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5326] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5326] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5326] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5327 attached , parent_tid=[5327], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5327 [pid 5326] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5327] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5327] memfd_create("syzkaller", 0) = 3 [pid 5327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5327] munmap(0x7f18a1998000, 4194304) = 0 [pid 5327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5327] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5327] close(3) = 0 [pid 5327] mkdir("./file0", 0777) = 0 [ 79.736803][ T5327] loop0: detected capacity change from 0 to 8192 [ 79.746906][ T5327] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 79.759968][ T5327] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 79.769238][ T5327] REISERFS (device loop0): using ordered data mode [ 79.775791][ T5327] reiserfs: using flush barriers [ 79.781578][ T5327] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 79.798066][ T5327] REISERFS (device loop0): checking transaction log (loop0) [pid 5327] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5327] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5327] chdir("./file0") = 0 [pid 5327] ioctl(4, LOOP_CLR_FD) = 0 [pid 5327] close(4) = 0 [pid 5327] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5327] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5326] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5326] <... futex resumed>) = 0 [pid 5327] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5326] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] <... openat resumed>) = 4 [pid 5327] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] <... futex resumed>) = 1 [pid 5327] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5327] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = 0 [pid 5327] <... futex resumed>) = 1 [pid 5326] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5327] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5326] exit_group(0) = ? [pid 5327] +++ exited with 0 +++ [pid 5326] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5326, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./85/binderfs") = 0 [ 79.839556][ T5327] REISERFS (device loop0): Using r5 hash to sort names [ 79.846687][ T5327] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5329 attached , child_tidptr=0x555556c086d0) = 5329 [pid 5329] set_robust_list(0x555556c086e0, 24) = 0 [pid 5329] chdir("./86") = 0 [pid 5329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5329] setpgid(0, 0) = 0 [pid 5329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5329] write(3, "1000", 4) = 4 [pid 5329] close(3) = 0 [pid 5329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5329] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5329] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5330], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5330 [pid 5329] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5330 attached [pid 5330] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5330] memfd_create("syzkaller", 0) = 3 [pid 5330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5330] munmap(0x7f18a1998000, 4194304) = 0 [pid 5330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5330] close(3) = 0 [pid 5330] mkdir("./file0", 0777) = 0 [ 79.995804][ T5330] loop0: detected capacity change from 0 to 8192 [ 80.006275][ T5330] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 80.019378][ T5330] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 80.028847][ T5330] REISERFS (device loop0): using ordered data mode [ 80.035737][ T5330] reiserfs: using flush barriers [ 80.041860][ T5330] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 80.058625][ T5330] REISERFS (device loop0): checking transaction log (loop0) [pid 5330] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5330] chdir("./file0") = 0 [pid 5330] ioctl(4, LOOP_CLR_FD) = 0 [pid 5330] close(4) = 0 [pid 5330] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... futex resumed>) = 0 [pid 5330] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5330] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... futex resumed>) = 1 [pid 5330] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5330] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5329] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5329] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5330] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5329] exit_group(0) = ? [pid 5330] <... futex resumed>) = ? [pid 5330] +++ exited with 0 +++ [pid 5329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5329, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./86/binderfs") = 0 [ 80.108149][ T5330] REISERFS (device loop0): Using r5 hash to sort names [ 80.115324][ T5330] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5332 ./strace-static-x86_64: Process 5332 attached [pid 5332] set_robust_list(0x555556c086e0, 24) = 0 [pid 5332] chdir("./87") = 0 [pid 5332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5332] setpgid(0, 0) = 0 [pid 5332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5332] write(3, "1000", 4) = 4 [pid 5332] close(3) = 0 [pid 5332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5332] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5332] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5332] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5333 attached [pid 5333] set_robust_list(0x7f18a9db89e0, 24 [pid 5332] <... clone resumed>, parent_tid=[5333], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5333 [pid 5333] <... set_robust_list resumed>) = 0 [pid 5332] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5333] memfd_create("syzkaller", 0) = 3 [pid 5333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5333] munmap(0x7f18a1998000, 4194304) = 0 [pid 5333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5333] close(3) = 0 [pid 5333] mkdir("./file0", 0777) = 0 [ 80.256045][ T5333] loop0: detected capacity change from 0 to 8192 [ 80.265943][ T5333] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 80.279100][ T5333] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 80.288605][ T5333] REISERFS (device loop0): using ordered data mode [ 80.295209][ T5333] reiserfs: using flush barriers [ 80.301007][ T5333] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 80.317446][ T5333] REISERFS (device loop0): checking transaction log (loop0) [pid 5333] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5333] chdir("./file0") = 0 [pid 5333] ioctl(4, LOOP_CLR_FD) = 0 [pid 5333] close(4) = 0 [pid 5333] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5333] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5332] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5333] <... openat resumed>) = 4 [pid 5332] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5333] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5332] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... mmap resumed>) = 0x20000000 [pid 5333] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5333] ioctl(4, FS_IOC_GETVERSION [pid 5332] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5332] <... futex resumed>) = 0 [pid 5333] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... futex resumed>) = 0 [pid 5332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5333] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] exit_group(0 [pid 5333] <... futex resumed>) = ? [pid 5332] <... exit_group resumed>) = ? [pid 5333] +++ exited with 0 +++ [pid 5332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5332, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./87/binderfs") = 0 [ 80.365266][ T5333] REISERFS (device loop0): Using r5 hash to sort names [ 80.372439][ T5333] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5335 ./strace-static-x86_64: Process 5335 attached [pid 5335] set_robust_list(0x555556c086e0, 24) = 0 [pid 5335] chdir("./88") = 0 [pid 5335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5335] setpgid(0, 0) = 0 [pid 5335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5335] write(3, "1000", 4) = 4 [pid 5335] close(3) = 0 [pid 5335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5335] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5335] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5335] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5336 attached , parent_tid=[5336], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5336 [pid 5336] set_robust_list(0x7f18a9db89e0, 24 [pid 5335] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... set_robust_list resumed>) = 0 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5336] memfd_create("syzkaller", 0) = 3 [pid 5336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5336] munmap(0x7f18a1998000, 4194304) = 0 [pid 5336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5336] close(3) = 0 [pid 5336] mkdir("./file0", 0777) = 0 [ 80.524132][ T5336] loop0: detected capacity change from 0 to 8192 [ 80.534603][ T5336] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 80.547872][ T5336] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 80.557501][ T5336] REISERFS (device loop0): using ordered data mode [ 80.564242][ T5336] reiserfs: using flush barriers [ 80.569906][ T5336] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 80.586455][ T5336] REISERFS (device loop0): checking transaction log (loop0) [pid 5336] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5336] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5336] chdir("./file0") = 0 [pid 5336] ioctl(4, LOOP_CLR_FD) = 0 [pid 5336] close(4) = 0 [pid 5336] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... futex resumed>) = 1 [pid 5336] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5336] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... futex resumed>) = 1 [pid 5336] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5336] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... futex resumed>) = 1 [pid 5336] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5336] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5335] exit_group(0) = ? [pid 5336] <... futex resumed>) = ? [pid 5336] +++ exited with 0 +++ [pid 5335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5335, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./88/binderfs") = 0 [ 80.638605][ T5336] REISERFS (device loop0): Using r5 hash to sort names [ 80.645736][ T5336] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5338 attached , child_tidptr=0x555556c086d0) = 5338 [pid 5338] set_robust_list(0x555556c086e0, 24) = 0 [pid 5338] chdir("./89") = 0 [pid 5338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5338] setpgid(0, 0) = 0 [pid 5338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5338] write(3, "1000", 4) = 4 [pid 5338] close(3) = 0 [pid 5338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5338] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5338] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5338] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5339 attached , parent_tid=[5339], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5339 [pid 5338] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5339] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5339] memfd_create("syzkaller", 0) = 3 [pid 5339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5339] munmap(0x7f18a1998000, 4194304) = 0 [pid 5339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5339] close(3) = 0 [pid 5339] mkdir("./file0", 0777) = 0 [ 80.794852][ T5339] loop0: detected capacity change from 0 to 8192 [ 80.806234][ T5339] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 80.819301][ T5339] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 80.828533][ T5339] REISERFS (device loop0): using ordered data mode [ 80.835352][ T5339] reiserfs: using flush barriers [ 80.841288][ T5339] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 80.857794][ T5339] REISERFS (device loop0): checking transaction log (loop0) [pid 5339] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5339] chdir("./file0") = 0 [pid 5339] ioctl(4, LOOP_CLR_FD) = 0 [pid 5339] close(4) = 0 [pid 5339] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] <... futex resumed>) = 1 [pid 5339] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5339] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] <... futex resumed>) = 1 [pid 5339] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5339] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] <... futex resumed>) = 1 [pid 5339] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5339] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = 0 [pid 5338] exit_group(0) = ? [pid 5339] <... futex resumed>) = ? [pid 5339] +++ exited with 0 +++ [pid 5338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5338, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./89/binderfs") = 0 [ 80.906416][ T5339] REISERFS (device loop0): Using r5 hash to sort names [ 80.913833][ T5339] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5341 ./strace-static-x86_64: Process 5341 attached [pid 5341] set_robust_list(0x555556c086e0, 24) = 0 [pid 5341] chdir("./90") = 0 [pid 5341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5341] setpgid(0, 0) = 0 [pid 5341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5341] write(3, "1000", 4) = 4 [pid 5341] close(3) = 0 [pid 5341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5341] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5341] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5341] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5342 attached , parent_tid=[5342], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5342 [pid 5342] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5342] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5342] memfd_create("syzkaller", 0 [pid 5341] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5342] <... memfd_create resumed>) = 3 [pid 5342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5342] munmap(0x7f18a1998000, 4194304) = 0 [pid 5342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5342] close(3) = 0 [pid 5342] mkdir("./file0", 0777) = 0 [ 81.074812][ T5342] loop0: detected capacity change from 0 to 8192 [ 81.084927][ T5342] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 81.097914][ T5342] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 81.107325][ T5342] REISERFS (device loop0): using ordered data mode [ 81.114285][ T5342] reiserfs: using flush barriers [ 81.120214][ T5342] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 81.136994][ T5342] REISERFS (device loop0): checking transaction log (loop0) [pid 5342] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5342] chdir("./file0") = 0 [pid 5342] ioctl(4, LOOP_CLR_FD) = 0 [pid 5342] close(4) = 0 [pid 5342] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5342] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5342] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5342] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5342] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] <... futex resumed>) = 0 [pid 5342] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5341] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... mmap resumed>) = 0x20000000 [pid 5342] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5342] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] <... futex resumed>) = 0 [pid 5342] ioctl(4, FS_IOC_GETVERSION [pid 5341] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5342] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5342] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] exit_group(0) = ? [pid 5342] <... futex resumed>) = ? [pid 5342] +++ exited with 0 +++ [pid 5341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5341, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./90/binderfs") = 0 [ 81.182928][ T5342] REISERFS (device loop0): Using r5 hash to sort names [ 81.190077][ T5342] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5344 attached [pid 5344] set_robust_list(0x555556c086e0, 24) = 0 [pid 5344] chdir("./91") = 0 [pid 5344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5344] setpgid(0, 0) = 0 [pid 5344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5344] write(3, "1000", 4) = 4 [pid 5344] close(3) = 0 [pid 5344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5344] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5344] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5345], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5345 [pid 5344] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5345 attached [pid 5345] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5345] memfd_create("syzkaller", 0) = 3 [pid 5345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5067] <... clone resumed>, child_tidptr=0x555556c086d0) = 5344 [pid 5345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5345] munmap(0x7f18a1998000, 4194304) = 0 [pid 5345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5345] close(3) = 0 [pid 5345] mkdir("./file0", 0777) = 0 [ 81.353412][ T5345] loop0: detected capacity change from 0 to 8192 [ 81.364214][ T5345] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 81.377258][ T5345] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 81.386586][ T5345] REISERFS (device loop0): using ordered data mode [ 81.393143][ T5345] reiserfs: using flush barriers [ 81.398797][ T5345] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 81.415479][ T5345] REISERFS (device loop0): checking transaction log (loop0) [pid 5345] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5345] chdir("./file0") = 0 [pid 5345] ioctl(4, LOOP_CLR_FD) = 0 [pid 5345] close(4) = 0 [pid 5345] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5345] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5345] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5345] <... futex resumed>) = 1 [pid 5344] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5345] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5345] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5345] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] exit_group(0 [pid 5345] <... futex resumed>) = ? [pid 5344] <... exit_group resumed>) = ? [pid 5345] +++ exited with 0 +++ [pid 5344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5344, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./91/binderfs") = 0 [ 81.459318][ T5345] REISERFS (device loop0): Using r5 hash to sort names [ 81.466403][ T5345] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5347 ./strace-static-x86_64: Process 5347 attached [pid 5347] set_robust_list(0x555556c086e0, 24) = 0 [pid 5347] chdir("./92") = 0 [pid 5347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5347] setpgid(0, 0) = 0 [pid 5347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5347] write(3, "1000", 4) = 4 [pid 5347] close(3) = 0 [pid 5347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5347] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5347] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5347] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5348 attached [pid 5348] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5348] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] <... clone resumed>, parent_tid=[5348], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5348 [pid 5347] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] <... futex resumed>) = 0 [pid 5348] memfd_create("syzkaller", 0) = 3 [pid 5348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5347] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5348] munmap(0x7f18a1998000, 4194304) = 0 [pid 5348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5348] close(3) = 0 [pid 5348] mkdir("./file0", 0777) = 0 [ 81.624029][ T5348] loop0: detected capacity change from 0 to 8192 [ 81.634510][ T5348] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 81.647541][ T5348] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 81.656979][ T5348] REISERFS (device loop0): using ordered data mode [ 81.663708][ T5348] reiserfs: using flush barriers [ 81.669549][ T5348] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 81.686006][ T5348] REISERFS (device loop0): checking transaction log (loop0) [pid 5348] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5348] chdir("./file0") = 0 [pid 5348] ioctl(4, LOOP_CLR_FD) = 0 [pid 5348] close(4) = 0 [pid 5348] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... futex resumed>) = 1 [pid 5348] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5348] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... futex resumed>) = 1 [pid 5348] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5348] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... futex resumed>) = 1 [pid 5348] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5348] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] <... futex resumed>) = 0 [pid 5347] exit_group(0) = ? [pid 5348] <... futex resumed>) = ? [pid 5348] +++ exited with 0 +++ [pid 5347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5347, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./92/binderfs") = 0 [ 81.737558][ T5348] REISERFS (device loop0): Using r5 hash to sort names [ 81.744708][ T5348] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5350 ./strace-static-x86_64: Process 5350 attached [pid 5350] set_robust_list(0x555556c086e0, 24) = 0 [pid 5350] chdir("./93") = 0 [pid 5350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5350] setpgid(0, 0) = 0 [pid 5350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5350] write(3, "1000", 4) = 4 [pid 5350] close(3) = 0 [pid 5350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5350] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5350] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5350] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5351 attached , parent_tid=[5351], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5351 [pid 5351] set_robust_list(0x7f18a9db89e0, 24 [pid 5350] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... set_robust_list resumed>) = 0 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5351] memfd_create("syzkaller", 0) = 3 [pid 5351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5351] munmap(0x7f18a1998000, 4194304) = 0 [pid 5351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5351] close(3) = 0 [pid 5351] mkdir("./file0", 0777) = 0 [ 81.909556][ T5351] loop0: detected capacity change from 0 to 8192 [ 81.919885][ T5351] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 81.933431][ T5351] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 81.943007][ T5351] REISERFS (device loop0): using ordered data mode [ 81.949522][ T5351] reiserfs: using flush barriers [ 81.955453][ T5351] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 81.971774][ T5351] REISERFS (device loop0): checking transaction log (loop0) [pid 5351] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5351] chdir("./file0") = 0 [pid 5351] ioctl(4, LOOP_CLR_FD) = 0 [pid 5351] close(4) = 0 [pid 5351] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... futex resumed>) = 1 [pid 5351] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5351] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... futex resumed>) = 1 [pid 5351] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5351] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5351] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5351] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] exit_group(0) = ? [pid 5351] <... futex resumed>) = ? [pid 5351] +++ exited with 0 +++ [pid 5350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5350, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./93/binderfs") = 0 [ 82.018534][ T5351] REISERFS (device loop0): Using r5 hash to sort names [ 82.025960][ T5351] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5353 ./strace-static-x86_64: Process 5353 attached [pid 5353] set_robust_list(0x555556c086e0, 24) = 0 [pid 5353] chdir("./94") = 0 [pid 5353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5353] setpgid(0, 0) = 0 [pid 5353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5353] write(3, "1000", 4) = 4 [pid 5353] close(3) = 0 [pid 5353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5353] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5353] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5354 attached [pid 5354] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5354] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] <... clone resumed>, parent_tid=[5354], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5354 [pid 5353] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5354] <... futex resumed>) = 0 [pid 5354] memfd_create("syzkaller", 0) = 3 [pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5353] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5354] munmap(0x7f18a1998000, 4194304) = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5354] close(3) = 0 [pid 5354] mkdir("./file0", 0777) = 0 [ 82.170728][ T5354] loop0: detected capacity change from 0 to 8192 [ 82.181853][ T5354] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 82.195538][ T5354] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 82.205199][ T5354] REISERFS (device loop0): using ordered data mode [ 82.211720][ T5354] reiserfs: using flush barriers [ 82.217744][ T5354] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 82.234107][ T5354] REISERFS (device loop0): checking transaction log (loop0) [pid 5354] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5354] chdir("./file0") = 0 [pid 5354] ioctl(4, LOOP_CLR_FD) = 0 [pid 5354] close(4) = 0 [pid 5354] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5353] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... openat resumed>) = 4 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5353] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... mmap resumed>) = 0x20000000 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... futex resumed>) = 1 [pid 5354] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5354] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] exit_group(0 [pid 5354] <... futex resumed>) = ? [pid 5353] <... exit_group resumed>) = ? [pid 5354] +++ exited with 0 +++ [pid 5353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5353, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./94/binderfs") = 0 [ 82.278078][ T5354] REISERFS (device loop0): Using r5 hash to sort names [ 82.285161][ T5354] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5356 ./strace-static-x86_64: Process 5356 attached [pid 5356] set_robust_list(0x555556c086e0, 24) = 0 [pid 5356] chdir("./95") = 0 [pid 5356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5356] setpgid(0, 0) = 0 [pid 5356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5356] write(3, "1000", 4) = 4 [pid 5356] close(3) = 0 [pid 5356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5356] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5356] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5356] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5357 attached , parent_tid=[5357], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5357 [pid 5356] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5357] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5357] memfd_create("syzkaller", 0) = 3 [pid 5357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5357] munmap(0x7f18a1998000, 4194304) = 0 [pid 5357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5357] close(3) = 0 [pid 5357] mkdir("./file0", 0777) = 0 [ 82.418853][ T5357] loop0: detected capacity change from 0 to 8192 [ 82.429840][ T5357] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 82.442867][ T5357] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 82.452095][ T5357] REISERFS (device loop0): using ordered data mode [ 82.458601][ T5357] reiserfs: using flush barriers [ 82.464671][ T5357] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 82.481090][ T5357] REISERFS (device loop0): checking transaction log (loop0) [pid 5357] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5357] chdir("./file0") = 0 [pid 5357] ioctl(4, LOOP_CLR_FD) = 0 [pid 5357] close(4) = 0 [pid 5357] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... futex resumed>) = 0 [pid 5357] <... futex resumed>) = 1 [pid 5356] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... openat resumed>) = 4 [pid 5357] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5357] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5356] <... futex resumed>) = 0 [pid 5357] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5356] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... mmap resumed>) = 0x20000000 [pid 5357] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5357] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5357] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] exit_group(0) = ? [pid 5357] <... futex resumed>) = ? [pid 5357] +++ exited with 0 +++ [pid 5356] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5356, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./95/binderfs") = 0 [ 82.528100][ T5357] REISERFS (device loop0): Using r5 hash to sort names [ 82.535442][ T5357] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5359 attached , child_tidptr=0x555556c086d0) = 5359 [pid 5359] set_robust_list(0x555556c086e0, 24) = 0 [pid 5359] chdir("./96") = 0 [pid 5359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5359] setpgid(0, 0) = 0 [pid 5359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5359] write(3, "1000", 4) = 4 [pid 5359] close(3) = 0 [pid 5359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5359] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5359] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5360 attached [pid 5360] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5360] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] <... clone resumed>, parent_tid=[5360], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5360 [pid 5359] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] <... futex resumed>) = 0 [pid 5359] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5360] memfd_create("syzkaller", 0) = 3 [pid 5360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5360] munmap(0x7f18a1998000, 4194304) = 0 [pid 5360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5360] close(3) = 0 [pid 5360] mkdir("./file0", 0777) = 0 [ 82.697541][ T5360] loop0: detected capacity change from 0 to 8192 [ 82.707311][ T5360] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 82.720707][ T5360] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 82.730033][ T5360] REISERFS (device loop0): using ordered data mode [ 82.736599][ T5360] reiserfs: using flush barriers [ 82.742579][ T5360] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 82.759021][ T5360] REISERFS (device loop0): checking transaction log (loop0) [pid 5360] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5360] chdir("./file0") = 0 [pid 5360] ioctl(4, LOOP_CLR_FD) = 0 [pid 5360] close(4) = 0 [pid 5360] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... futex resumed>) = 1 [pid 5360] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5360] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5360] <... futex resumed>) = 1 [pid 5359] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5360] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5360] ioctl(4, FS_IOC_GETVERSION [pid 5359] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5360] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5360] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] exit_group(0 [pid 5360] <... futex resumed>) = ? [pid 5359] <... exit_group resumed>) = ? [pid 5360] +++ exited with 0 +++ [pid 5359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5359, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./96/binderfs") = 0 [ 82.806181][ T5360] REISERFS (device loop0): Using r5 hash to sort names [ 82.813357][ T5360] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5362 ./strace-static-x86_64: Process 5362 attached [pid 5362] set_robust_list(0x555556c086e0, 24) = 0 [pid 5362] chdir("./97") = 0 [pid 5362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5362] setpgid(0, 0) = 0 [pid 5362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5362] write(3, "1000", 4) = 4 [pid 5362] close(3) = 0 [pid 5362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5362] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5362] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5362] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5363 attached , parent_tid=[5363], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5363 [pid 5362] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] set_robust_list(0x7f18a9db89e0, 24 [pid 5362] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5363] <... set_robust_list resumed>) = 0 [pid 5363] memfd_create("syzkaller", 0) = 3 [pid 5363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5363] munmap(0x7f18a1998000, 4194304) = 0 [pid 5363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5363] close(3) = 0 [pid 5363] mkdir("./file0", 0777) = 0 [ 82.966522][ T5363] loop0: detected capacity change from 0 to 8192 [ 82.977177][ T5363] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 82.991069][ T5363] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 83.000350][ T5363] REISERFS (device loop0): using ordered data mode [ 83.006931][ T5363] reiserfs: using flush barriers [ 83.012962][ T5363] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 83.029421][ T5363] REISERFS (device loop0): checking transaction log (loop0) [pid 5363] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5363] chdir("./file0") = 0 [pid 5363] ioctl(4, LOOP_CLR_FD) = 0 [pid 5363] close(4) = 0 [pid 5363] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... futex resumed>) = 1 [pid 5363] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5363] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... futex resumed>) = 1 [pid 5363] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5363] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... futex resumed>) = 1 [pid 5363] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5363] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5362] exit_group(0) = ? [pid 5363] <... futex resumed>) = ? [pid 5363] +++ exited with 0 +++ [pid 5362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5362, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./97/binderfs") = 0 [ 83.076971][ T5363] REISERFS (device loop0): Using r5 hash to sort names [ 83.084084][ T5363] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5365 ./strace-static-x86_64: Process 5365 attached [pid 5365] set_robust_list(0x555556c086e0, 24) = 0 [pid 5365] chdir("./98") = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5365] setpgid(0, 0) = 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5365] write(3, "1000", 4) = 4 [pid 5365] close(3) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5365] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5365] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5366 attached , parent_tid=[5366], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5366 [pid 5366] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5366] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5365] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5366] memfd_create("syzkaller", 0) = 3 [pid 5366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5366] munmap(0x7f18a1998000, 4194304) = 0 [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5366] close(3) = 0 [pid 5366] mkdir("./file0", 0777) = 0 [ 83.231261][ T5366] loop0: detected capacity change from 0 to 8192 [ 83.242626][ T5366] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 83.255650][ T5366] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 83.265369][ T5366] REISERFS (device loop0): using ordered data mode [ 83.271876][ T5366] reiserfs: using flush barriers [ 83.278133][ T5366] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 83.294920][ T5366] REISERFS (device loop0): checking transaction log (loop0) [pid 5366] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5366] chdir("./file0") = 0 [pid 5366] ioctl(4, LOOP_CLR_FD) = 0 [pid 5366] close(4) = 0 [pid 5366] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5366] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5365] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... openat resumed>) = 4 [pid 5366] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5366] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5366] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] exit_group(0) = ? [pid 5366] <... futex resumed>) = ? [pid 5366] +++ exited with 0 +++ [pid 5365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5365, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 83.343229][ T5366] REISERFS (device loop0): Using r5 hash to sort names [ 83.350468][ T5366] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. unlink("./98/binderfs") = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5368 ./strace-static-x86_64: Process 5368 attached [pid 5368] set_robust_list(0x555556c086e0, 24) = 0 [pid 5368] chdir("./99") = 0 [pid 5368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5368] setpgid(0, 0) = 0 [pid 5368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5368] write(3, "1000", 4) = 4 [pid 5368] close(3) = 0 [pid 5368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5368] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5368] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5369], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5369 [pid 5368] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5369 attached [pid 5369] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5369] memfd_create("syzkaller", 0) = 3 [pid 5369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5369] munmap(0x7f18a1998000, 4194304) = 0 [pid 5369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5369] close(3) = 0 [pid 5369] mkdir("./file0", 0777) = 0 [ 83.512712][ T5369] loop0: detected capacity change from 0 to 8192 [ 83.522145][ T5369] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 83.535461][ T5369] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 83.545074][ T5369] REISERFS (device loop0): using ordered data mode [ 83.551588][ T5369] reiserfs: using flush barriers [ 83.557497][ T5369] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 83.573941][ T5369] REISERFS (device loop0): checking transaction log (loop0) [pid 5369] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5369] chdir("./file0") = 0 [pid 5369] ioctl(4, LOOP_CLR_FD) = 0 [pid 5369] close(4) = 0 [pid 5369] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5369] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... futex resumed>) = 0 [pid 5369] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5369] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] <... futex resumed>) = 0 [pid 5369] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5368] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... mmap resumed>) = 0x20000000 [pid 5369] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] ioctl(4, FS_IOC_GETVERSION [pid 5368] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5368] <... futex resumed>) = 0 [pid 5369] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... futex resumed>) = 0 [pid 5368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5369] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] exit_group(0 [pid 5369] <... futex resumed>) = ? [pid 5368] <... exit_group resumed>) = ? [pid 5369] +++ exited with 0 +++ [pid 5368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5368, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./99/binderfs") = 0 [ 83.623179][ T5369] REISERFS (device loop0): Using r5 hash to sort names [ 83.630215][ T5369] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5371 ./strace-static-x86_64: Process 5371 attached [pid 5371] set_robust_list(0x555556c086e0, 24) = 0 [pid 5371] chdir("./100") = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5371] setpgid(0, 0) = 0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5371] write(3, "1000", 4) = 4 [pid 5371] close(3) = 0 [pid 5371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5371] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5371] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5372 attached , parent_tid=[5372], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5372 [pid 5372] set_robust_list(0x7f18a9db89e0, 24 [pid 5371] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] <... set_robust_list resumed>) = 0 [pid 5371] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5372] memfd_create("syzkaller", 0) = 3 [pid 5372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5372] munmap(0x7f18a1998000, 4194304) = 0 [pid 5372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5372] close(3) = 0 [pid 5372] mkdir("./file0", 0777) = 0 [ 83.794892][ T5372] loop0: detected capacity change from 0 to 8192 [ 83.804993][ T5372] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 83.818069][ T5372] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 83.827781][ T5372] REISERFS (device loop0): using ordered data mode [ 83.834594][ T5372] reiserfs: using flush barriers [ 83.840429][ T5372] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 83.857053][ T5372] REISERFS (device loop0): checking transaction log (loop0) [pid 5372] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5372] chdir("./file0") = 0 [pid 5372] ioctl(4, LOOP_CLR_FD) = 0 [pid 5372] close(4) = 0 [pid 5372] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5371] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... openat resumed>) = 4 [pid 5372] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5372] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... futex resumed>) = 1 [pid 5372] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5372] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5371] exit_group(0) = ? [pid 5372] <... futex resumed>) = ? [pid 5372] +++ exited with 0 +++ [pid 5371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5371, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./100/binderfs") = 0 [ 83.909097][ T5372] REISERFS (device loop0): Using r5 hash to sort names [ 83.916838][ T5372] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5374 attached , child_tidptr=0x555556c086d0) = 5374 [pid 5374] set_robust_list(0x555556c086e0, 24) = 0 [pid 5374] chdir("./101") = 0 [pid 5374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5374] setpgid(0, 0) = 0 [pid 5374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5374] write(3, "1000", 4) = 4 [pid 5374] close(3) = 0 [pid 5374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5374] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5374] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5374] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5375 attached [pid 5375] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5375] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] <... clone resumed>, parent_tid=[5375], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5375 [pid 5374] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = 0 [pid 5374] <... futex resumed>) = 1 [pid 5375] memfd_create("syzkaller", 0) = 3 [pid 5375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5374] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5375] <... mmap resumed>) = 0x7f18a1998000 [pid 5375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5375] munmap(0x7f18a1998000, 4194304) = 0 [pid 5375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5375] close(3) = 0 [pid 5375] mkdir("./file0", 0777) = 0 [ 84.080264][ T5375] loop0: detected capacity change from 0 to 8192 [ 84.090880][ T5375] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 84.104573][ T5375] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 84.113941][ T5375] REISERFS (device loop0): using ordered data mode [ 84.120445][ T5375] reiserfs: using flush barriers [ 84.126564][ T5375] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 84.143579][ T5375] REISERFS (device loop0): checking transaction log (loop0) [pid 5375] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5375] chdir("./file0") = 0 [pid 5375] ioctl(4, LOOP_CLR_FD) = 0 [pid 5375] close(4) = 0 [pid 5375] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5375] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5375] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5375] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] exit_group(0) = ? [pid 5375] +++ exited with 0 +++ [pid 5374] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5374, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./101/binderfs") = 0 [ 84.190908][ T5375] REISERFS (device loop0): Using r5 hash to sort names [ 84.198400][ T5375] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5377 ./strace-static-x86_64: Process 5377 attached [pid 5377] set_robust_list(0x555556c086e0, 24) = 0 [pid 5377] chdir("./102") = 0 [pid 5377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5377] setpgid(0, 0) = 0 [pid 5377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5377] write(3, "1000", 4) = 4 [pid 5377] close(3) = 0 [pid 5377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5377] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5377] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5377] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5378 attached , parent_tid=[5378], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5378 [pid 5378] set_robust_list(0x7f18a9db89e0, 24 [pid 5377] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] <... set_robust_list resumed>) = 0 [pid 5377] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5378] memfd_create("syzkaller", 0) = 3 [pid 5378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5378] munmap(0x7f18a1998000, 4194304) = 0 [pid 5378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5378] close(3) = 0 [pid 5378] mkdir("./file0", 0777) = 0 [ 84.362400][ T5378] loop0: detected capacity change from 0 to 8192 [ 84.372312][ T5378] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 84.385330][ T5378] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 84.394880][ T5378] REISERFS (device loop0): using ordered data mode [ 84.401438][ T5378] reiserfs: using flush barriers [ 84.407601][ T5378] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 84.423991][ T5378] REISERFS (device loop0): checking transaction log (loop0) [pid 5378] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5378] chdir("./file0") = 0 [pid 5378] ioctl(4, LOOP_CLR_FD) = 0 [pid 5378] close(4) = 0 [pid 5378] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5378] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5378] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5378] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5378] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] exit_group(0) = ? [pid 5378] <... futex resumed>) = ? [pid 5378] +++ exited with 0 +++ [pid 5377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5377, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 84.476419][ T5378] REISERFS (device loop0): Using r5 hash to sort names [ 84.483540][ T5378] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./102/binderfs") = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5380 ./strace-static-x86_64: Process 5380 attached [pid 5380] set_robust_list(0x555556c086e0, 24) = 0 [pid 5380] chdir("./103") = 0 [pid 5380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5380] setpgid(0, 0) = 0 [pid 5380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5380] write(3, "1000", 4) = 4 [pid 5380] close(3) = 0 [pid 5380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5380] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5380] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5380] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5381], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5381 [pid 5380] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5381 attached [pid 5381] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5381] memfd_create("syzkaller", 0) = 3 [pid 5381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5381] munmap(0x7f18a1998000, 4194304) = 0 [pid 5381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5381] close(3) = 0 [pid 5381] mkdir("./file0", 0777) = 0 [ 84.634239][ T5381] loop0: detected capacity change from 0 to 8192 [ 84.643705][ T5381] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 84.656831][ T5381] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 84.666547][ T5381] REISERFS (device loop0): using ordered data mode [ 84.673117][ T5381] reiserfs: using flush barriers [ 84.678910][ T5381] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 84.695452][ T5381] REISERFS (device loop0): checking transaction log (loop0) [pid 5381] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5381] chdir("./file0") = 0 [pid 5381] ioctl(4, LOOP_CLR_FD) = 0 [pid 5381] close(4) = 0 [pid 5381] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5381] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5380] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... openat resumed>) = 4 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5381] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5380] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... mmap resumed>) = 0x20000000 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] <... futex resumed>) = 1 [pid 5380] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5381] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5381] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] exit_group(0 [pid 5381] <... futex resumed>) = ? [pid 5380] <... exit_group resumed>) = ? [pid 5381] +++ exited with 0 +++ [pid 5380] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5380, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./103/binderfs") = 0 [ 84.744300][ T5381] REISERFS (device loop0): Using r5 hash to sort names [ 84.751693][ T5381] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5383 ./strace-static-x86_64: Process 5383 attached [pid 5383] set_robust_list(0x555556c086e0, 24) = 0 [pid 5383] chdir("./104") = 0 [pid 5383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5383] setpgid(0, 0) = 0 [pid 5383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5383] write(3, "1000", 4) = 4 [pid 5383] close(3) = 0 [pid 5383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5383] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5383] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5383] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5384 attached [pid 5384] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5384] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] <... clone resumed>, parent_tid=[5384], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5384 [pid 5383] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5383] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5384] memfd_create("syzkaller", 0) = 3 [pid 5384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5384] munmap(0x7f18a1998000, 4194304) = 0 [pid 5384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5384] close(3) = 0 [pid 5384] mkdir("./file0", 0777) = 0 [ 84.899116][ T5384] loop0: detected capacity change from 0 to 8192 [ 84.909778][ T5384] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 84.923332][ T5384] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 84.932749][ T5384] REISERFS (device loop0): using ordered data mode [ 84.939366][ T5384] reiserfs: using flush barriers [ 84.945578][ T5384] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 84.961924][ T5384] REISERFS (device loop0): checking transaction log (loop0) [pid 5384] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5384] chdir("./file0") = 0 [pid 5384] ioctl(4, LOOP_CLR_FD) = 0 [pid 5384] close(4) = 0 [pid 5384] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 1 [pid 5384] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5384] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 1 [pid 5384] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5384] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 1 [pid 5384] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5384] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] exit_group(0) = ? [pid 5384] <... futex resumed>) = ? [pid 5384] +++ exited with 0 +++ [pid 5383] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5383, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./104/binderfs") = 0 [ 85.008906][ T5384] REISERFS (device loop0): Using r5 hash to sort names [ 85.016032][ T5384] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5386 ./strace-static-x86_64: Process 5386 attached [pid 5386] set_robust_list(0x555556c086e0, 24) = 0 [pid 5386] chdir("./105") = 0 [pid 5386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5386] setpgid(0, 0) = 0 [pid 5386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5386] write(3, "1000", 4) = 4 [pid 5386] close(3) = 0 [pid 5386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5386] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5386] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5386] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5387], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5387 [pid 5386] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5387 attached [pid 5387] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5387] memfd_create("syzkaller", 0) = 3 [pid 5387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5387] munmap(0x7f18a1998000, 4194304) = 0 [pid 5387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5387] close(3) = 0 [pid 5387] mkdir("./file0", 0777) = 0 [ 85.164511][ T5387] loop0: detected capacity change from 0 to 8192 [ 85.175013][ T5387] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 85.188298][ T5387] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 85.197975][ T5387] REISERFS (device loop0): using ordered data mode [ 85.204863][ T5387] reiserfs: using flush barriers [ 85.210720][ T5387] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 85.227684][ T5387] REISERFS (device loop0): checking transaction log (loop0) [pid 5387] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5387] chdir("./file0") = 0 [pid 5387] ioctl(4, LOOP_CLR_FD) = 0 [pid 5387] close(4) = 0 [pid 5387] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5387] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] <... futex resumed>) = 0 [pid 5387] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5387] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5387] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] <... futex resumed>) = 1 [pid 5387] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5387] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5387] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] exit_group(0 [pid 5387] <... futex resumed>) = ? [pid 5386] <... exit_group resumed>) = ? [pid 5387] +++ exited with 0 +++ [pid 5386] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5386, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./105/binderfs") = 0 [ 85.276038][ T5387] REISERFS (device loop0): Using r5 hash to sort names [ 85.283177][ T5387] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5389 ./strace-static-x86_64: Process 5389 attached [pid 5389] set_robust_list(0x555556c086e0, 24) = 0 [pid 5389] chdir("./106") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5389] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5390 attached [pid 5390] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5390] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... clone resumed>, parent_tid=[5390], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5390 [pid 5389] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] <... futex resumed>) = 0 [pid 5390] memfd_create("syzkaller", 0) = 3 [pid 5390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5389] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5390] munmap(0x7f18a1998000, 4194304) = 0 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5390] close(3) = 0 [pid 5390] mkdir("./file0", 0777) = 0 [ 85.430616][ T5390] loop0: detected capacity change from 0 to 8192 [ 85.441934][ T5390] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 85.455064][ T5390] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 85.464443][ T5390] REISERFS (device loop0): using ordered data mode [ 85.471117][ T5390] reiserfs: using flush barriers [ 85.477040][ T5390] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 85.493374][ T5390] REISERFS (device loop0): checking transaction log (loop0) [pid 5390] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5390] chdir("./file0") = 0 [pid 5390] ioctl(4, LOOP_CLR_FD) = 0 [pid 5390] close(4) = 0 [pid 5390] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] <... futex resumed>) = 0 [pid 5390] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5389] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... openat resumed>) = 4 [pid 5390] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] <... futex resumed>) = 0 [pid 5390] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5389] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... mmap resumed>) = 0x20000000 [pid 5390] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] <... futex resumed>) = 0 [pid 5390] ioctl(4, FS_IOC_GETVERSION [pid 5389] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5390] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] exit_group(0 [pid 5390] <... futex resumed>) = ? [pid 5389] <... exit_group resumed>) = ? [pid 5390] +++ exited with 0 +++ [pid 5389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./106/binderfs") = 0 [ 85.534664][ T5390] REISERFS (device loop0): Using r5 hash to sort names [ 85.541714][ T5390] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5392 ./strace-static-x86_64: Process 5392 attached [pid 5392] set_robust_list(0x555556c086e0, 24) = 0 [pid 5392] chdir("./107") = 0 [pid 5392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5392] setpgid(0, 0) = 0 [pid 5392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5392] write(3, "1000", 4) = 4 [pid 5392] close(3) = 0 [pid 5392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5392] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5392] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5392] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5393 attached , parent_tid=[5393], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5393 [pid 5392] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5393] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5393] memfd_create("syzkaller", 0) = 3 [pid 5393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5393] munmap(0x7f18a1998000, 4194304) = 0 [pid 5393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5393] close(3) = 0 [pid 5393] mkdir("./file0", 0777) = 0 [ 85.696750][ T5393] loop0: detected capacity change from 0 to 8192 [ 85.707639][ T5393] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 85.720751][ T5393] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 85.730417][ T5393] REISERFS (device loop0): using ordered data mode [ 85.736966][ T5393] reiserfs: using flush barriers [ 85.743082][ T5393] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 85.759466][ T5393] REISERFS (device loop0): checking transaction log (loop0) [pid 5393] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5393] chdir("./file0") = 0 [pid 5393] ioctl(4, LOOP_CLR_FD) = 0 [pid 5393] close(4) = 0 [pid 5393] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5393] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] <... futex resumed>) = 0 [pid 5392] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... futex resumed>) = 0 [pid 5393] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5393] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5392] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... futex resumed>) = 1 [pid 5393] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5393] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5392] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... futex resumed>) = 1 [pid 5393] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5393] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5392] exit_group(0) = ? [pid 5393] <... futex resumed>) = ? [pid 5393] +++ exited with 0 +++ [pid 5392] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5392, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./107/binderfs") = 0 [ 85.802786][ T5393] REISERFS (device loop0): Using r5 hash to sort names [ 85.810090][ T5393] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5395 attached , child_tidptr=0x555556c086d0) = 5395 [pid 5395] set_robust_list(0x555556c086e0, 24) = 0 [pid 5395] chdir("./108") = 0 [pid 5395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5395] setpgid(0, 0) = 0 [pid 5395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5395] write(3, "1000", 4) = 4 [pid 5395] close(3) = 0 [pid 5395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5395] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5395] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5395] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5396 attached , parent_tid=[5396], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5396 [pid 5396] set_robust_list(0x7f18a9db89e0, 24 [pid 5395] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... set_robust_list resumed>) = 0 [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5396] memfd_create("syzkaller", 0) = 3 [pid 5396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5396] munmap(0x7f18a1998000, 4194304) = 0 [pid 5396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5396] close(3) = 0 [pid 5396] mkdir("./file0", 0777) = 0 [ 85.946842][ T5396] loop0: detected capacity change from 0 to 8192 [ 85.957824][ T5396] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 85.970806][ T5396] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 85.980017][ T5396] REISERFS (device loop0): using ordered data mode [ 85.986613][ T5396] reiserfs: using flush barriers [ 85.992494][ T5396] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 86.008836][ T5396] REISERFS (device loop0): checking transaction log (loop0) [pid 5396] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5396] chdir("./file0") = 0 [pid 5396] ioctl(4, LOOP_CLR_FD) = 0 [pid 5396] close(4) = 0 [pid 5396] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... futex resumed>) = 1 [pid 5396] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5396] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... futex resumed>) = 1 [pid 5396] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5396] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... futex resumed>) = 1 [pid 5396] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5396] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5395] exit_group(0) = ? [pid 5396] <... futex resumed>) = ? [pid 5396] +++ exited with 0 +++ [pid 5395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5395, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./108/binderfs") = 0 [ 86.057448][ T5396] REISERFS (device loop0): Using r5 hash to sort names [ 86.064905][ T5396] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5398 ./strace-static-x86_64: Process 5398 attached [pid 5398] set_robust_list(0x555556c086e0, 24) = 0 [pid 5398] chdir("./109") = 0 [pid 5398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5398] setpgid(0, 0) = 0 [pid 5398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5398] write(3, "1000", 4) = 4 [pid 5398] close(3) = 0 [pid 5398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5398] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5398] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5398] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5399], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5399 [pid 5398] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5399 attached [pid 5399] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5399] memfd_create("syzkaller", 0) = 3 [pid 5399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5399] munmap(0x7f18a1998000, 4194304) = 0 [pid 5399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5399] close(3) = 0 [pid 5399] mkdir("./file0", 0777) = 0 [ 86.228106][ T5399] loop0: detected capacity change from 0 to 8192 [ 86.238350][ T5399] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 86.251794][ T5399] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 86.261333][ T5399] REISERFS (device loop0): using ordered data mode [ 86.268064][ T5399] reiserfs: using flush barriers [ 86.274435][ T5399] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 86.291047][ T5399] REISERFS (device loop0): checking transaction log (loop0) [pid 5399] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5399] chdir("./file0") = 0 [pid 5399] ioctl(4, LOOP_CLR_FD) = 0 [pid 5399] close(4) = 0 [pid 5399] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... futex resumed>) = 1 [pid 5399] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5399] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... futex resumed>) = 1 [pid 5399] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5399] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5399] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5398] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5399] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5399] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] exit_group(0) = ? [pid 5399] <... futex resumed>) = ? [pid 5399] +++ exited with 0 +++ [pid 5398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5398, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./109/binderfs") = 0 [ 86.339102][ T5399] REISERFS (device loop0): Using r5 hash to sort names [ 86.346622][ T5399] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5401 ./strace-static-x86_64: Process 5401 attached [pid 5401] set_robust_list(0x555556c086e0, 24) = 0 [pid 5401] chdir("./110") = 0 [pid 5401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5401] setpgid(0, 0) = 0 [pid 5401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5401] write(3, "1000", 4) = 4 [pid 5401] close(3) = 0 [pid 5401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5401] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5401] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5401] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5402 attached , parent_tid=[5402], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5402 [pid 5402] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5401] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5402] memfd_create("syzkaller", 0 [pid 5401] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5402] <... memfd_create resumed>) = 3 [pid 5402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5402] munmap(0x7f18a1998000, 4194304) = 0 [pid 5402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5402] close(3) = 0 [pid 5402] mkdir("./file0", 0777) = 0 [ 86.495022][ T5402] loop0: detected capacity change from 0 to 8192 [ 86.505023][ T5402] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 86.518071][ T5402] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 86.527710][ T5402] REISERFS (device loop0): using ordered data mode [ 86.534319][ T5402] reiserfs: using flush barriers [ 86.540225][ T5402] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 86.556788][ T5402] REISERFS (device loop0): checking transaction log (loop0) [pid 5402] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5402] chdir("./file0") = 0 [pid 5402] ioctl(4, LOOP_CLR_FD) = 0 [pid 5402] close(4) = 0 [pid 5402] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5402] <... futex resumed>) = 1 [pid 5401] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... openat resumed>) = 4 [pid 5402] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5402] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5402] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5402] <... futex resumed>) = 1 [pid 5401] exit_group(0) = ? [pid 5402] +++ exited with 0 +++ [pid 5401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5401, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./110/binderfs") = 0 [ 86.598182][ T5402] REISERFS (device loop0): Using r5 hash to sort names [ 86.605512][ T5402] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5404 ./strace-static-x86_64: Process 5404 attached [pid 5404] set_robust_list(0x555556c086e0, 24) = 0 [pid 5404] chdir("./111") = 0 [pid 5404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5404] setpgid(0, 0) = 0 [pid 5404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5404] write(3, "1000", 4) = 4 [pid 5404] close(3) = 0 [pid 5404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5404] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5404] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5404] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5405 attached , parent_tid=[5405], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5405 [pid 5404] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5405] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5405] memfd_create("syzkaller", 0) = 3 [pid 5405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5405] munmap(0x7f18a1998000, 4194304) = 0 [pid 5405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5405] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5405] close(3) = 0 [pid 5405] mkdir("./file0", 0777) = 0 [ 86.750389][ T5405] loop0: detected capacity change from 0 to 8192 [ 86.761065][ T5405] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 86.774160][ T5405] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 86.783367][ T5405] REISERFS (device loop0): using ordered data mode [ 86.789867][ T5405] reiserfs: using flush barriers [ 86.795908][ T5405] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 86.812443][ T5405] REISERFS (device loop0): checking transaction log (loop0) [pid 5405] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5405] chdir("./file0") = 0 [pid 5405] ioctl(4, LOOP_CLR_FD) = 0 [pid 5405] close(4) = 0 [pid 5405] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... futex resumed>) = 1 [pid 5405] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5405] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... futex resumed>) = 1 [pid 5405] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5405] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5404] <... futex resumed>) = 0 [pid 5405] <... futex resumed>) = 1 [pid 5404] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5405] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5404] exit_group(0) = ? [pid 5405] +++ exited with 0 +++ [pid 5404] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5404, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./111/binderfs") = 0 [ 86.854435][ T5405] REISERFS (device loop0): Using r5 hash to sort names [ 86.861562][ T5405] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5407 ./strace-static-x86_64: Process 5407 attached [pid 5407] set_robust_list(0x555556c086e0, 24) = 0 [pid 5407] chdir("./112") = 0 [pid 5407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5407] setpgid(0, 0) = 0 [pid 5407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5407] write(3, "1000", 4) = 4 [pid 5407] close(3) = 0 [pid 5407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5407] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5407] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5407] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5408 attached , parent_tid=[5408], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5408 [pid 5408] set_robust_list(0x7f18a9db89e0, 24 [pid 5407] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] <... set_robust_list resumed>) = 0 [pid 5407] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5408] memfd_create("syzkaller", 0) = 3 [pid 5408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5408] munmap(0x7f18a1998000, 4194304) = 0 [pid 5408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5408] close(3) = 0 [pid 5408] mkdir("./file0", 0777) = 0 [ 87.017744][ T5408] loop0: detected capacity change from 0 to 8192 [ 87.028785][ T5408] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 87.041862][ T5408] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 87.051087][ T5408] REISERFS (device loop0): using ordered data mode [ 87.057657][ T5408] reiserfs: using flush barriers [ 87.063650][ T5408] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 87.080023][ T5408] REISERFS (device loop0): checking transaction log (loop0) [pid 5408] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5408] chdir("./file0") = 0 [pid 5408] ioctl(4, LOOP_CLR_FD) = 0 [pid 5408] close(4) = 0 [pid 5408] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5407] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... openat resumed>) = 4 [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5407] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... mmap resumed>) = 0x20000000 [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] ioctl(4, FS_IOC_GETVERSION [pid 5407] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5408] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] exit_group(0 [pid 5408] <... futex resumed>) = ? [pid 5407] <... exit_group resumed>) = ? [pid 5408] +++ exited with 0 +++ [pid 5407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5407, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./112/binderfs") = 0 [ 87.126697][ T5408] REISERFS (device loop0): Using r5 hash to sort names [ 87.133849][ T5408] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5410 ./strace-static-x86_64: Process 5410 attached [pid 5410] set_robust_list(0x555556c086e0, 24) = 0 [pid 5410] chdir("./113") = 0 [pid 5410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5410] setpgid(0, 0) = 0 [pid 5410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5410] write(3, "1000", 4) = 4 [pid 5410] close(3) = 0 [pid 5410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5410] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5410] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5410] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5411], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5411 [pid 5410] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5411 attached [pid 5411] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5411] memfd_create("syzkaller", 0) = 3 [pid 5411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5411] munmap(0x7f18a1998000, 4194304) = 0 [pid 5411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5411] close(3) = 0 [pid 5411] mkdir("./file0", 0777) = 0 [ 87.279858][ T5411] loop0: detected capacity change from 0 to 8192 [ 87.290963][ T5411] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 87.304099][ T5411] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 87.313488][ T5411] REISERFS (device loop0): using ordered data mode [ 87.320046][ T5411] reiserfs: using flush barriers [ 87.326023][ T5411] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 87.342538][ T5411] REISERFS (device loop0): checking transaction log (loop0) [pid 5411] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5411] chdir("./file0") = 0 [pid 5411] ioctl(4, LOOP_CLR_FD) = 0 [pid 5411] close(4) = 0 [pid 5411] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5411] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5411] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5411] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5410] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... futex resumed>) = 0 [pid 5410] <... futex resumed>) = 1 [pid 5411] ioctl(4, FS_IOC_GETVERSION [pid 5410] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5411] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5411] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] exit_group(0) = ? [pid 5411] <... futex resumed>) = ? [pid 5411] +++ exited with 0 +++ [pid 5410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5410, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./113/binderfs") = 0 [ 87.390599][ T5411] REISERFS (device loop0): Using r5 hash to sort names [ 87.398003][ T5411] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5413 attached , child_tidptr=0x555556c086d0) = 5413 [pid 5413] set_robust_list(0x555556c086e0, 24) = 0 [pid 5413] chdir("./114") = 0 [pid 5413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5413] setpgid(0, 0) = 0 [pid 5413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5413] write(3, "1000", 4) = 4 [pid 5413] close(3) = 0 [pid 5413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5413] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5413] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5413] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5414], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5414 [pid 5413] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5414 attached [pid 5414] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5414] memfd_create("syzkaller", 0) = 3 [pid 5414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5414] munmap(0x7f18a1998000, 4194304) = 0 [pid 5414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5414] close(3) = 0 [pid 5414] mkdir("./file0", 0777) = 0 [ 87.557899][ T5414] loop0: detected capacity change from 0 to 8192 [ 87.567962][ T5414] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 87.581368][ T5414] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 87.590850][ T5414] REISERFS (device loop0): using ordered data mode [ 87.597641][ T5414] reiserfs: using flush barriers [ 87.603428][ T5414] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 87.619845][ T5414] REISERFS (device loop0): checking transaction log (loop0) [pid 5414] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5414] chdir("./file0") = 0 [pid 5414] ioctl(4, LOOP_CLR_FD) = 0 [pid 5414] close(4) = 0 [pid 5414] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... futex resumed>) = 1 [pid 5414] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5414] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... futex resumed>) = 1 [pid 5414] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5414] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... futex resumed>) = 1 [pid 5414] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5414] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = 0 [pid 5413] exit_group(0) = ? [pid 5414] <... futex resumed>) = ? [pid 5414] +++ exited with 0 +++ [pid 5413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5413, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./114/binderfs") = 0 [ 87.667215][ T5414] REISERFS (device loop0): Using r5 hash to sort names [ 87.674588][ T5414] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5416 ./strace-static-x86_64: Process 5416 attached [pid 5416] set_robust_list(0x555556c086e0, 24) = 0 [pid 5416] chdir("./115") = 0 [pid 5416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5416] setpgid(0, 0) = 0 [pid 5416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5416] write(3, "1000", 4) = 4 [pid 5416] close(3) = 0 [pid 5416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5416] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5416] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5416] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5417], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5417 [pid 5416] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5417 attached [pid 5417] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5417] memfd_create("syzkaller", 0) = 3 [pid 5417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5417] munmap(0x7f18a1998000, 4194304) = 0 [pid 5417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5417] close(3) = 0 [pid 5417] mkdir("./file0", 0777) = 0 [ 87.809213][ T5417] loop0: detected capacity change from 0 to 8192 [ 87.819182][ T5417] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 87.832470][ T5417] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 87.841631][ T5417] REISERFS (device loop0): using ordered data mode [ 87.848414][ T5417] reiserfs: using flush barriers [ 87.854420][ T5417] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 87.870996][ T5417] REISERFS (device loop0): checking transaction log (loop0) [pid 5417] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5417] chdir("./file0") = 0 [pid 5417] ioctl(4, LOOP_CLR_FD) = 0 [pid 5417] close(4) = 0 [pid 5417] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] <... futex resumed>) = 0 [pid 5417] <... futex resumed>) = 1 [pid 5416] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5417] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5417] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5416] <... futex resumed>) = 0 [pid 5417] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5416] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... mmap resumed>) = 0x20000000 [pid 5417] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5417] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5417] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5417] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] exit_group(0) = ? [pid 5417] <... futex resumed>) = ? [pid 5417] +++ exited with 0 +++ [pid 5416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5416, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./115/binderfs") = 0 [ 87.914883][ T5417] REISERFS (device loop0): Using r5 hash to sort names [ 87.922183][ T5417] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5419 ./strace-static-x86_64: Process 5419 attached [pid 5419] set_robust_list(0x555556c086e0, 24) = 0 [pid 5419] chdir("./116") = 0 [pid 5419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5419] setpgid(0, 0) = 0 [pid 5419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5419] write(3, "1000", 4) = 4 [pid 5419] close(3) = 0 [pid 5419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5419] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5419] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5419] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5420 attached , parent_tid=[5420], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5420 [pid 5419] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5420] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5420] memfd_create("syzkaller", 0) = 3 [pid 5420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5420] munmap(0x7f18a1998000, 4194304) = 0 [pid 5420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5420] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5420] close(3) = 0 [pid 5420] mkdir("./file0", 0777) = 0 [ 88.078067][ T5420] loop0: detected capacity change from 0 to 8192 [ 88.088836][ T5420] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 88.102046][ T5420] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 88.111453][ T5420] REISERFS (device loop0): using ordered data mode [ 88.118190][ T5420] reiserfs: using flush barriers [ 88.124184][ T5420] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 88.140617][ T5420] REISERFS (device loop0): checking transaction log (loop0) [pid 5420] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5420] chdir("./file0") = 0 [pid 5420] ioctl(4, LOOP_CLR_FD) = 0 [pid 5420] close(4) = 0 [pid 5420] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5420] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5420] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5420] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... futex resumed>) = 1 [pid 5420] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5420] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] <... futex resumed>) = 1 [pid 5419] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5420] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5420] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 88.188349][ T5420] REISERFS (device loop0): Using r5 hash to sort names [ 88.195498][ T5420] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5419] exit_group(0 [pid 5420] <... futex resumed>) = ? [pid 5419] <... exit_group resumed>) = ? [pid 5420] +++ exited with 0 +++ [pid 5419] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5419, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./116/binderfs") = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5422 ./strace-static-x86_64: Process 5422 attached [pid 5422] set_robust_list(0x555556c086e0, 24) = 0 [pid 5422] chdir("./117") = 0 [pid 5422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5422] setpgid(0, 0) = 0 [pid 5422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5422] write(3, "1000", 4) = 4 [pid 5422] close(3) = 0 [pid 5422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5422] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5422] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5422] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5423], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5423 [pid 5422] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5423 attached [pid 5423] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5423] memfd_create("syzkaller", 0) = 3 [pid 5423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5423] munmap(0x7f18a1998000, 4194304) = 0 [pid 5423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5423] close(3) = 0 [pid 5423] mkdir("./file0", 0777) = 0 [ 88.342543][ T5423] loop0: detected capacity change from 0 to 8192 [ 88.353652][ T5423] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 88.366706][ T5423] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 88.375964][ T5423] REISERFS (device loop0): using ordered data mode [ 88.382549][ T5423] reiserfs: using flush barriers [ 88.388407][ T5423] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 88.404881][ T5423] REISERFS (device loop0): checking transaction log (loop0) [pid 5423] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5423] chdir("./file0") = 0 [pid 5423] ioctl(4, LOOP_CLR_FD) = 0 [pid 5423] close(4) = 0 [pid 5423] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... futex resumed>) = 1 [pid 5423] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5423] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... futex resumed>) = 1 [pid 5423] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5423] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5422] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5422] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5423] <... futex resumed>) = 1 [pid 5423] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5423] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5422] <... futex resumed>) = 0 [pid 5422] exit_group(0) = ? [pid 5423] <... futex resumed>) = ? [pid 5423] +++ exited with 0 +++ [pid 5422] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5422, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./117/binderfs") = 0 [ 88.451847][ T5423] REISERFS (device loop0): Using r5 hash to sort names [ 88.459297][ T5423] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5425 ./strace-static-x86_64: Process 5425 attached [pid 5425] set_robust_list(0x555556c086e0, 24) = 0 [pid 5425] chdir("./118") = 0 [pid 5425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5425] setpgid(0, 0) = 0 [pid 5425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5425] write(3, "1000", 4) = 4 [pid 5425] close(3) = 0 [pid 5425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5425] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5425] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5425] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5426], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5426 [pid 5425] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5426 attached [pid 5426] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5426] memfd_create("syzkaller", 0) = 3 [pid 5426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5426] munmap(0x7f18a1998000, 4194304) = 0 [pid 5426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5426] close(3) = 0 [pid 5426] mkdir("./file0", 0777) = 0 [ 88.596819][ T5426] loop0: detected capacity change from 0 to 8192 [ 88.607414][ T5426] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 88.620545][ T5426] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 88.629919][ T5426] REISERFS (device loop0): using ordered data mode [ 88.636526][ T5426] reiserfs: using flush barriers [ 88.642293][ T5426] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 88.658719][ T5426] REISERFS (device loop0): checking transaction log (loop0) [pid 5426] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5426] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5426] chdir("./file0") = 0 [pid 5426] ioctl(4, LOOP_CLR_FD) = 0 [pid 5426] close(4) = 0 [pid 5426] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... futex resumed>) = 1 [pid 5426] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5426] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... futex resumed>) = 1 [pid 5426] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5426] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... futex resumed>) = 1 [pid 5426] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5426] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... futex resumed>) = 0 [pid 5425] exit_group(0) = ? [pid 5426] <... futex resumed>) = ? [pid 5426] +++ exited with 0 +++ [pid 5425] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5425, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./118/binderfs") = 0 [ 88.709253][ T5426] REISERFS (device loop0): Using r5 hash to sort names [ 88.716660][ T5426] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5428 ./strace-static-x86_64: Process 5428 attached [pid 5428] set_robust_list(0x555556c086e0, 24) = 0 [pid 5428] chdir("./119") = 0 [pid 5428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5428] setpgid(0, 0) = 0 [pid 5428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5428] write(3, "1000", 4) = 4 [pid 5428] close(3) = 0 [pid 5428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5428] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5428] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5428] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5429], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5429 ./strace-static-x86_64: Process 5429 attached [pid 5429] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5429] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5428] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5428] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5429] memfd_create("syzkaller", 0) = 3 [pid 5429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5429] munmap(0x7f18a1998000, 4194304) = 0 [pid 5429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5429] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5429] close(3) = 0 [pid 5429] mkdir("./file0", 0777) = 0 [ 88.866769][ T5429] loop0: detected capacity change from 0 to 8192 [ 88.876509][ T5429] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 88.889793][ T5429] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 88.899408][ T5429] REISERFS (device loop0): using ordered data mode [ 88.905999][ T5429] reiserfs: using flush barriers [ 88.911689][ T5429] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 88.928174][ T5429] REISERFS (device loop0): checking transaction log (loop0) [pid 5429] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5429] chdir("./file0") = 0 [pid 5429] ioctl(4, LOOP_CLR_FD) = 0 [pid 5429] close(4) = 0 [pid 5429] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5428] <... futex resumed>) = 0 [pid 5429] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5428] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... openat resumed>) = 4 [pid 5428] <... futex resumed>) = 0 [pid 5429] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... futex resumed>) = 0 [pid 5428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5429] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5428] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... mmap resumed>) = 0x20000000 [pid 5428] <... futex resumed>) = 0 [pid 5429] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... futex resumed>) = 0 [pid 5428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5429] ioctl(4, FS_IOC_GETVERSION [pid 5428] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5428] <... futex resumed>) = 0 [pid 5429] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5428] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5429] <... futex resumed>) = 0 [pid 5428] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5429] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5428] exit_group(0 [pid 5429] <... futex resumed>) = ? [pid 5428] <... exit_group resumed>) = ? [pid 5429] +++ exited with 0 +++ [pid 5428] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5428, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./119/binderfs") = 0 [ 88.979231][ T5429] REISERFS (device loop0): Using r5 hash to sort names [ 88.986345][ T5429] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5431 ./strace-static-x86_64: Process 5431 attached [pid 5431] set_robust_list(0x555556c086e0, 24) = 0 [pid 5431] chdir("./120") = 0 [pid 5431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5431] setpgid(0, 0) = 0 [pid 5431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5431] write(3, "1000", 4) = 4 [pid 5431] close(3) = 0 [pid 5431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5431] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5431] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5432 attached , parent_tid=[5432], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5432 [pid 5432] set_robust_list(0x7f18a9db89e0, 24 [pid 5431] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... set_robust_list resumed>) = 0 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5432] memfd_create("syzkaller", 0) = 3 [pid 5432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5432] munmap(0x7f18a1998000, 4194304) = 0 [pid 5432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5432] close(3) = 0 [pid 5432] mkdir("./file0", 0777) = 0 [ 89.127414][ T5432] loop0: detected capacity change from 0 to 8192 [ 89.138411][ T5432] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 89.151438][ T5432] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 89.160699][ T5432] REISERFS (device loop0): using ordered data mode [ 89.167227][ T5432] reiserfs: using flush barriers [ 89.173175][ T5432] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 89.189614][ T5432] REISERFS (device loop0): checking transaction log (loop0) [pid 5432] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5432] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5432] chdir("./file0") = 0 [pid 5432] ioctl(4, LOOP_CLR_FD) = 0 [pid 5432] close(4) = 0 [pid 5432] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... futex resumed>) = 1 [pid 5432] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5432] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... futex resumed>) = 1 [pid 5432] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5432] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... futex resumed>) = 0 [pid 5432] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5432] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5432] <... futex resumed>) = 1 [pid 5431] exit_group(0) = ? [pid 5432] +++ exited with 0 +++ [pid 5431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5431, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./120/binderfs") = 0 [ 89.230570][ T5432] REISERFS (device loop0): Using r5 hash to sort names [ 89.237977][ T5432] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5434 ./strace-static-x86_64: Process 5434 attached [pid 5434] set_robust_list(0x555556c086e0, 24) = 0 [pid 5434] chdir("./121") = 0 [pid 5434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5434] setpgid(0, 0) = 0 [pid 5434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5434] write(3, "1000", 4) = 4 [pid 5434] close(3) = 0 [pid 5434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5434] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5434] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5434] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5435 attached , parent_tid=[5435], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5435 [pid 5434] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5435] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5435] memfd_create("syzkaller", 0) = 3 [pid 5435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5435] munmap(0x7f18a1998000, 4194304) = 0 [pid 5435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5435] close(3) = 0 [pid 5435] mkdir("./file0", 0777) = 0 [ 89.387301][ T5435] loop0: detected capacity change from 0 to 8192 [ 89.398489][ T5435] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 89.411533][ T5435] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 89.420772][ T5435] REISERFS (device loop0): using ordered data mode [ 89.427303][ T5435] reiserfs: using flush barriers [ 89.433477][ T5435] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 89.449923][ T5435] REISERFS (device loop0): checking transaction log (loop0) [pid 5435] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5435] chdir("./file0") = 0 [pid 5435] ioctl(4, LOOP_CLR_FD) = 0 [pid 5435] close(4) = 0 [pid 5435] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] <... futex resumed>) = 1 [pid 5435] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5435] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] <... futex resumed>) = 1 [pid 5435] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5435] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5434] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5434] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5435] <... futex resumed>) = 1 [pid 5435] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5435] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5434] exit_group(0) = ? [pid 5435] <... futex resumed>) = ? [pid 5435] +++ exited with 0 +++ [pid 5434] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5434, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} --- umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./121/binderfs") = 0 [ 89.491770][ T5435] REISERFS (device loop0): Using r5 hash to sort names [ 89.499153][ T5435] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5437 ./strace-static-x86_64: Process 5437 attached [pid 5437] set_robust_list(0x555556c086e0, 24) = 0 [pid 5437] chdir("./122") = 0 [pid 5437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5437] setpgid(0, 0) = 0 [pid 5437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5437] write(3, "1000", 4) = 4 [pid 5437] close(3) = 0 [pid 5437] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5437] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5437] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5437] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5438 attached [pid 5438] set_robust_list(0x7f18a9db89e0, 24 [pid 5437] <... clone resumed>, parent_tid=[5438], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5438 [pid 5438] <... set_robust_list resumed>) = 0 [pid 5437] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] memfd_create("syzkaller", 0 [pid 5437] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5438] <... memfd_create resumed>) = 3 [pid 5438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5438] munmap(0x7f18a1998000, 4194304) = 0 [pid 5438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5438] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5438] close(3) = 0 [pid 5438] mkdir("./file0", 0777) = 0 [ 89.638197][ T5438] loop0: detected capacity change from 0 to 8192 [ 89.648536][ T5438] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 89.661922][ T5438] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 89.671494][ T5438] REISERFS (device loop0): using ordered data mode [ 89.678224][ T5438] reiserfs: using flush barriers [ 89.684147][ T5438] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 89.700740][ T5438] REISERFS (device loop0): checking transaction log (loop0) [pid 5438] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5438] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5438] chdir("./file0") = 0 [pid 5438] ioctl(4, LOOP_CLR_FD) = 0 [pid 5438] close(4) = 0 [pid 5438] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5438] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5437] <... futex resumed>) = 0 [pid 5438] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5437] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... openat resumed>) = 4 [pid 5438] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5438] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5437] <... futex resumed>) = 0 [pid 5438] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5437] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... mmap resumed>) = 0x20000000 [pid 5438] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5438] ioctl(4, FS_IOC_GETVERSION [pid 5437] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5437] <... futex resumed>) = 0 [pid 5438] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... futex resumed>) = 0 [pid 5437] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] exit_group(0 [pid 5438] <... futex resumed>) = ? [pid 5437] <... exit_group resumed>) = ? [pid 5438] +++ exited with 0 +++ [pid 5437] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5437, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./122/binderfs") = 0 [ 89.743540][ T5438] REISERFS (device loop0): Using r5 hash to sort names [ 89.750593][ T5438] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5440 ./strace-static-x86_64: Process 5440 attached [pid 5440] set_robust_list(0x555556c086e0, 24) = 0 [pid 5440] chdir("./123") = 0 [pid 5440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5440] setpgid(0, 0) = 0 [pid 5440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5440] write(3, "1000", 4) = 4 [pid 5440] close(3) = 0 [pid 5440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5440] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5440] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5440] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5441 attached [pid 5441] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5441] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5440] <... clone resumed>, parent_tid=[5441], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5441 [pid 5440] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5440] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5441] memfd_create("syzkaller", 0) = 3 [pid 5441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5441] munmap(0x7f18a1998000, 4194304) = 0 [pid 5441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5441] close(3) = 0 [pid 5441] mkdir("./file0", 0777) = 0 [ 89.903779][ T5441] loop0: detected capacity change from 0 to 8192 [ 89.913271][ T5441] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 89.926549][ T5441] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 89.936130][ T5441] REISERFS (device loop0): using ordered data mode [ 89.942881][ T5441] reiserfs: using flush barriers [ 89.948519][ T5441] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 89.965134][ T5441] REISERFS (device loop0): checking transaction log (loop0) [pid 5441] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5441] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5441] chdir("./file0") = 0 [pid 5441] ioctl(4, LOOP_CLR_FD) = 0 [pid 5441] close(4) = 0 [pid 5441] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] <... futex resumed>) = 1 [pid 5440] <... futex resumed>) = 0 [pid 5441] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5440] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... openat resumed>) = 4 [pid 5441] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] <... futex resumed>) = 0 [pid 5441] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5440] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] <... mmap resumed>) = 0x20000000 [pid 5440] <... futex resumed>) = 0 [pid 5440] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5440] <... futex resumed>) = 0 [pid 5441] ioctl(4, FS_IOC_GETVERSION [pid 5440] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5441] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5440] <... futex resumed>) = 0 [pid 5441] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5441] <... futex resumed>) = 0 [pid 5440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5441] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5440] exit_group(0 [pid 5441] <... futex resumed>) = ? [pid 5440] <... exit_group resumed>) = ? [pid 5441] +++ exited with 0 +++ [pid 5440] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5440, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./123/binderfs") = 0 [ 90.013897][ T5441] REISERFS (device loop0): Using r5 hash to sort names [ 90.021126][ T5441] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5443 ./strace-static-x86_64: Process 5443 attached [pid 5443] set_robust_list(0x555556c086e0, 24) = 0 [pid 5443] chdir("./124") = 0 [pid 5443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5443] setpgid(0, 0) = 0 [pid 5443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5443] write(3, "1000", 4) = 4 [pid 5443] close(3) = 0 [pid 5443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5443] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5443] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5443] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5444], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5444 [pid 5443] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5444 attached [pid 5444] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5444] memfd_create("syzkaller", 0) = 3 [pid 5444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5444] munmap(0x7f18a1998000, 4194304) = 0 [pid 5444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5444] close(3) = 0 [pid 5444] mkdir("./file0", 0777) = 0 [ 90.154428][ T5444] loop0: detected capacity change from 0 to 8192 [ 90.165453][ T5444] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 90.178474][ T5444] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 90.187786][ T5444] REISERFS (device loop0): using ordered data mode [ 90.194356][ T5444] reiserfs: using flush barriers [ 90.200165][ T5444] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 90.216640][ T5444] REISERFS (device loop0): checking transaction log (loop0) [pid 5444] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5444] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5444] chdir("./file0") = 0 [pid 5444] ioctl(4, LOOP_CLR_FD) = 0 [pid 5444] close(4) = 0 [pid 5444] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = 0 [pid 5443] <... futex resumed>) = 1 [pid 5444] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5443] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = 0 [pid 5443] <... futex resumed>) = 1 [pid 5444] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5443] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... mmap resumed>) = 0x20000000 [pid 5444] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] ioctl(4, FS_IOC_GETVERSION [pid 5443] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5443] <... futex resumed>) = 0 [pid 5444] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... futex resumed>) = 0 [pid 5443] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5444] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] exit_group(0 [pid 5444] <... futex resumed>) = ? [pid 5443] <... exit_group resumed>) = ? [pid 5444] +++ exited with 0 +++ [pid 5443] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5443, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./124/binderfs") = 0 [ 90.258546][ T5444] REISERFS (device loop0): Using r5 hash to sort names [ 90.266349][ T5444] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5446 ./strace-static-x86_64: Process 5446 attached [pid 5446] set_robust_list(0x555556c086e0, 24) = 0 [pid 5446] chdir("./125") = 0 [pid 5446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5446] setpgid(0, 0) = 0 [pid 5446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5446] write(3, "1000", 4) = 4 [pid 5446] close(3) = 0 [pid 5446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5446] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5446] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5446] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5447], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5447 [pid 5446] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5447 attached [pid 5447] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5447] memfd_create("syzkaller", 0) = 3 [pid 5447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5447] munmap(0x7f18a1998000, 4194304) = 0 [pid 5447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5447] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5447] close(3) = 0 [pid 5447] mkdir("./file0", 0777) = 0 [ 90.398998][ T5447] loop0: detected capacity change from 0 to 8192 [ 90.409908][ T5447] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 90.423139][ T5447] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 90.432396][ T5447] REISERFS (device loop0): using ordered data mode [ 90.438907][ T5447] reiserfs: using flush barriers [ 90.444968][ T5447] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 90.461380][ T5447] REISERFS (device loop0): checking transaction log (loop0) [pid 5447] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5447] chdir("./file0") = 0 [pid 5447] ioctl(4, LOOP_CLR_FD) = 0 [pid 5447] close(4) = 0 [pid 5447] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 1 [pid 5447] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5447] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 1 [pid 5447] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5447] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5446] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5447] <... futex resumed>) = 1 [pid 5447] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5447] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5446] <... futex resumed>) = 0 [pid 5446] exit_group(0) = ? [pid 5447] <... futex resumed>) = ? [pid 5447] +++ exited with 0 +++ [pid 5446] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5446, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./125/binderfs") = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 [ 90.509367][ T5447] REISERFS (device loop0): Using r5 hash to sort names [ 90.516795][ T5447] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5449 attached , child_tidptr=0x555556c086d0) = 5449 [pid 5449] set_robust_list(0x555556c086e0, 24) = 0 [pid 5449] chdir("./126") = 0 [pid 5449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5449] setpgid(0, 0) = 0 [pid 5449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5449] write(3, "1000", 4) = 4 [pid 5449] close(3) = 0 [pid 5449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5449] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5449] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5449] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5450], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5450 [pid 5449] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5450 attached [pid 5450] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5450] memfd_create("syzkaller", 0) = 3 [pid 5450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5450] munmap(0x7f18a1998000, 4194304) = 0 [pid 5450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5450] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5450] close(3) = 0 [pid 5450] mkdir("./file0", 0777) = 0 [ 90.650368][ T5450] loop0: detected capacity change from 0 to 8192 [ 90.661828][ T5450] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 90.675318][ T5450] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 90.684667][ T5450] REISERFS (device loop0): using ordered data mode [ 90.691163][ T5450] reiserfs: using flush barriers [ 90.697279][ T5450] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 90.713872][ T5450] REISERFS (device loop0): checking transaction log (loop0) [pid 5450] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5450] chdir("./file0") = 0 [pid 5450] ioctl(4, LOOP_CLR_FD) = 0 [pid 5450] close(4) = 0 [pid 5450] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5450] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5449] <... futex resumed>) = 0 [pid 5450] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5449] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... openat resumed>) = 4 [pid 5450] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5450] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5449] <... futex resumed>) = 0 [pid 5450] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5449] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... mmap resumed>) = 0x20000000 [pid 5450] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5450] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5449] <... futex resumed>) = 0 [pid 5450] ioctl(4, FS_IOC_GETVERSION [pid 5449] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5450] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5450] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] exit_group(0 [pid 5450] <... futex resumed>) = ? [pid 5449] <... exit_group resumed>) = ? [pid 5450] +++ exited with 0 +++ [pid 5449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5449, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=12 /* 0.12 s */} --- umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./126/binderfs") = 0 [ 90.761199][ T5450] REISERFS (device loop0): Using r5 hash to sort names [ 90.768340][ T5450] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5452 attached , child_tidptr=0x555556c086d0) = 5452 [pid 5452] set_robust_list(0x555556c086e0, 24) = 0 [pid 5452] chdir("./127") = 0 [pid 5452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5452] setpgid(0, 0) = 0 [pid 5452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5452] write(3, "1000", 4) = 4 [pid 5452] close(3) = 0 [pid 5452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5452] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5452] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5452] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5453 attached , parent_tid=[5453], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5453 [pid 5453] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5453] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5452] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5453] memfd_create("syzkaller", 0) = 3 [pid 5453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5453] munmap(0x7f18a1998000, 4194304) = 0 [pid 5453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5453] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5453] close(3) = 0 [pid 5453] mkdir("./file0", 0777) = 0 [ 90.918646][ T5453] loop0: detected capacity change from 0 to 8192 [ 90.929611][ T5453] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 90.942599][ T5453] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 90.951766][ T5453] REISERFS (device loop0): using ordered data mode [ 90.958299][ T5453] reiserfs: using flush barriers [ 90.964217][ T5453] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 90.980768][ T5453] REISERFS (device loop0): checking transaction log (loop0) [pid 5453] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5453] chdir("./file0") = 0 [pid 5453] ioctl(4, LOOP_CLR_FD) = 0 [pid 5453] close(4) = 0 [pid 5453] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5453] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5452] <... futex resumed>) = 0 [pid 5453] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5452] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] <... openat resumed>) = 4 [pid 5453] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5453] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5452] <... futex resumed>) = 0 [pid 5453] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5452] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] <... mmap resumed>) = 0x20000000 [pid 5453] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5452] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5452] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5453] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5453] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5452] <... futex resumed>) = 0 [pid 5452] exit_group(0) = ? [pid 5453] +++ exited with 0 +++ [pid 5452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5452, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./127/binderfs") = 0 [ 91.028485][ T5453] REISERFS (device loop0): Using r5 hash to sort names [ 91.035975][ T5453] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5455 ./strace-static-x86_64: Process 5455 attached [pid 5455] set_robust_list(0x555556c086e0, 24) = 0 [pid 5455] chdir("./128") = 0 [pid 5455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5455] setpgid(0, 0) = 0 [pid 5455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5455] write(3, "1000", 4) = 4 [pid 5455] close(3) = 0 [pid 5455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5455] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5455] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5455] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5456 attached , parent_tid=[5456], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5456 [pid 5455] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5455] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5456] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5456] memfd_create("syzkaller", 0) = 3 [pid 5456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5456] munmap(0x7f18a1998000, 4194304) = 0 [pid 5456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5456] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5456] close(3) = 0 [pid 5456] mkdir("./file0", 0777) = 0 [ 91.180478][ T5456] loop0: detected capacity change from 0 to 8192 [ 91.191300][ T5456] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 91.204289][ T5456] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 91.213508][ T5456] REISERFS (device loop0): using ordered data mode [ 91.220015][ T5456] reiserfs: using flush barriers [ 91.226112][ T5456] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 91.242561][ T5456] REISERFS (device loop0): checking transaction log (loop0) [pid 5456] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5456] chdir("./file0") = 0 [pid 5456] ioctl(4, LOOP_CLR_FD) = 0 [pid 5456] close(4) = 0 [pid 5456] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] <... futex resumed>) = 0 [pid 5455] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5455] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5456] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] <... futex resumed>) = 0 [pid 5455] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5455] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] <... mmap resumed>) = 0x20000000 [pid 5456] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] <... futex resumed>) = 0 [pid 5456] <... futex resumed>) = 1 [pid 5455] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5455] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5456] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] <... futex resumed>) = 0 [pid 5455] exit_group(0) = ? [pid 5456] +++ exited with 0 +++ [pid 5455] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5455, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./128/binderfs") = 0 [ 91.287932][ T5456] REISERFS (device loop0): Using r5 hash to sort names [ 91.295558][ T5456] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5458 ./strace-static-x86_64: Process 5458 attached [pid 5458] set_robust_list(0x555556c086e0, 24) = 0 [pid 5458] chdir("./129") = 0 [pid 5458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5458] setpgid(0, 0) = 0 [pid 5458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5458] write(3, "1000", 4) = 4 [pid 5458] close(3) = 0 [pid 5458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5458] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5458] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5458] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5459], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5459 [pid 5458] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5459 attached [pid 5459] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5459] memfd_create("syzkaller", 0) = 3 [pid 5459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5459] munmap(0x7f18a1998000, 4194304) = 0 [pid 5459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5459] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5459] close(3) = 0 [pid 5459] mkdir("./file0", 0777) = 0 [ 91.432580][ T5459] loop0: detected capacity change from 0 to 8192 [ 91.442959][ T5459] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 91.456251][ T5459] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 91.465880][ T5459] REISERFS (device loop0): using ordered data mode [ 91.472646][ T5459] reiserfs: using flush barriers [ 91.478384][ T5459] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 91.494864][ T5459] REISERFS (device loop0): checking transaction log (loop0) [pid 5459] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5459] chdir("./file0") = 0 [pid 5459] ioctl(4, LOOP_CLR_FD) = 0 [pid 5459] close(4) = 0 [pid 5459] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5458] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5459] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5458] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5459] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5458] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5458] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5459] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5459] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5458] <... futex resumed>) = 0 [pid 5459] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5458] exit_group(0) = ? [pid 5459] <... futex resumed>) = ? [pid 5459] +++ exited with 0 +++ [pid 5458] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5458, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./129/binderfs") = 0 [ 91.541596][ T5459] REISERFS (device loop0): Using r5 hash to sort names [ 91.548798][ T5459] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5461 ./strace-static-x86_64: Process 5461 attached [pid 5461] set_robust_list(0x555556c086e0, 24) = 0 [pid 5461] chdir("./130") = 0 [pid 5461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5461] setpgid(0, 0) = 0 [pid 5461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5461] write(3, "1000", 4) = 4 [pid 5461] close(3) = 0 [pid 5461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5461] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5461] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5461] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5462], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5462 ./strace-static-x86_64: Process 5462 attached [pid 5462] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5462] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5461] <... futex resumed>) = 1 [pid 5462] memfd_create("syzkaller", 0 [pid 5461] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5462] <... memfd_create resumed>) = 3 [pid 5462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5462] munmap(0x7f18a1998000, 4194304) = 0 [pid 5462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5462] close(3) = 0 [pid 5462] mkdir("./file0", 0777) = 0 [ 91.701686][ T5462] loop0: detected capacity change from 0 to 8192 [ 91.711333][ T5462] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 91.724449][ T5462] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 91.733770][ T5462] REISERFS (device loop0): using ordered data mode [ 91.740291][ T5462] reiserfs: using flush barriers [ 91.746299][ T5462] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 91.762653][ T5462] REISERFS (device loop0): checking transaction log (loop0) [pid 5462] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5462] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5462] chdir("./file0") = 0 [pid 5462] ioctl(4, LOOP_CLR_FD) = 0 [pid 5462] close(4) = 0 [pid 5462] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... futex resumed>) = 1 [pid 5462] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5462] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... futex resumed>) = 1 [pid 5462] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5462] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [ 91.809952][ T5462] REISERFS (device loop0): Using r5 hash to sort names [ 91.817085][ T5462] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5461] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... futex resumed>) = 1 [pid 5462] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5462] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5461] exit_group(0) = ? [pid 5462] <... futex resumed>) = ? [pid 5462] +++ exited with 0 +++ [pid 5461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5461, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./130/binderfs") = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5464 ./strace-static-x86_64: Process 5464 attached [pid 5464] set_robust_list(0x555556c086e0, 24) = 0 [pid 5464] chdir("./131") = 0 [pid 5464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5464] setpgid(0, 0) = 0 [pid 5464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5464] write(3, "1000", 4) = 4 [pid 5464] close(3) = 0 [pid 5464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5464] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5464] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5464] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5465], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5465 [pid 5464] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5465 attached [pid 5465] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5465] memfd_create("syzkaller", 0) = 3 [pid 5465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5465] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5465] munmap(0x7f18a1998000, 4194304) = 0 [pid 5465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5465] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5465] close(3) = 0 [pid 5465] mkdir("./file0", 0777) = 0 [ 91.979991][ T5465] loop0: detected capacity change from 0 to 8192 [ 91.989861][ T5465] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 92.003063][ T5465] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 92.012419][ T5465] REISERFS (device loop0): using ordered data mode [ 92.019020][ T5465] reiserfs: using flush barriers [ 92.024945][ T5465] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 92.041460][ T5465] REISERFS (device loop0): checking transaction log (loop0) [pid 5465] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5465] chdir("./file0") = 0 [pid 5465] ioctl(4, LOOP_CLR_FD) = 0 [pid 5465] close(4) = 0 [pid 5465] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5464] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... futex resumed>) = 1 [pid 5465] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5465] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5464] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... futex resumed>) = 1 [pid 5465] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5465] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5464] <... futex resumed>) = 0 [pid 5464] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5464] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5465] <... futex resumed>) = 1 [pid 5465] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5465] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5464] <... futex resumed>) = 0 [pid 5465] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5464] exit_group(0 [pid 5465] <... futex resumed>) = ? [pid 5464] <... exit_group resumed>) = ? [pid 5465] +++ exited with 0 +++ [pid 5464] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5464, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./131/binderfs") = 0 [ 92.088463][ T5465] REISERFS (device loop0): Using r5 hash to sort names [ 92.095559][ T5465] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5467 ./strace-static-x86_64: Process 5467 attached [pid 5467] set_robust_list(0x555556c086e0, 24) = 0 [pid 5467] chdir("./132") = 0 [pid 5467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5467] setpgid(0, 0) = 0 [pid 5467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5467] write(3, "1000", 4) = 4 [pid 5467] close(3) = 0 [pid 5467] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5467] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5467] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5467] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5468 attached , parent_tid=[5468], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5468 [pid 5468] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5468] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5467] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5468] memfd_create("syzkaller", 0) = 3 [pid 5468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5468] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5468] munmap(0x7f18a1998000, 4194304) = 0 [pid 5468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5468] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5468] close(3) = 0 [pid 5468] mkdir("./file0", 0777) = 0 [ 92.256529][ T5468] loop0: detected capacity change from 0 to 8192 [ 92.267537][ T5468] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 92.280680][ T5468] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 92.289912][ T5468] REISERFS (device loop0): using ordered data mode [ 92.296456][ T5468] reiserfs: using flush barriers [ 92.302407][ T5468] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 92.318786][ T5468] REISERFS (device loop0): checking transaction log (loop0) [pid 5468] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5468] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5468] chdir("./file0") = 0 [pid 5468] ioctl(4, LOOP_CLR_FD) = 0 [pid 5468] close(4) = 0 [pid 5468] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5468] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5467] <... futex resumed>) = 0 [pid 5468] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5467] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... openat resumed>) = 4 [pid 5468] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5468] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5467] <... futex resumed>) = 0 [pid 5468] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5467] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... mmap resumed>) = 0x20000000 [pid 5468] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5468] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5467] <... futex resumed>) = 0 [pid 5468] ioctl(4, FS_IOC_GETVERSION [pid 5467] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5468] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5468] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] exit_group(0 [pid 5468] <... futex resumed>) = ? [pid 5467] <... exit_group resumed>) = ? [pid 5468] +++ exited with 0 +++ [pid 5467] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5467, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 92.367037][ T5468] REISERFS (device loop0): Using r5 hash to sort names [ 92.374299][ T5468] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. unlink("./132/binderfs") = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5470 ./strace-static-x86_64: Process 5470 attached [pid 5470] set_robust_list(0x555556c086e0, 24) = 0 [pid 5470] chdir("./133") = 0 [pid 5470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5470] setpgid(0, 0) = 0 [pid 5470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5470] write(3, "1000", 4) = 4 [pid 5470] close(3) = 0 [pid 5470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5470] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5470] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5470] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5471], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5471 [pid 5470] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5471 attached [pid 5471] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5471] memfd_create("syzkaller", 0) = 3 [pid 5471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5471] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5471] munmap(0x7f18a1998000, 4194304) = 0 [pid 5471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5471] close(3) = 0 [pid 5471] mkdir("./file0", 0777) = 0 [ 92.518615][ T5471] loop0: detected capacity change from 0 to 8192 [ 92.529570][ T5471] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 92.542751][ T5471] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 92.552056][ T5471] REISERFS (device loop0): using ordered data mode [ 92.558565][ T5471] reiserfs: using flush barriers [ 92.564507][ T5471] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 92.581307][ T5471] REISERFS (device loop0): checking transaction log (loop0) [pid 5471] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5471] chdir("./file0") = 0 [pid 5471] ioctl(4, LOOP_CLR_FD) = 0 [pid 5471] close(4) = 0 [pid 5471] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... futex resumed>) = 1 [pid 5471] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5471] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... futex resumed>) = 1 [pid 5471] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5471] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... futex resumed>) = 0 [pid 5470] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5470] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5471] <... futex resumed>) = 1 [pid 5471] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5471] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] <... futex resumed>) = 0 [pid 5470] exit_group(0) = ? [pid 5471] <... futex resumed>) = ? [pid 5471] +++ exited with 0 +++ [pid 5470] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5470, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./133/binderfs") = 0 [ 92.630518][ T5471] REISERFS (device loop0): Using r5 hash to sort names [ 92.637669][ T5471] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5473 ./strace-static-x86_64: Process 5473 attached [pid 5473] set_robust_list(0x555556c086e0, 24) = 0 [pid 5473] chdir("./134") = 0 [pid 5473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5473] setpgid(0, 0) = 0 [pid 5473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5473] write(3, "1000", 4) = 4 [pid 5473] close(3) = 0 [pid 5473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5473] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5473] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5473] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5474], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5474 [pid 5473] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5474 attached [pid 5474] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5474] memfd_create("syzkaller", 0) = 3 [pid 5474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5474] munmap(0x7f18a1998000, 4194304) = 0 [pid 5474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5474] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5474] close(3) = 0 [pid 5474] mkdir("./file0", 0777) = 0 [ 92.764444][ T5474] loop0: detected capacity change from 0 to 8192 [ 92.774563][ T5474] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 92.787570][ T5474] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 92.797258][ T5474] REISERFS (device loop0): using ordered data mode [ 92.803992][ T5474] reiserfs: using flush barriers [ 92.809726][ T5474] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 92.826300][ T5474] REISERFS (device loop0): checking transaction log (loop0) [pid 5474] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5474] chdir("./file0") = 0 [pid 5474] ioctl(4, LOOP_CLR_FD) = 0 [pid 5474] close(4) = 0 [pid 5474] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5473] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... openat resumed>) = 4 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5473] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... mmap resumed>) = 0x20000000 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... futex resumed>) = 1 [pid 5474] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5474] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] exit_group(0 [pid 5474] <... futex resumed>) = ? [pid 5473] <... exit_group resumed>) = ? [pid 5474] +++ exited with 0 +++ [pid 5473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5473, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./134/binderfs") = 0 [ 92.867848][ T5474] REISERFS (device loop0): Using r5 hash to sort names [ 92.874941][ T5474] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5476 ./strace-static-x86_64: Process 5476 attached [pid 5476] set_robust_list(0x555556c086e0, 24) = 0 [pid 5476] chdir("./135") = 0 [pid 5476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5476] setpgid(0, 0) = 0 [pid 5476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5476] write(3, "1000", 4) = 4 [pid 5476] close(3) = 0 [pid 5476] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5476] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5476] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5476] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5477 attached , parent_tid=[5477], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5477 [pid 5476] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5476] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5477] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5477] memfd_create("syzkaller", 0) = 3 [pid 5477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5477] munmap(0x7f18a1998000, 4194304) = 0 [pid 5477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5477] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5477] close(3) = 0 [pid 5477] mkdir("./file0", 0777) = 0 [ 93.020375][ T5477] loop0: detected capacity change from 0 to 8192 [ 93.030344][ T5477] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 93.043384][ T5477] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 93.052695][ T5477] REISERFS (device loop0): using ordered data mode [ 93.059207][ T5477] reiserfs: using flush barriers [ 93.065201][ T5477] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 93.081596][ T5477] REISERFS (device loop0): checking transaction log (loop0) [pid 5477] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5477] chdir("./file0") = 0 [pid 5477] ioctl(4, LOOP_CLR_FD) = 0 [pid 5477] close(4) = 0 [pid 5477] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] <... futex resumed>) = 0 [pid 5477] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5476] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... openat resumed>) = 4 [pid 5476] <... futex resumed>) = 0 [pid 5476] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5476] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5476] <... futex resumed>) = 0 [pid 5477] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5476] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... mmap resumed>) = 0x20000000 [pid 5477] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] <... futex resumed>) = 0 [pid 5477] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5476] <... futex resumed>) = 0 [pid 5477] ioctl(4, FS_IOC_GETVERSION [pid 5476] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5477] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5477] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5476] <... futex resumed>) = 0 [pid 5477] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5476] exit_group(0) = ? [pid 5477] <... futex resumed>) = ? [pid 5477] +++ exited with 0 +++ [pid 5476] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5476, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./135/binderfs") = 0 [ 93.130057][ T5477] REISERFS (device loop0): Using r5 hash to sort names [ 93.137517][ T5477] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5480 ./strace-static-x86_64: Process 5480 attached [pid 5480] set_robust_list(0x555556c086e0, 24) = 0 [pid 5480] chdir("./136") = 0 [pid 5480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5480] setpgid(0, 0) = 0 [pid 5480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5480] write(3, "1000", 4) = 4 [pid 5480] close(3) = 0 [pid 5480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5480] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5480] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5480] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5481 attached , parent_tid=[5481], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5481 [pid 5480] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] set_robust_list(0x7f18a9db89e0, 24 [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5481] <... set_robust_list resumed>) = 0 [pid 5481] memfd_create("syzkaller", 0) = 3 [pid 5481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5481] munmap(0x7f18a1998000, 4194304) = 0 [pid 5481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5481] close(3) = 0 [pid 5481] mkdir("./file0", 0777) = 0 [ 93.297956][ T5481] loop0: detected capacity change from 0 to 8192 [ 93.307577][ T5481] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 93.320679][ T5481] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 93.329901][ T5481] REISERFS (device loop0): using ordered data mode [ 93.336488][ T5481] reiserfs: using flush barriers [ 93.342269][ T5481] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 93.358995][ T5481] REISERFS (device loop0): checking transaction log (loop0) [pid 5481] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5481] chdir("./file0") = 0 [pid 5481] ioctl(4, LOOP_CLR_FD) = 0 [pid 5481] close(4) = 0 [pid 5481] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5481] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5480] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5480] <... futex resumed>) = 0 [pid 5481] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5480] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... openat resumed>) = 4 [pid 5481] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5481] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5480] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] <... mmap resumed>) = 0x20000000 [pid 5480] <... futex resumed>) = 0 [pid 5481] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... futex resumed>) = 0 [pid 5480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5481] ioctl(4, FS_IOC_GETVERSION [pid 5480] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5480] <... futex resumed>) = 0 [pid 5481] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... futex resumed>) = 0 [pid 5480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5480] exit_group(0) = ? [pid 5481] +++ exited with 0 +++ [pid 5480] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5480, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./136/binderfs") = 0 [ 93.400775][ T5481] REISERFS (device loop0): Using r5 hash to sort names [ 93.407849][ T5481] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5483 ./strace-static-x86_64: Process 5483 attached [pid 5483] set_robust_list(0x555556c086e0, 24) = 0 [pid 5483] chdir("./137") = 0 [pid 5483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5483] setpgid(0, 0) = 0 [pid 5483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5483] write(3, "1000", 4) = 4 [pid 5483] close(3) = 0 [pid 5483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5483] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5483] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5483] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5484 attached [pid 5484] set_robust_list(0x7f18a9db89e0, 24 [pid 5483] <... clone resumed>, parent_tid=[5484], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5484 [pid 5484] <... set_robust_list resumed>) = 0 [pid 5483] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5484] memfd_create("syzkaller", 0) = 3 [pid 5484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5484] munmap(0x7f18a1998000, 4194304) = 0 [pid 5484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5484] close(3) = 0 [pid 5484] mkdir("./file0", 0777) = 0 [ 93.554484][ T5484] loop0: detected capacity change from 0 to 8192 [ 93.564665][ T5484] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 93.577669][ T5484] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 93.587192][ T5484] REISERFS (device loop0): using ordered data mode [ 93.593809][ T5484] reiserfs: using flush barriers [ 93.599920][ T5484] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 93.616869][ T5484] REISERFS (device loop0): checking transaction log (loop0) [pid 5484] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5484] chdir("./file0") = 0 [pid 5484] ioctl(4, LOOP_CLR_FD) = 0 [pid 5484] close(4) = 0 [pid 5484] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 0 [pid 5483] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... futex resumed>) = 1 [pid 5484] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5484] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 0 [pid 5483] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... futex resumed>) = 1 [pid 5484] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5484] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 0 [pid 5483] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... futex resumed>) = 1 [pid 5484] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5484] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = 0 [pid 5483] exit_group(0) = ? [pid 5484] <... futex resumed>) = ? [pid 5484] +++ exited with 0 +++ [pid 5483] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5483, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./137/binderfs") = 0 [ 93.680156][ T5484] REISERFS (device loop0): Using r5 hash to sort names [ 93.687542][ T5484] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5488 ./strace-static-x86_64: Process 5488 attached [pid 5488] set_robust_list(0x555556c086e0, 24) = 0 [pid 5488] chdir("./138") = 0 [pid 5488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5488] setpgid(0, 0) = 0 [pid 5488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5488] write(3, "1000", 4) = 4 [pid 5488] close(3) = 0 [pid 5488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5488] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5488] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5488] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5489], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5489 [pid 5488] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5489 attached [pid 5489] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5489] memfd_create("syzkaller", 0) = 3 [pid 5489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5489] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5489] munmap(0x7f18a1998000, 4194304) = 0 [pid 5489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5489] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5489] close(3) = 0 [pid 5489] mkdir("./file0", 0777) = 0 [ 93.810580][ T5489] loop0: detected capacity change from 0 to 8192 [ 93.820192][ T5489] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 93.833513][ T5489] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 93.843133][ T5489] REISERFS (device loop0): using ordered data mode [ 93.849648][ T5489] reiserfs: using flush barriers [ 93.855662][ T5489] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 93.872098][ T5489] REISERFS (device loop0): checking transaction log (loop0) [pid 5489] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5489] chdir("./file0") = 0 [pid 5489] ioctl(4, LOOP_CLR_FD) = 0 [pid 5489] close(4) = 0 [pid 5489] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] <... futex resumed>) = 0 [pid 5488] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] <... futex resumed>) = 1 [pid 5489] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5489] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5488] <... futex resumed>) = 0 [pid 5488] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] <... futex resumed>) = 1 [pid 5489] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5489] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] <... futex resumed>) = 0 [pid 5488] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5488] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5489] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5489] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5488] <... futex resumed>) = 0 [pid 5489] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5488] exit_group(0) = ? [pid 5489] <... futex resumed>) = ? [pid 5489] +++ exited with 0 +++ [pid 5488] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5488, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./138/binderfs") = 0 [ 93.919594][ T5489] REISERFS (device loop0): Using r5 hash to sort names [ 93.926702][ T5489] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5491 ./strace-static-x86_64: Process 5491 attached [pid 5491] set_robust_list(0x555556c086e0, 24) = 0 [pid 5491] chdir("./139") = 0 [pid 5491] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5491] setpgid(0, 0) = 0 [pid 5491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5491] write(3, "1000", 4) = 4 [pid 5491] close(3) = 0 [pid 5491] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5491] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5491] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5491] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5492 attached [pid 5492] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5492] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5491] <... clone resumed>, parent_tid=[5492], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5492 [pid 5491] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5492] memfd_create("syzkaller", 0 [pid 5491] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5492] <... memfd_create resumed>) = 3 [pid 5492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5492] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5492] munmap(0x7f18a1998000, 4194304) = 0 [pid 5492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5492] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5492] close(3) = 0 [pid 5492] mkdir("./file0", 0777) = 0 [ 94.104302][ T5492] loop0: detected capacity change from 0 to 8192 [ 94.115824][ T5492] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 94.128976][ T5492] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 94.138248][ T5492] REISERFS (device loop0): using ordered data mode [ 94.144796][ T5492] reiserfs: using flush barriers [ 94.150701][ T5492] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 94.167151][ T5492] REISERFS (device loop0): checking transaction log (loop0) [pid 5492] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5492] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5492] chdir("./file0") = 0 [pid 5492] ioctl(4, LOOP_CLR_FD) = 0 [pid 5492] close(4) = 0 [pid 5492] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] <... futex resumed>) = 0 [pid 5492] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5491] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5491] <... futex resumed>) = 0 [pid 5492] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5491] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5492] <... openat resumed>) = 4 [pid 5492] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] <... futex resumed>) = 0 [pid 5492] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5491] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5491] <... futex resumed>) = 0 [pid 5492] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5491] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5492] <... mmap resumed>) = 0x20000000 [pid 5492] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5491] <... futex resumed>) = 0 [pid 5492] ioctl(4, FS_IOC_GETVERSION [pid 5491] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5491] <... futex resumed>) = 0 [pid 5492] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5491] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5492] <... futex resumed>) = 0 [pid 5491] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5492] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5491] exit_group(0 [pid 5492] <... futex resumed>) = ? [pid 5491] <... exit_group resumed>) = ? [pid 5492] +++ exited with 0 +++ [pid 5491] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5491, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./139/binderfs") = 0 [ 94.214377][ T5492] REISERFS (device loop0): Using r5 hash to sort names [ 94.221425][ T5492] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5495 ./strace-static-x86_64: Process 5495 attached [pid 5495] set_robust_list(0x555556c086e0, 24) = 0 [pid 5495] chdir("./140") = 0 [pid 5495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5495] setpgid(0, 0) = 0 [pid 5495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5495] write(3, "1000", 4) = 4 [pid 5495] close(3) = 0 [pid 5495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5495] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5495] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5495] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5496 attached , parent_tid=[5496], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5496 [pid 5495] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5496] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5496] memfd_create("syzkaller", 0) = 3 [pid 5496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5496] munmap(0x7f18a1998000, 4194304) = 0 [pid 5496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5496] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5496] close(3) = 0 [pid 5496] mkdir("./file0", 0777) = 0 [ 94.377318][ T5496] loop0: detected capacity change from 0 to 8192 [ 94.387144][ T5496] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 94.400158][ T5496] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 94.409696][ T5496] REISERFS (device loop0): using ordered data mode [ 94.416366][ T5496] reiserfs: using flush barriers [ 94.422208][ T5496] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 94.438674][ T5496] REISERFS (device loop0): checking transaction log (loop0) [pid 5496] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5496] chdir("./file0") = 0 [pid 5496] ioctl(4, LOOP_CLR_FD) = 0 [pid 5496] close(4) = 0 [pid 5496] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5496] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5495] <... futex resumed>) = 0 [pid 5495] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5496] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5496] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5495] <... futex resumed>) = 0 [pid 5495] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 94.485746][ T5496] REISERFS (device loop0): Using r5 hash to sort names [ 94.493108][ T5496] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5496] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5495] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 94.526512][ T5496] [ 94.528846][ T5496] ====================================================== [ 94.535840][ T5496] WARNING: possible circular locking dependency detected [ 94.542837][ T5496] 6.2.0-rc1-syzkaller-00084-gc8451c141e07 #0 Not tainted [ 94.549847][ T5496] ------------------------------------------------------ [ 94.556870][ T5496] syz-executor547/5496 is trying to acquire lock: [ 94.563258][ T5496] ffff888028f92090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x77/0xd0 [ 94.572206][ T5496] [ 94.572206][ T5496] but task is already holding lock: [ 94.579573][ T5496] ffff888028373e98 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x14d/0x2b0 [ 94.588517][ T5496] [ 94.588517][ T5496] which lock already depends on the new lock. [ 94.588517][ T5496] [ 94.598897][ T5496] [ 94.598897][ T5496] the existing dependency chain (in reverse order) is: [ 94.607887][ T5496] [ 94.607887][ T5496] -> #1 (&mm->mmap_lock){++++}-{3:3}: [ 94.615415][ T5496] lock_acquire+0x182/0x3c0 [ 94.620422][ T5496] __might_fault+0xb2/0x110 [ 94.625429][ T5496] reiserfs_ioctl+0x11c/0x340 [ 94.630611][ T5496] __se_sys_ioctl+0xfb/0x170 [ 94.635703][ T5496] do_syscall_64+0x3d/0xb0 [ 94.640629][ T5496] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 94.647023][ T5496] [ 94.647023][ T5496] -> #0 (&sbi->lock){+.+.}-{3:3}: [ 94.654204][ T5496] validate_chain+0x1898/0x6ae0 [ 94.659557][ T5496] __lock_acquire+0x1292/0x1f60 [ 94.664910][ T5496] lock_acquire+0x182/0x3c0 [ 94.669913][ T5496] __mutex_lock_common+0x1bd/0x26e0 [ 94.675612][ T5496] mutex_lock_nested+0x17/0x20 [ 94.680874][ T5496] reiserfs_write_lock+0x77/0xd0 [ 94.686312][ T5496] reiserfs_dirty_inode+0xdf/0x230 [ 94.691929][ T5496] __mark_inode_dirty+0x1e7/0x600 [ 94.697454][ T5496] touch_atime+0x3d3/0x630 [ 94.702369][ T5496] generic_file_mmap+0xbb/0x120 [ 94.707722][ T5496] mmap_region+0xfe6/0x1e20 [ 94.712726][ T5496] do_mmap+0x8d9/0xf30 [ 94.717293][ T5496] vm_mmap_pgoff+0x19e/0x2b0 [ 94.722383][ T5496] ksys_mmap_pgoff+0x48c/0x6d0 [ 94.727644][ T5496] do_syscall_64+0x3d/0xb0 [ 94.732594][ T5496] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 94.739009][ T5496] [ 94.739009][ T5496] other info that might help us debug this: [ 94.739009][ T5496] [ 94.749213][ T5496] Possible unsafe locking scenario: [ 94.749213][ T5496] [ 94.756638][ T5496] CPU0 CPU1 [ 94.761983][ T5496] ---- ---- [ 94.767332][ T5496] lock(&mm->mmap_lock); [ 94.771643][ T5496] lock(&sbi->lock); [ 94.778119][ T5496] lock(&mm->mmap_lock); [ 94.785031][ T5496] lock(&sbi->lock); [ 94.788992][ T5496] [ 94.788992][ T5496] *** DEADLOCK *** [ 94.788992][ T5496] [ 94.797120][ T5496] 2 locks held by syz-executor547/5496: [ 94.802651][ T5496] #0: ffff888028373e98 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x14d/0x2b0 [ 94.812021][ T5496] #1: ffff8880790d0460 (sb_writers#9){.+.+}-{0:0}, at: generic_file_mmap+0xbb/0x120 [ 94.821489][ T5496] [ 94.821489][ T5496] stack backtrace: [ 94.827353][ T5496] CPU: 0 PID: 5496 Comm: syz-executor547 Not tainted 6.2.0-rc1-syzkaller-00084-gc8451c141e07 #0 [ 94.837738][ T5496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 94.847778][ T5496] Call Trace: [ 94.851041][ T5496] [ 94.853957][ T5496] dump_stack_lvl+0x1b1/0x290 [ 94.858625][ T5496] ? nf_tcp_handle_invalid+0x630/0x630 [ 94.864066][ T5496] ? print_circular_bug+0x13e/0x1c0 [ 94.869247][ T5496] check_noncircular+0x2cc/0x390 [ 94.874292][ T5496] ? add_chain_block+0x850/0x850 [ 94.879211][ T5496] ? add_lock_to_list+0x1c7/0x2d0 [ 94.884219][ T5496] validate_chain+0x1898/0x6ae0 [ 94.889057][ T5496] ? lockdep_unlock+0x144/0x2e0 [ 94.893888][ T5496] ? reacquire_held_locks+0x650/0x650 [ 94.899239][ T5496] ? add_lock_to_list+0x1c7/0x2d0 [ 94.904248][ T5496] ? validate_chain+0x1478/0x6ae0 [ 94.909261][ T5496] ? lockdep_unlock+0x144/0x2e0 [ 94.914094][ T5496] ? reacquire_held_locks+0x650/0x650 [ 94.919477][ T5496] ? add_lock_to_list+0x1c7/0x2d0 [ 94.924484][ T5496] ? validate_chain+0x1478/0x6ae0 [ 94.929493][ T5496] ? validate_chain+0x177/0x6ae0 [ 94.934414][ T5496] ? reacquire_held_locks+0x650/0x650 [ 94.939768][ T5496] ? reacquire_held_locks+0x650/0x650 [ 94.945118][ T5496] ? validate_chain+0x177/0x6ae0 [ 94.950037][ T5496] ? reacquire_held_locks+0x650/0x650 [ 94.955391][ T5496] ? validate_chain+0x177/0x6ae0 [ 94.960310][ T5496] ? mas_mab_cp+0x60a/0x8d0 [ 94.964795][ T5496] ? memcpy+0x3c/0x60 [ 94.968758][ T5496] ? stack_trace_save+0x1e0/0x1e0 [ 94.973765][ T5496] ? rcu_read_lock_sched_held+0x87/0x110 [ 94.979377][ T5496] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 94.985337][ T5496] ? rcu_lock_release+0x5/0x20 [ 94.990084][ T5496] ? mas_wr_modify+0x8a2/0x6d60 [ 94.994935][ T5496] ? read_lock_is_recursive+0x10/0x10 [ 95.000290][ T5496] ? stack_trace_save+0x1e0/0x1e0 [ 95.005297][ T5496] ? rcu_read_lock_sched_held+0x87/0x110 [ 95.010911][ T5496] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 95.016872][ T5496] ? rcu_lock_release+0x5/0x20 [ 95.021618][ T5496] ? read_lock_is_recursive+0x10/0x10 [ 95.026969][ T5496] ? rcu_lock_release+0x5/0x20 [ 95.031717][ T5496] ? __lock_acquire+0x1f60/0x1f60 [ 95.036725][ T5496] ? deref_stack_reg+0x17a/0x210 [ 95.041646][ T5496] ? preempt_count_add+0x8d/0x180 [ 95.046653][ T5496] ? stack_trace_save+0x1e0/0x1e0 [ 95.051657][ T5496] ? is_bpf_text_address+0x253/0x270 [ 95.056925][ T5496] ? stack_trace_save+0x1e0/0x1e0 [ 95.061930][ T5496] ? rcu_read_lock_sched_held+0x87/0x110 [ 95.067542][ T5496] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 95.073509][ T5496] ? rcu_lock_release+0x5/0x20 [ 95.078257][ T5496] ? read_lock_is_recursive+0x10/0x10 [ 95.083611][ T5496] ? rcu_lock_release+0x5/0x20 [ 95.088357][ T5496] ? __lock_acquire+0x1f60/0x1f60 [ 95.093361][ T5496] ? deref_stack_reg+0x17a/0x210 [ 95.098277][ T5496] ? preempt_count_add+0x8d/0x180 [ 95.103284][ T5496] ? stack_trace_save+0x1e0/0x1e0 [ 95.108290][ T5496] ? is_bpf_text_address+0x253/0x270 [ 95.113564][ T5496] ? stack_trace_save+0x1e0/0x1e0 [ 95.118575][ T5496] ? mark_lock+0x9a/0x350 [ 95.122884][ T5496] ? rcu_read_lock_sched_held+0x87/0x110 [ 95.128500][ T5496] ? rcu_lock_release+0x5/0x20 [ 95.133248][ T5496] ? rcu_lock_release+0x5/0x20 [ 95.137995][ T5496] ? __lock_acquire+0x1f60/0x1f60 [ 95.143002][ T5496] ? stack_trace_save+0x1e0/0x1e0 [ 95.148006][ T5496] ? rcu_read_lock_sched_held+0x87/0x110 [ 95.153617][ T5496] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 95.159578][ T5496] ? mark_lock+0x9a/0x350 [ 95.163888][ T5496] __lock_acquire+0x1292/0x1f60 [ 95.168721][ T5496] lock_acquire+0x182/0x3c0 [ 95.173204][ T5496] ? reiserfs_write_lock+0x77/0xd0 [ 95.178296][ T5496] ? read_lock_is_recursive+0x10/0x10 [ 95.183648][ T5496] ? __might_sleep+0xc0/0xc0 [ 95.188220][ T5496] ? rcu_read_lock_sched_held+0x87/0x110 [ 95.193834][ T5496] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 95.199796][ T5496] __mutex_lock_common+0x1bd/0x26e0 [ 95.204974][ T5496] ? reiserfs_write_lock+0x77/0xd0 [ 95.210068][ T5496] ? mark_lock+0x9a/0x350 [ 95.214376][ T5496] ? reiserfs_write_lock+0x77/0xd0 [ 95.219466][ T5496] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 95.225425][ T5496] ? mutex_lock_io_nested+0x60/0x60 [ 95.230602][ T5496] ? print_irqtrace_events+0x220/0x220 [ 95.236044][ T5496] ? ktime_get_coarse_real_ts64+0x45/0x140 [ 95.241831][ T5496] ? lockdep_hardirqs_on+0x8d/0x130 [ 95.247008][ T5496] mutex_lock_nested+0x17/0x20 [ 95.251755][ T5496] reiserfs_write_lock+0x77/0xd0 [ 95.256679][ T5496] reiserfs_dirty_inode+0xdf/0x230 [ 95.261772][ T5496] ? reiserfs_free_inode+0x20/0x20 [ 95.266866][ T5496] ? rcu_read_lock_sched_held+0x87/0x110 [ 95.272479][ T5496] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 95.278439][ T5496] ? current_time+0x1ea/0x300 [ 95.283102][ T5496] ? reiserfs_free_inode+0x20/0x20 [ 95.288197][ T5496] __mark_inode_dirty+0x1e7/0x600 [ 95.293202][ T5496] ? generic_file_mmap+0xbb/0x120 [ 95.298208][ T5496] touch_atime+0x3d3/0x630 [ 95.302604][ T5496] ? current_time+0x300/0x300 [ 95.307348][ T5496] ? kmem_cache_alloc+0x20a/0x350 [ 95.312352][ T5496] ? vm_area_alloc+0x20/0xe0 [ 95.316920][ T5496] generic_file_mmap+0xbb/0x120 [ 95.321788][ T5496] mmap_region+0xfe6/0x1e20 [ 95.326369][ T5496] ? file_mmap_ok+0x150/0x150 [ 95.331026][ T5496] ? validate_mm+0x2a4/0x330 [ 95.335597][ T5496] ? cap_mmap_addr+0x164/0x2d0 [ 95.340351][ T5496] ? udf_update_inode+0x16f2/0x3050 [ 95.345530][ T5496] do_mmap+0x8d9/0xf30 [ 95.349592][ T5496] ? mlock_future_check+0x100/0x100 [ 95.354791][ T5496] ? down_write+0x270/0x270 [ 95.359275][ T5496] ? apparmor_file_free_security+0xf0/0xf0 [ 95.365061][ T5496] ? bpf_lsm_mmap_file+0x5/0x10 [ 95.369901][ T5496] vm_mmap_pgoff+0x19e/0x2b0 [ 95.374479][ T5496] ? lockdep_hardirqs_on+0x8d/0x130 [ 95.379658][ T5496] ? account_locked_vm+0xd0/0xd0 [ 95.384580][ T5496] ksys_mmap_pgoff+0x48c/0x6d0 [ 95.389327][ T5496] do_syscall_64+0x3d/0xb0 [ 95.393726][ T5496] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 95.399600][ T5496] RIP: 0033:0x7f18a9e0cd19 [ 95.403996][ T5496] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 5495] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 5496] <... mmap resumed>) = 0x20000000 [pid 5496] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5495] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5495] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5496] <... futex resumed>) = 1 [pid 5496] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5496] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = 0 [pid 5495] exit_group(0) = ? [pid 5496] <... futex resumed>) = ? [pid 5496] +++ exited with 0 +++ [pid 5495] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5495, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./140/binderfs") = 0 [ 95.423586][ T5496] RSP: 002b:00007f18a9db81f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 95.431979][ T5496] RAX: ffffffffffffffda RBX: 00007f18a9e927a8 RCX: 00007f18a9e0cd19 [ 95.439941][ T5496] RDX: 0000000000000001 RSI: 0000000000400000 RDI: 0000000020000000 [ 95.447891][ T5496] RBP: 00007f18a9e927a0 R08: 0000000000000004 R09: 0000000000000000 [ 95.455841][ T5496] R10: 0000000000010012 R11: 0000000000000246 R12: 00007f18a9e927ac [ 95.463805][ T5496] R13: 00007ffc98f95b0f R14: 00007f18a9db8300 R15: 0000000000022000 [ 95.471782][ T5496] umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5500 attached , child_tidptr=0x555556c086d0) = 5500 [pid 5500] set_robust_list(0x555556c086e0, 24) = 0 [pid 5500] chdir("./141") = 0 [pid 5500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5500] setpgid(0, 0) = 0 [pid 5500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5500] write(3, "1000", 4) = 4 [pid 5500] close(3) = 0 [pid 5500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5500] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5500] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5500] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5501 attached , parent_tid=[5501], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5501 [pid 5501] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5501] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5500] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5500] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5501] memfd_create("syzkaller", 0) = 3 [pid 5501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5501] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5501] munmap(0x7f18a1998000, 4194304) = 0 [pid 5501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5501] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5501] close(3) = 0 [pid 5501] mkdir("./file0", 0777) = 0 [ 95.567894][ T5501] loop0: detected capacity change from 0 to 8192 [ 95.576395][ T5501] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 95.589519][ T5501] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 95.598913][ T5501] REISERFS (device loop0): using ordered data mode [ 95.605479][ T5501] reiserfs: using flush barriers [ 95.610952][ T5501] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 95.627481][ T5501] REISERFS (device loop0): checking transaction log (loop0) [ 95.657068][ T5501] REISERFS (device loop0): Using r5 hash to sort names [pid 5501] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5501] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5501] chdir("./file0") = 0 [pid 5501] ioctl(4, LOOP_CLR_FD) = 0 [pid 5501] close(4) = 0 [pid 5501] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5500] <... futex resumed>) = 0 [pid 5501] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5500] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5501] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5500] <... futex resumed>) = 0 [pid 5501] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5500] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5500] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5500] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5501] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5501] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... futex resumed>) = 0 [pid 5500] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5500] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5501] <... futex resumed>) = 1 [pid 5501] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5501] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5500] <... futex resumed>) = 0 [pid 5500] exit_group(0) = ? [pid 5501] <... futex resumed>) = ? [pid 5501] +++ exited with 0 +++ [pid 5500] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5500, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./141/binderfs") = 0 [ 95.664090][ T5501] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5503 ./strace-static-x86_64: Process 5503 attached [pid 5503] set_robust_list(0x555556c086e0, 24) = 0 [pid 5503] chdir("./142") = 0 [pid 5503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5503] setpgid(0, 0) = 0 [pid 5503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5503] write(3, "1000", 4) = 4 [pid 5503] close(3) = 0 [pid 5503] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5503] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5503] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5503] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5504], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5504 [pid 5503] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5503] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5504 attached [pid 5504] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5504] memfd_create("syzkaller", 0) = 3 [pid 5504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5504] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5504] munmap(0x7f18a1998000, 4194304) = 0 [pid 5504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5504] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5504] close(3) = 0 [pid 5504] mkdir("./file0", 0777) = 0 [ 95.765141][ T5504] loop0: detected capacity change from 0 to 8192 [ 95.774565][ T5504] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 95.787586][ T5504] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 95.796808][ T5504] REISERFS (device loop0): using ordered data mode [ 95.803387][ T5504] reiserfs: using flush barriers [ 95.808936][ T5504] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 95.825336][ T5504] REISERFS (device loop0): checking transaction log (loop0) [ 95.854764][ T5504] REISERFS (device loop0): Using r5 hash to sort names [pid 5504] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5504] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5504] chdir("./file0") = 0 [pid 5504] ioctl(4, LOOP_CLR_FD) = 0 [pid 5504] close(4) = 0 [pid 5504] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5503] <... futex resumed>) = 0 [pid 5503] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5503] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5504] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5504] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] <... futex resumed>) = 0 [pid 5503] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5503] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5504] <... futex resumed>) = 1 [pid 5504] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5504] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] <... futex resumed>) = 0 [pid 5503] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5503] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5504] <... futex resumed>) = 1 [pid 5504] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5504] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5503] <... futex resumed>) = 0 [pid 5503] exit_group(0) = ? [pid 5504] <... futex resumed>) = ? [pid 5504] +++ exited with 0 +++ [pid 5503] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5503, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./142/binderfs") = 0 [ 95.861766][ T5504] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5506 attached [pid 5506] set_robust_list(0x555556c086e0, 24) = 0 [pid 5506] chdir("./143") = 0 [pid 5506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5506] setpgid(0, 0) = 0 [pid 5506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5506] write(3, "1000", 4) = 4 [pid 5506] close(3) = 0 [pid 5506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5506] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5506] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5506] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5507], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5507 [pid 5506] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5507 attached [pid 5507] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5507] memfd_create("syzkaller", 0 [pid 5067] <... clone resumed>, child_tidptr=0x555556c086d0) = 5506 [pid 5507] <... memfd_create resumed>) = 3 [pid 5507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5507] munmap(0x7f18a1998000, 4194304) = 0 [pid 5507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5507] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5507] close(3) = 0 [pid 5507] mkdir("./file0", 0777) = 0 [ 95.962440][ T5507] loop0: detected capacity change from 0 to 8192 [ 95.970512][ T5507] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 95.983616][ T5507] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 95.992886][ T5507] REISERFS (device loop0): using ordered data mode [ 95.999425][ T5507] reiserfs: using flush barriers [ 96.005088][ T5507] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 96.021346][ T5507] REISERFS (device loop0): checking transaction log (loop0) [ 96.049756][ T5507] REISERFS (device loop0): Using r5 hash to sort names [pid 5507] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5507] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5507] chdir("./file0") = 0 [pid 5507] ioctl(4, LOOP_CLR_FD) = 0 [pid 5507] close(4) = 0 [pid 5507] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5507] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5506] <... futex resumed>) = 0 [pid 5506] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5506] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] <... futex resumed>) = 0 [pid 5507] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5507] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... futex resumed>) = 0 [pid 5506] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] <... futex resumed>) = 1 [pid 5507] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5507] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... futex resumed>) = 0 [pid 5506] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5506] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5507] <... futex resumed>) = 1 [pid 5507] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5507] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5506] <... futex resumed>) = 0 [pid 5506] exit_group(0) = ? [pid 5507] <... futex resumed>) = ? [pid 5507] +++ exited with 0 +++ [pid 5506] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5506, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./143/binderfs") = 0 [ 96.056775][ T5507] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5509 ./strace-static-x86_64: Process 5509 attached [pid 5509] set_robust_list(0x555556c086e0, 24) = 0 [pid 5509] chdir("./144") = 0 [pid 5509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5509] setpgid(0, 0) = 0 [pid 5509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5509] write(3, "1000", 4) = 4 [pid 5509] close(3) = 0 [pid 5509] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5509] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5509] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5509] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5510 attached [pid 5510] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5510] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5509] <... clone resumed>, parent_tid=[5510], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5510 [pid 5509] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] <... futex resumed>) = 0 [pid 5509] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5510] memfd_create("syzkaller", 0) = 3 [pid 5510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5510] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5510] munmap(0x7f18a1998000, 4194304) = 0 [pid 5510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5510] close(3) = 0 [pid 5510] mkdir("./file0", 0777) = 0 [ 96.158153][ T5510] loop0: detected capacity change from 0 to 8192 [ 96.166709][ T5510] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 96.179710][ T5510] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 96.188920][ T5510] REISERFS (device loop0): using ordered data mode [ 96.195440][ T5510] reiserfs: using flush barriers [ 96.200964][ T5510] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 96.217311][ T5510] REISERFS (device loop0): checking transaction log (loop0) [ 96.245767][ T5510] REISERFS (device loop0): Using r5 hash to sort names [pid 5510] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5510] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5510] chdir("./file0") = 0 [pid 5510] ioctl(4, LOOP_CLR_FD) = 0 [pid 5510] close(4) = 0 [pid 5510] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] <... futex resumed>) = 1 [pid 5510] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5510] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] <... futex resumed>) = 1 [pid 5510] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5510] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5509] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5509] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5510] <... futex resumed>) = 1 [pid 5510] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5510] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5509] exit_group(0) = ? [pid 5510] <... futex resumed>) = ? [pid 5510] +++ exited with 0 +++ [pid 5509] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5509, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./144/binderfs") = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 96.252823][ T5510] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5512 ./strace-static-x86_64: Process 5512 attached [pid 5512] set_robust_list(0x555556c086e0, 24) = 0 [pid 5512] chdir("./145") = 0 [pid 5512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5512] setpgid(0, 0) = 0 [pid 5512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5512] write(3, "1000", 4) = 4 [pid 5512] close(3) = 0 [pid 5512] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5512] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5512] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5512] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5513 attached [pid 5513] set_robust_list(0x7f18a9db89e0, 24 [pid 5512] <... clone resumed>, parent_tid=[5513], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5513 [pid 5512] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] <... set_robust_list resumed>) = 0 [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5513] memfd_create("syzkaller", 0) = 3 [pid 5513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5513] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5513] munmap(0x7f18a1998000, 4194304) = 0 [pid 5513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5513] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5513] close(3) = 0 [pid 5513] mkdir("./file0", 0777) = 0 [ 96.345578][ T5513] loop0: detected capacity change from 0 to 8192 [ 96.355403][ T5513] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 96.368447][ T5513] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 96.377637][ T5513] REISERFS (device loop0): using ordered data mode [ 96.384177][ T5513] reiserfs: using flush barriers [ 96.389846][ T5513] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 96.406175][ T5513] REISERFS (device loop0): checking transaction log (loop0) [ 96.435017][ T5513] REISERFS (device loop0): Using r5 hash to sort names [pid 5513] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5513] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5513] chdir("./file0") = 0 [pid 5513] ioctl(4, LOOP_CLR_FD) = 0 [pid 5513] close(4) = 0 [pid 5513] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5513] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5513] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5512] <... futex resumed>) = 0 [pid 5512] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... mmap resumed>) = 0x20000000 [pid 5513] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5513] ioctl(4, FS_IOC_GETVERSION [pid 5512] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5512] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5513] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5513] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5512] <... futex resumed>) = 0 [pid 5512] exit_group(0) = ? [pid 5513] +++ exited with 0 +++ [pid 5512] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5512, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./145/binderfs") = 0 [ 96.442099][ T5513] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5515 ./strace-static-x86_64: Process 5515 attached [pid 5515] set_robust_list(0x555556c086e0, 24) = 0 [pid 5515] chdir("./146") = 0 [pid 5515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5515] setpgid(0, 0) = 0 [pid 5515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5515] write(3, "1000", 4) = 4 [pid 5515] close(3) = 0 [pid 5515] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5515] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5515] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5515] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5516 attached , parent_tid=[5516], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5516 [pid 5516] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5516] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5515] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5516] <... futex resumed>) = 0 [pid 5516] memfd_create("syzkaller", 0 [pid 5515] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5516] <... memfd_create resumed>) = 3 [pid 5516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5516] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5516] munmap(0x7f18a1998000, 4194304) = 0 [pid 5516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5516] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5516] close(3) = 0 [pid 5516] mkdir("./file0", 0777) = 0 [ 96.548683][ T5516] loop0: detected capacity change from 0 to 8192 [ 96.557353][ T5516] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 96.570518][ T5516] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 96.579907][ T5516] REISERFS (device loop0): using ordered data mode [ 96.586672][ T5516] reiserfs: using flush barriers [ 96.592389][ T5516] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 96.608800][ T5516] REISERFS (device loop0): checking transaction log (loop0) [ 96.638922][ T5516] REISERFS (device loop0): Using r5 hash to sort names [pid 5516] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5516] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5516] chdir("./file0") = 0 [pid 5516] ioctl(4, LOOP_CLR_FD) = 0 [pid 5516] close(4) = 0 [pid 5516] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5515] <... futex resumed>) = 0 [pid 5515] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5515] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5516] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5516] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5515] <... futex resumed>) = 0 [pid 5516] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5515] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5515] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5516] <... mmap resumed>) = 0x20000000 [pid 5516] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5515] <... futex resumed>) = 0 [pid 5515] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5516] ioctl(4, FS_IOC_GETVERSION [pid 5515] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5516] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5516] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5515] <... futex resumed>) = 0 [pid 5515] exit_group(0) = ? [pid 5516] +++ exited with 0 +++ [pid 5515] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5515, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./146/binderfs") = 0 [ 96.646165][ T5516] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5518 ./strace-static-x86_64: Process 5518 attached [pid 5518] set_robust_list(0x555556c086e0, 24) = 0 [pid 5518] chdir("./147") = 0 [pid 5518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5518] setpgid(0, 0) = 0 [pid 5518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5518] write(3, "1000", 4) = 4 [pid 5518] close(3) = 0 [pid 5518] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5518] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5518] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5518] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5519], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5519 ./strace-static-x86_64: Process 5519 attached [pid 5518] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5518] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5519] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5519] memfd_create("syzkaller", 0) = 3 [pid 5519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5519] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5519] munmap(0x7f18a1998000, 4194304) = 0 [pid 5519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5519] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5519] close(3) = 0 [pid 5519] mkdir("./file0", 0777) = 0 [ 96.761259][ T5519] loop0: detected capacity change from 0 to 8192 [ 96.769873][ T5519] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 96.782901][ T5519] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 96.792094][ T5519] REISERFS (device loop0): using ordered data mode [ 96.798580][ T5519] reiserfs: using flush barriers [ 96.804286][ T5519] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 96.820539][ T5519] REISERFS (device loop0): checking transaction log (loop0) [ 96.850239][ T5519] REISERFS (device loop0): Using r5 hash to sort names [pid 5519] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5519] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5519] chdir("./file0") = 0 [pid 5519] ioctl(4, LOOP_CLR_FD) = 0 [pid 5519] close(4) = 0 [pid 5519] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] <... futex resumed>) = 0 [pid 5519] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5518] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5518] <... futex resumed>) = 0 [pid 5519] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5518] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] <... openat resumed>) = 4 [pid 5519] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] <... futex resumed>) = 0 [pid 5519] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5518] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... mmap resumed>) = 0x20000000 [pid 5518] <... futex resumed>) = 0 [pid 5518] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5518] <... futex resumed>) = 0 [pid 5519] ioctl(4, FS_IOC_GETVERSION [pid 5518] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5518] <... futex resumed>) = 0 [pid 5519] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5518] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5519] <... futex resumed>) = 0 [pid 5518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5519] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5518] exit_group(0 [pid 5519] <... futex resumed>) = ? [pid 5518] <... exit_group resumed>) = ? [pid 5519] +++ exited with 0 +++ [pid 5518] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5518, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./147/binderfs") = 0 [ 96.857259][ T5519] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5521 ./strace-static-x86_64: Process 5521 attached [pid 5521] set_robust_list(0x555556c086e0, 24) = 0 [pid 5521] chdir("./148") = 0 [pid 5521] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5521] setpgid(0, 0) = 0 [pid 5521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5521] write(3, "1000", 4) = 4 [pid 5521] close(3) = 0 [pid 5521] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5521] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5521] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5521] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5522 attached , parent_tid=[5522], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5522 [pid 5521] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5521] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5522] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5522] memfd_create("syzkaller", 0) = 3 [pid 5522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5522] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5522] munmap(0x7f18a1998000, 4194304) = 0 [pid 5522] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5522] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5522] close(3) = 0 [pid 5522] mkdir("./file0", 0777) = 0 [ 96.954049][ T5522] loop0: detected capacity change from 0 to 8192 [ 96.962458][ T5522] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 96.975597][ T5522] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 96.985103][ T5522] REISERFS (device loop0): using ordered data mode [ 96.991681][ T5522] reiserfs: using flush barriers [ 96.997405][ T5522] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 97.013674][ T5522] REISERFS (device loop0): checking transaction log (loop0) [ 97.040402][ T5522] REISERFS (device loop0): Using r5 hash to sort names [pid 5522] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5522] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5522] chdir("./file0") = 0 [pid 5522] ioctl(4, LOOP_CLR_FD) = 0 [pid 5522] close(4) = 0 [pid 5522] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5521] <... futex resumed>) = 0 [pid 5522] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5521] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] <... openat resumed>) = 4 [pid 5521] <... futex resumed>) = 0 [pid 5521] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5522] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... futex resumed>) = 0 [pid 5521] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] <... futex resumed>) = 1 [pid 5521] <... futex resumed>) = 0 [pid 5522] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5521] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5522] <... mmap resumed>) = 0x20000000 [pid 5522] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... futex resumed>) = 0 [pid 5521] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5521] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5522] <... futex resumed>) = 1 [pid 5522] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5522] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5521] <... futex resumed>) = 0 [pid 5521] exit_group(0) = ? [pid 5522] <... futex resumed>) = ? [pid 5522] +++ exited with 0 +++ [pid 5521] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5521, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./148/binderfs") = 0 [ 97.047474][ T5522] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5524 ./strace-static-x86_64: Process 5524 attached [pid 5524] set_robust_list(0x555556c086e0, 24) = 0 [pid 5524] chdir("./149") = 0 [pid 5524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5524] setpgid(0, 0) = 0 [pid 5524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5524] write(3, "1000", 4) = 4 [pid 5524] close(3) = 0 [pid 5524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5524] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5524] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5524] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5525 attached , parent_tid=[5525], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5525 [pid 5525] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5525] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5524] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5525] <... futex resumed>) = 0 [pid 5524] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5525] memfd_create("syzkaller", 0) = 3 [pid 5525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5525] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5525] munmap(0x7f18a1998000, 4194304) = 0 [pid 5525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5525] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5525] close(3) = 0 [pid 5525] mkdir("./file0", 0777) = 0 [ 97.146586][ T5525] loop0: detected capacity change from 0 to 8192 [ 97.156099][ T5525] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 97.169206][ T5525] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 97.178466][ T5525] REISERFS (device loop0): using ordered data mode [ 97.185035][ T5525] reiserfs: using flush barriers [ 97.190686][ T5525] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 97.207031][ T5525] REISERFS (device loop0): checking transaction log (loop0) [ 97.235912][ T5525] REISERFS (device loop0): Using r5 hash to sort names [pid 5525] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5525] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5525] chdir("./file0") = 0 [pid 5525] ioctl(4, LOOP_CLR_FD) = 0 [pid 5525] close(4) = 0 [pid 5525] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... futex resumed>) = 1 [pid 5525] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5525] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... futex resumed>) = 1 [pid 5525] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5525] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5524] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5524] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5525] <... futex resumed>) = 1 [pid 5525] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5525] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5524] <... futex resumed>) = 0 [pid 5524] exit_group(0) = ? [pid 5525] <... futex resumed>) = ? [pid 5525] +++ exited with 0 +++ [pid 5524] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5524, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./149/binderfs") = 0 [ 97.242942][ T5525] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5527 attached , child_tidptr=0x555556c086d0) = 5527 [pid 5527] set_robust_list(0x555556c086e0, 24) = 0 [pid 5527] chdir("./150") = 0 [pid 5527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5527] setpgid(0, 0) = 0 [pid 5527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5527] write(3, "1000", 4) = 4 [pid 5527] close(3) = 0 [pid 5527] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5527] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5527] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5527] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5528 attached , parent_tid=[5528], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5528 [pid 5528] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5528] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5527] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5528] memfd_create("syzkaller", 0) = 3 [pid 5528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5527] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5528] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5528] munmap(0x7f18a1998000, 4194304) = 0 [pid 5528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5528] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5528] close(3) = 0 [pid 5528] mkdir("./file0", 0777) = 0 [ 97.348389][ T5528] loop0: detected capacity change from 0 to 8192 [ 97.356763][ T5528] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 97.369880][ T5528] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 97.379235][ T5528] REISERFS (device loop0): using ordered data mode [ 97.385957][ T5528] reiserfs: using flush barriers [ 97.391515][ T5528] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 97.408014][ T5528] REISERFS (device loop0): checking transaction log (loop0) [ 97.437507][ T5528] REISERFS (device loop0): Using r5 hash to sort names [pid 5528] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5528] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5528] chdir("./file0") = 0 [pid 5528] ioctl(4, LOOP_CLR_FD) = 0 [pid 5528] close(4) = 0 [pid 5528] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] <... futex resumed>) = 0 [pid 5528] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5527] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] <... futex resumed>) = 0 [pid 5528] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5528] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] <... futex resumed>) = 0 [pid 5527] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5527] <... futex resumed>) = 0 [pid 5527] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] <... mmap resumed>) = 0x20000000 [pid 5528] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5527] <... futex resumed>) = 0 [pid 5528] ioctl(4, FS_IOC_GETVERSION [pid 5527] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5527] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5528] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5528] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5527] <... futex resumed>) = 0 [pid 5527] exit_group(0 [pid 5528] <... futex resumed>) = ? [pid 5527] <... exit_group resumed>) = ? [pid 5528] +++ exited with 0 +++ [pid 5527] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5527, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./150/binderfs") = 0 [ 97.444530][ T5528] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5530 ./strace-static-x86_64: Process 5530 attached [pid 5530] set_robust_list(0x555556c086e0, 24) = 0 [pid 5530] chdir("./151") = 0 [pid 5530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5530] setpgid(0, 0) = 0 [pid 5530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5530] write(3, "1000", 4) = 4 [pid 5530] close(3) = 0 [pid 5530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5530] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5530] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5530] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5531], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5531 [pid 5530] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5531 attached [pid 5531] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5531] memfd_create("syzkaller", 0) = 3 [pid 5531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5531] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5531] munmap(0x7f18a1998000, 4194304) = 0 [pid 5531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5531] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5531] close(3) = 0 [pid 5531] mkdir("./file0", 0777) = 0 [ 97.533866][ T5531] loop0: detected capacity change from 0 to 8192 [ 97.543225][ T5531] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 97.556355][ T5531] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 97.565711][ T5531] REISERFS (device loop0): using ordered data mode [ 97.572397][ T5531] reiserfs: using flush barriers [ 97.577906][ T5531] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 97.594509][ T5531] REISERFS (device loop0): checking transaction log (loop0) [pid 5531] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5531] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5531] chdir("./file0") = 0 [pid 5531] ioctl(4, LOOP_CLR_FD) = 0 [pid 5531] close(4) = 0 [pid 5531] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 0 [pid 5530] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5530] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] <... futex resumed>) = 1 [pid 5531] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5531] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5530] <... futex resumed>) = 0 [pid 5530] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5531] <... futex resumed>) = 1 [pid 5530] <... futex resumed>) = 0 [pid 5531] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5530] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] <... mmap resumed>) = 0x20000000 [pid 5531] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5530] <... futex resumed>) = 0 [pid 5531] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5530] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5530] <... futex resumed>) = 0 [pid 5531] ioctl(4, FS_IOC_GETVERSION [pid 5530] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5531] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5531] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5530] <... futex resumed>) = 0 [pid 5531] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5530] exit_group(0 [pid 5531] <... futex resumed>) = ? [pid 5530] <... exit_group resumed>) = ? [pid 5531] +++ exited with 0 +++ [pid 5530] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5530, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./151/binderfs") = 0 [ 97.625693][ T5531] REISERFS (device loop0): Using r5 hash to sort names [ 97.632709][ T5531] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5533 ./strace-static-x86_64: Process 5533 attached [pid 5533] set_robust_list(0x555556c086e0, 24) = 0 [pid 5533] chdir("./152") = 0 [pid 5533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5533] setpgid(0, 0) = 0 [pid 5533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5533] write(3, "1000", 4) = 4 [pid 5533] close(3) = 0 [pid 5533] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5533] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5533] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5533] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5534], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5534 ./strace-static-x86_64: Process 5534 attached [pid 5533] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5534] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5534] memfd_create("syzkaller", 0) = 3 [pid 5534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5534] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5534] munmap(0x7f18a1998000, 4194304) = 0 [pid 5534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5534] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5534] close(3) = 0 [pid 5534] mkdir("./file0", 0777) = 0 [ 97.733773][ T5534] loop0: detected capacity change from 0 to 8192 [ 97.742508][ T5534] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 97.755512][ T5534] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 97.765002][ T5534] REISERFS (device loop0): using ordered data mode [ 97.771496][ T5534] reiserfs: using flush barriers [ 97.777120][ T5534] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 97.793469][ T5534] REISERFS (device loop0): checking transaction log (loop0) [ 97.823013][ T5534] REISERFS (device loop0): Using r5 hash to sort names [pid 5534] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5534] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5534] chdir("./file0") = 0 [pid 5534] ioctl(4, LOOP_CLR_FD) = 0 [pid 5534] close(4) = 0 [pid 5534] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5533] <... futex resumed>) = 0 [pid 5534] <... futex resumed>) = 1 [pid 5533] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5534] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5533] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5534] <... openat resumed>) = 4 [pid 5534] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5533] <... futex resumed>) = 0 [pid 5533] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5534] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5534] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5533] <... futex resumed>) = 0 [pid 5533] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5533] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5534] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5534] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5533] <... futex resumed>) = 0 [pid 5533] exit_group(0) = ? [pid 5534] +++ exited with 0 +++ [pid 5533] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5533, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./152/binderfs") = 0 [ 97.830158][ T5534] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5536 attached [pid 5536] set_robust_list(0x555556c086e0, 24) = 0 [pid 5536] chdir("./153") = 0 [pid 5536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5536] setpgid(0, 0) = 0 [pid 5536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5536] write(3, "1000", 4) = 4 [pid 5536] close(3) = 0 [pid 5536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5536] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5536] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5536] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5537], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5537 [pid 5536] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5537 attached [pid 5537] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5537] memfd_create("syzkaller", 0) = 3 [pid 5537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5067] <... clone resumed>, child_tidptr=0x555556c086d0) = 5536 [pid 5537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5537] munmap(0x7f18a1998000, 4194304) = 0 [pid 5537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5537] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5537] close(3) = 0 [pid 5537] mkdir("./file0", 0777) = 0 [ 97.940666][ T5537] loop0: detected capacity change from 0 to 8192 [ 97.950251][ T5537] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 97.963266][ T5537] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 97.972523][ T5537] REISERFS (device loop0): using ordered data mode [ 97.979023][ T5537] reiserfs: using flush barriers [ 97.984636][ T5537] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 98.001007][ T5537] REISERFS (device loop0): checking transaction log (loop0) [ 98.028440][ T5537] REISERFS (device loop0): Using r5 hash to sort names [pid 5537] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5537] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5537] chdir("./file0") = 0 [pid 5537] ioctl(4, LOOP_CLR_FD) = 0 [pid 5537] close(4) = 0 [pid 5537] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5536] <... futex resumed>) = 0 [pid 5537] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5536] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] <... futex resumed>) = 0 [pid 5536] <... futex resumed>) = 1 [pid 5537] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5536] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5537] <... openat resumed>) = 4 [pid 5537] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5537] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5536] <... futex resumed>) = 0 [pid 5536] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] <... futex resumed>) = 0 [pid 5536] <... futex resumed>) = 1 [pid 5537] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5536] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5537] <... mmap resumed>) = 0x20000000 [pid 5537] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5536] <... futex resumed>) = 0 [pid 5536] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5537] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5537] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5536] <... futex resumed>) = 0 [pid 5537] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5536] exit_group(0 [pid 5537] <... futex resumed>) = ? [pid 5536] <... exit_group resumed>) = ? [pid 5537] +++ exited with 0 +++ [pid 5536] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5536, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./153/binderfs") = 0 [ 98.035516][ T5537] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5539 ./strace-static-x86_64: Process 5539 attached [pid 5539] set_robust_list(0x555556c086e0, 24) = 0 [pid 5539] chdir("./154") = 0 [pid 5539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5539] setpgid(0, 0) = 0 [pid 5539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5539] write(3, "1000", 4) = 4 [pid 5539] close(3) = 0 [pid 5539] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5539] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5539] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5539] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5540], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5540 [pid 5539] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5540 attached [pid 5540] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5540] memfd_create("syzkaller", 0) = 3 [pid 5540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5540] munmap(0x7f18a1998000, 4194304) = 0 [pid 5540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5540] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5540] close(3) = 0 [pid 5540] mkdir("./file0", 0777) = 0 [ 98.124138][ T5540] loop0: detected capacity change from 0 to 8192 [ 98.133662][ T5540] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 98.146906][ T5540] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 98.156283][ T5540] REISERFS (device loop0): using ordered data mode [ 98.162992][ T5540] reiserfs: using flush barriers [ 98.168592][ T5540] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 98.185020][ T5540] REISERFS (device loop0): checking transaction log (loop0) [ 98.212413][ T5540] REISERFS (device loop0): Using r5 hash to sort names [pid 5540] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5540] chdir("./file0") = 0 [pid 5540] ioctl(4, LOOP_CLR_FD) = 0 [pid 5540] close(4) = 0 [pid 5540] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] <... futex resumed>) = 0 [pid 5540] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5539] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5540] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5540] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] <... futex resumed>) = 0 [pid 5540] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5539] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5540] <... futex resumed>) = 0 [pid 5539] <... futex resumed>) = 1 [pid 5540] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5539] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... mmap resumed>) = 0x20000000 [pid 5540] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5540] <... futex resumed>) = 1 [pid 5539] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5540] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] <... futex resumed>) = 0 [pid 5540] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5539] exit_group(0 [pid 5540] <... futex resumed>) = ? [pid 5539] <... exit_group resumed>) = ? [pid 5540] +++ exited with 0 +++ [pid 5539] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5539, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./154/binderfs") = 0 [ 98.219468][ T5540] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./154/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5542 ./strace-static-x86_64: Process 5542 attached [pid 5542] set_robust_list(0x555556c086e0, 24) = 0 [pid 5542] chdir("./155") = 0 [pid 5542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5542] setpgid(0, 0) = 0 [pid 5542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5542] write(3, "1000", 4) = 4 [pid 5542] close(3) = 0 [pid 5542] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5542] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5542] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5542] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5543], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5543 [pid 5542] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5543 attached [pid 5543] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5543] memfd_create("syzkaller", 0) = 3 [pid 5543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5543] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5543] munmap(0x7f18a1998000, 4194304) = 0 [pid 5543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5543] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5543] close(3) = 0 [pid 5543] mkdir("./file0", 0777) = 0 [ 98.310052][ T5543] loop0: detected capacity change from 0 to 8192 [ 98.319770][ T5543] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 98.332875][ T5543] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 98.342133][ T5543] REISERFS (device loop0): using ordered data mode [ 98.348633][ T5543] reiserfs: using flush barriers [ 98.354186][ T5543] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 98.370491][ T5543] REISERFS (device loop0): checking transaction log (loop0) [pid 5543] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5543] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5543] chdir("./file0") = 0 [pid 5543] ioctl(4, LOOP_CLR_FD) = 0 [pid 5543] close(4) = 0 [pid 5543] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5542] <... futex resumed>) = 0 [pid 5542] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5543] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5543] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5542] <... futex resumed>) = 0 [pid 5542] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5542] <... futex resumed>) = 0 [pid 5543] <... mmap resumed>) = 0x20000000 [pid 5542] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5543] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5543] <... futex resumed>) = 0 [pid 5542] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] ioctl(4, FS_IOC_GETVERSION [pid 5542] <... futex resumed>) = 0 [pid 5542] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5543] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5543] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5542] <... futex resumed>) = 0 [pid 5543] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] exit_group(0) = ? [pid 5543] <... futex resumed>) = ? [pid 5543] +++ exited with 0 +++ [pid 5542] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5542, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./155/binderfs") = 0 [ 98.400950][ T5543] REISERFS (device loop0): Using r5 hash to sort names [ 98.408130][ T5543] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./155/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5545 attached [pid 5545] set_robust_list(0x555556c086e0, 24) = 0 [pid 5545] chdir("./156" [pid 5067] <... clone resumed>, child_tidptr=0x555556c086d0) = 5545 [pid 5545] <... chdir resumed>) = 0 [pid 5545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5545] setpgid(0, 0) = 0 [pid 5545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5545] write(3, "1000", 4) = 4 [pid 5545] close(3) = 0 [pid 5545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5545] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5545] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5545] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5546 attached , parent_tid=[5546], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5546 [pid 5546] set_robust_list(0x7f18a9db89e0, 24 [pid 5545] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] <... set_robust_list resumed>) = 0 [pid 5545] <... futex resumed>) = 0 [pid 5545] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5546] memfd_create("syzkaller", 0) = 3 [pid 5546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5546] munmap(0x7f18a1998000, 4194304) = 0 [pid 5546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5546] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5546] close(3) = 0 [pid 5546] mkdir("./file0", 0777) = 0 [ 98.523629][ T5546] loop0: detected capacity change from 0 to 8192 [ 98.533168][ T5546] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 98.546193][ T5546] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 98.555515][ T5546] REISERFS (device loop0): using ordered data mode [ 98.562050][ T5546] reiserfs: using flush barriers [ 98.567498][ T5546] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 98.583810][ T5546] REISERFS (device loop0): checking transaction log (loop0) [pid 5546] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5546] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5546] chdir("./file0") = 0 [pid 5546] ioctl(4, LOOP_CLR_FD) = 0 [pid 5546] close(4) = 0 [pid 5546] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5545] <... futex resumed>) = 0 [pid 5546] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5545] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5546] <... openat resumed>) = 4 [pid 5545] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5546] <... futex resumed>) = 0 [pid 5545] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5545] <... futex resumed>) = 0 [pid 5545] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] <... mmap resumed>) = 0x20000000 [pid 5546] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5545] <... futex resumed>) = 0 [pid 5546] ioctl(4, FS_IOC_GETVERSION [pid 5545] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5545] <... futex resumed>) = 0 [pid 5546] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5545] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] <... futex resumed>) = 0 [pid 5545] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5546] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5545] exit_group(0 [pid 5546] <... futex resumed>) = ? [pid 5545] <... exit_group resumed>) = ? [pid 5546] +++ exited with 0 +++ [pid 5545] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5545, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./156/binderfs") = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./156/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 [ 98.615887][ T5546] REISERFS (device loop0): Using r5 hash to sort names [ 98.623143][ T5546] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5548 ./strace-static-x86_64: Process 5548 attached [pid 5548] set_robust_list(0x555556c086e0, 24) = 0 [pid 5548] chdir("./157") = 0 [pid 5548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5548] setpgid(0, 0) = 0 [pid 5548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5548] write(3, "1000", 4) = 4 [pid 5548] close(3) = 0 [pid 5548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5548] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5548] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5548] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5549 attached , parent_tid=[5549], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5549 [pid 5548] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5549] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5549] memfd_create("syzkaller", 0) = 3 [pid 5549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5549] munmap(0x7f18a1998000, 4194304) = 0 [pid 5549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5549] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5549] close(3) = 0 [pid 5549] mkdir("./file0", 0777) = 0 [ 98.722544][ T5549] loop0: detected capacity change from 0 to 8192 [ 98.730900][ T5549] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 98.744140][ T5549] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 98.753536][ T5549] REISERFS (device loop0): using ordered data mode [ 98.760052][ T5549] reiserfs: using flush barriers [ 98.765784][ T5549] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 98.782319][ T5549] REISERFS (device loop0): checking transaction log (loop0) [pid 5549] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5549] chdir("./file0") = 0 [pid 5549] ioctl(4, LOOP_CLR_FD) = 0 [pid 5549] close(4) = 0 [pid 5549] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... futex resumed>) = 0 [pid 5548] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... futex resumed>) = 1 [pid 5549] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5549] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... futex resumed>) = 0 [pid 5548] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... futex resumed>) = 1 [pid 5549] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5549] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... futex resumed>) = 0 [pid 5548] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... futex resumed>) = 1 [pid 5549] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5549] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5548] <... futex resumed>) = 0 [pid 5548] exit_group(0) = ? [pid 5549] <... futex resumed>) = ? [pid 5549] +++ exited with 0 +++ [pid 5548] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5548, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./157/binderfs") = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./157/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5551 ./strace-static-x86_64: Process 5551 attached [pid 5551] set_robust_list(0x555556c086e0, 24) = 0 [pid 5551] chdir("./158") = 0 [pid 5551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5551] setpgid(0, 0) = 0 [pid 5551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5551] write(3, "1000", 4) = 4 [pid 5551] close(3) = 0 [ 98.815921][ T5549] REISERFS (device loop0): Using r5 hash to sort names [ 98.823086][ T5549] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5551] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5551] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5551] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5552], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5552 ./strace-static-x86_64: Process 5552 attached [pid 5551] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5552] set_robust_list(0x7f18a9db89e0, 24 [pid 5551] <... futex resumed>) = 0 [pid 5551] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5552] <... set_robust_list resumed>) = 0 [pid 5552] memfd_create("syzkaller", 0) = 3 [pid 5552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5552] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5552] munmap(0x7f18a1998000, 4194304) = 0 [pid 5552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5552] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5552] close(3) = 0 [pid 5552] mkdir("./file0", 0777) = 0 [ 98.916838][ T5552] loop0: detected capacity change from 0 to 8192 [ 98.925783][ T5552] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 98.939054][ T5552] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 98.948352][ T5552] REISERFS (device loop0): using ordered data mode [ 98.954963][ T5552] reiserfs: using flush barriers [ 98.960500][ T5552] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 98.976907][ T5552] REISERFS (device loop0): checking transaction log (loop0) [ 99.006744][ T5552] REISERFS (device loop0): Using r5 hash to sort names [pid 5552] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5552] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5552] chdir("./file0") = 0 [pid 5552] ioctl(4, LOOP_CLR_FD) = 0 [pid 5552] close(4) = 0 [pid 5552] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5551] <... futex resumed>) = 0 [pid 5552] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5551] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5552] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5551] <... futex resumed>) = 0 [pid 5552] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5551] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5552] <... openat resumed>) = 4 [pid 5552] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5551] <... futex resumed>) = 0 [pid 5552] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5551] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5552] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5551] <... futex resumed>) = 0 [pid 5552] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5551] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5552] <... mmap resumed>) = 0x20000000 [pid 5552] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5551] <... futex resumed>) = 0 [pid 5551] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5551] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5552] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5552] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5551] <... futex resumed>) = 0 [pid 5551] exit_group(0) = ? [pid 5552] +++ exited with 0 +++ [pid 5551] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5551, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./158/binderfs") = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./158/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 99.013817][ T5552] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5554 ./strace-static-x86_64: Process 5554 attached [pid 5554] set_robust_list(0x555556c086e0, 24) = 0 [pid 5554] chdir("./159") = 0 [pid 5554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5554] setpgid(0, 0) = 0 [pid 5554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5554] write(3, "1000", 4) = 4 [pid 5554] close(3) = 0 [pid 5554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5554] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5554] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5554] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5555], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5555 [pid 5554] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5554] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5555 attached [pid 5555] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5555] memfd_create("syzkaller", 0) = 3 [pid 5555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5555] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5555] munmap(0x7f18a1998000, 4194304) = 0 [pid 5555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5555] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5555] close(3) = 0 [pid 5555] mkdir("./file0", 0777) = 0 [ 99.113080][ T5555] loop0: detected capacity change from 0 to 8192 [ 99.122991][ T5555] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 99.135969][ T5555] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 99.145249][ T5555] REISERFS (device loop0): using ordered data mode [ 99.151749][ T5555] reiserfs: using flush barriers [ 99.157444][ T5555] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 99.173892][ T5555] REISERFS (device loop0): checking transaction log (loop0) [pid 5555] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5555] chdir("./file0") = 0 [pid 5555] ioctl(4, LOOP_CLR_FD) = 0 [pid 5555] close(4) = 0 [pid 5555] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] <... futex resumed>) = 0 [pid 5555] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5554] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5555] <... futex resumed>) = 0 [pid 5555] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5555] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] <... futex resumed>) = 0 [pid 5555] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5554] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5554] <... futex resumed>) = 0 [pid 5555] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5554] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5555] <... mmap resumed>) = 0x20000000 [pid 5555] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] <... futex resumed>) = 0 [pid 5555] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5554] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5554] <... futex resumed>) = 0 [pid 5555] ioctl(4, FS_IOC_GETVERSION [pid 5554] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5555] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5555] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] <... futex resumed>) = 0 [pid 5555] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5554] exit_group(0 [pid 5555] <... futex resumed>) = ? [pid 5554] <... exit_group resumed>) = ? [pid 5555] +++ exited with 0 +++ [pid 5554] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5554, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./159/binderfs") = 0 [ 99.203848][ T5555] REISERFS (device loop0): Using r5 hash to sort names [ 99.211001][ T5555] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./159/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5557 ./strace-static-x86_64: Process 5557 attached [pid 5557] set_robust_list(0x555556c086e0, 24) = 0 [pid 5557] chdir("./160") = 0 [pid 5557] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5557] setpgid(0, 0) = 0 [pid 5557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5557] write(3, "1000", 4) = 4 [pid 5557] close(3) = 0 [pid 5557] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5557] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5557] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5557] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5558], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5558 [pid 5557] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5557] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5558 attached [pid 5558] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5558] memfd_create("syzkaller", 0) = 3 [pid 5558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5558] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5558] munmap(0x7f18a1998000, 4194304) = 0 [pid 5558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5558] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5558] close(3) = 0 [pid 5558] mkdir("./file0", 0777) = 0 [ 99.318389][ T5558] loop0: detected capacity change from 0 to 8192 [ 99.327900][ T5558] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 99.340935][ T5558] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 99.350112][ T5558] REISERFS (device loop0): using ordered data mode [ 99.356639][ T5558] reiserfs: using flush barriers [ 99.362167][ T5558] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 99.378474][ T5558] REISERFS (device loop0): checking transaction log (loop0) [ 99.405530][ T5558] REISERFS (device loop0): Using r5 hash to sort names [pid 5558] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5558] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5558] chdir("./file0") = 0 [pid 5558] ioctl(4, LOOP_CLR_FD) = 0 [pid 5558] close(4) = 0 [pid 5558] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5557] <... futex resumed>) = 0 [pid 5557] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5557] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5558] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5558] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5557] <... futex resumed>) = 0 [pid 5557] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5557] <... futex resumed>) = 0 [pid 5557] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5558] <... mmap resumed>) = 0x20000000 [pid 5558] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5557] <... futex resumed>) = 0 [pid 5557] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] ioctl(4, FS_IOC_GETVERSION [pid 5557] <... futex resumed>) = 0 [pid 5558] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5557] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5558] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5558] <... futex resumed>) = 0 [pid 5558] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5557] exit_group(0 [pid 5558] <... futex resumed>) = ? [pid 5557] <... exit_group resumed>) = ? [pid 5558] +++ exited with 0 +++ [pid 5557] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5557, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./160/binderfs") = 0 [ 99.412631][ T5558] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./160/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5560 ./strace-static-x86_64: Process 5560 attached [pid 5560] set_robust_list(0x555556c086e0, 24) = 0 [pid 5560] chdir("./161") = 0 [pid 5560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5560] setpgid(0, 0) = 0 [pid 5560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5560] write(3, "1000", 4) = 4 [pid 5560] close(3) = 0 [pid 5560] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5560] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5560] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5560] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5561 attached [pid 5561] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5561] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5560] <... clone resumed>, parent_tid=[5561], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5561 [pid 5560] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5561] <... futex resumed>) = 0 [pid 5561] memfd_create("syzkaller", 0) = 3 [pid 5561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5560] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5561] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5561] munmap(0x7f18a1998000, 4194304) = 0 [pid 5561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5561] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5561] close(3) = 0 [pid 5561] mkdir("./file0", 0777) = 0 [ 99.516120][ T5561] loop0: detected capacity change from 0 to 8192 [ 99.524574][ T5561] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 99.537812][ T5561] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 99.547265][ T5561] REISERFS (device loop0): using ordered data mode [ 99.553821][ T5561] reiserfs: using flush barriers [ 99.559293][ T5561] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 99.575636][ T5561] REISERFS (device loop0): checking transaction log (loop0) [pid 5561] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5561] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5561] chdir("./file0") = 0 [pid 5561] ioctl(4, LOOP_CLR_FD) = 0 [pid 5561] close(4) = 0 [pid 5561] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = 0 [pid 5560] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] <... futex resumed>) = 1 [pid 5561] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5561] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = 0 [pid 5560] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] <... futex resumed>) = 1 [pid 5561] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5561] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = 0 [pid 5560] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] <... futex resumed>) = 1 [pid 5561] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5561] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = 0 [pid 5560] exit_group(0) = ? [pid 5561] <... futex resumed>) = ? [pid 5561] +++ exited with 0 +++ [pid 5560] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5560, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./161/binderfs") = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./161/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 99.607595][ T5561] REISERFS (device loop0): Using r5 hash to sort names [ 99.614726][ T5561] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5563 ./strace-static-x86_64: Process 5563 attached [pid 5563] set_robust_list(0x555556c086e0, 24) = 0 [pid 5563] chdir("./162") = 0 [pid 5563] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5563] setpgid(0, 0) = 0 [pid 5563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5563] write(3, "1000", 4) = 4 [pid 5563] close(3) = 0 [pid 5563] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5563] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5563] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5563] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5564 attached , parent_tid=[5564], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5564 [pid 5564] set_robust_list(0x7f18a9db89e0, 24 [pid 5563] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] <... set_robust_list resumed>) = 0 [pid 5563] <... futex resumed>) = 0 [pid 5563] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5564] memfd_create("syzkaller", 0) = 3 [pid 5564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5564] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5564] munmap(0x7f18a1998000, 4194304) = 0 [pid 5564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5564] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5564] close(3) = 0 [pid 5564] mkdir("./file0", 0777) = 0 [ 99.709478][ T5564] loop0: detected capacity change from 0 to 8192 [ 99.718088][ T5564] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 99.731161][ T5564] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 99.740373][ T5564] REISERFS (device loop0): using ordered data mode [ 99.746903][ T5564] reiserfs: using flush barriers [ 99.752693][ T5564] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 99.768968][ T5564] REISERFS (device loop0): checking transaction log (loop0) [ 99.796447][ T5564] REISERFS (device loop0): Using r5 hash to sort names [pid 5564] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5564] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5564] chdir("./file0") = 0 [pid 5564] ioctl(4, LOOP_CLR_FD) = 0 [pid 5564] close(4) = 0 [pid 5564] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5564] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5563] <... futex resumed>) = 0 [pid 5563] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] <... futex resumed>) = 0 [pid 5563] <... futex resumed>) = 1 [pid 5564] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5563] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5564] <... openat resumed>) = 4 [pid 5564] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] <... futex resumed>) = 0 [pid 5564] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5563] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5563] <... futex resumed>) = 0 [pid 5564] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5563] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5564] <... mmap resumed>) = 0x20000000 [pid 5564] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] <... futex resumed>) = 0 [pid 5563] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5563] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5564] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5564] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5563] <... futex resumed>) = 0 [pid 5563] exit_group(0) = ? [pid 5564] +++ exited with 0 +++ [pid 5563] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5563, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./162/binderfs") = 0 [ 99.803520][ T5564] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./162/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5566 ./strace-static-x86_64: Process 5566 attached [pid 5566] set_robust_list(0x555556c086e0, 24) = 0 [pid 5566] chdir("./163") = 0 [pid 5566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5566] setpgid(0, 0) = 0 [pid 5566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5566] write(3, "1000", 4) = 4 [pid 5566] close(3) = 0 [pid 5566] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5566] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5566] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5566] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5567 attached [pid 5567] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5567] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5566] <... clone resumed>, parent_tid=[5567], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5567 [pid 5566] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5567] <... futex resumed>) = 0 [pid 5566] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5567] memfd_create("syzkaller", 0) = 3 [pid 5567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5567] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5567] munmap(0x7f18a1998000, 4194304) = 0 [pid 5567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5567] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5567] close(3) = 0 [pid 5567] mkdir("./file0", 0777) = 0 [ 99.917306][ T5567] loop0: detected capacity change from 0 to 8192 [ 99.925823][ T5567] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 99.939014][ T5567] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 99.948329][ T5567] REISERFS (device loop0): using ordered data mode [ 99.954977][ T5567] reiserfs: using flush barriers [ 99.960636][ T5567] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 99.977057][ T5567] REISERFS (device loop0): checking transaction log (loop0) [ 100.006745][ T5567] REISERFS (device loop0): Using r5 hash to sort names [pid 5567] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5567] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5567] chdir("./file0") = 0 [pid 5567] ioctl(4, LOOP_CLR_FD) = 0 [pid 5567] close(4) = 0 [pid 5567] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = 0 [pid 5566] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5566] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5567] <... futex resumed>) = 1 [pid 5567] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5567] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = 0 [pid 5566] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5566] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5567] <... futex resumed>) = 1 [pid 5567] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5567] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = 0 [pid 5566] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5566] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5567] <... futex resumed>) = 1 [pid 5567] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5567] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = 0 [pid 5566] exit_group(0) = ? [pid 5567] <... futex resumed>) = ? [pid 5567] +++ exited with 0 +++ [pid 5566] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5566, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./163/binderfs") = 0 [ 100.013868][ T5567] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./163/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./163/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5569 ./strace-static-x86_64: Process 5569 attached [pid 5569] set_robust_list(0x555556c086e0, 24) = 0 [pid 5569] chdir("./164") = 0 [pid 5569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5569] setpgid(0, 0) = 0 [pid 5569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5569] write(3, "1000", 4) = 4 [pid 5569] close(3) = 0 [pid 5569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5569] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5569] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5569] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5570 attached [pid 5570] set_robust_list(0x7f18a9db89e0, 24 [pid 5569] <... clone resumed>, parent_tid=[5570], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5570 [pid 5570] <... set_robust_list resumed>) = 0 [pid 5569] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5570] memfd_create("syzkaller", 0) = 3 [pid 5570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5570] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5570] munmap(0x7f18a1998000, 4194304) = 0 [pid 5570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5570] close(3) = 0 [pid 5570] mkdir("./file0", 0777) = 0 [ 100.105444][ T5570] loop0: detected capacity change from 0 to 8192 [ 100.115060][ T5570] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 100.128114][ T5570] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 100.137373][ T5570] REISERFS (device loop0): using ordered data mode [ 100.143906][ T5570] reiserfs: using flush barriers [ 100.149363][ T5570] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 100.165731][ T5570] REISERFS (device loop0): checking transaction log (loop0) [pid 5570] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5570] chdir("./file0") = 0 [pid 5570] ioctl(4, LOOP_CLR_FD) = 0 [pid 5570] close(4) = 0 [pid 5570] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] <... futex resumed>) = 0 [pid 5569] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5569] <... futex resumed>) = 0 [pid 5569] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5570] <... openat resumed>) = 4 [pid 5570] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] <... futex resumed>) = 0 [pid 5570] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5569] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5570] <... mmap resumed>) = 0x20000000 [pid 5570] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] <... futex resumed>) = 0 [pid 5569] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5570] ioctl(4, FS_IOC_GETVERSION [pid 5569] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5570] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5570] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] <... futex resumed>) = 0 [pid 5570] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5569] exit_group(0) = ? [pid 5570] <... futex resumed>) = ? [pid 5570] +++ exited with 0 +++ [pid 5569] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5569, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./164/binderfs") = 0 [ 100.196461][ T5570] REISERFS (device loop0): Using r5 hash to sort names [ 100.203550][ T5570] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./164/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5572 ./strace-static-x86_64: Process 5572 attached [pid 5572] set_robust_list(0x555556c086e0, 24) = 0 [pid 5572] chdir("./165") = 0 [pid 5572] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5572] setpgid(0, 0) = 0 [pid 5572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5572] write(3, "1000", 4) = 4 [pid 5572] close(3) = 0 [pid 5572] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5572] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5572] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5572] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5573 attached [pid 5573] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5573] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5572] <... clone resumed>, parent_tid=[5573], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5573 [pid 5572] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5573] <... futex resumed>) = 0 [pid 5573] memfd_create("syzkaller", 0) = 3 [pid 5573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5572] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5573] <... mmap resumed>) = 0x7f18a1998000 [pid 5573] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5573] munmap(0x7f18a1998000, 4194304) = 0 [pid 5573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5573] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5573] close(3) = 0 [pid 5573] mkdir("./file0", 0777) = 0 [ 100.318741][ T5573] loop0: detected capacity change from 0 to 8192 [ 100.327451][ T5573] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 100.340548][ T5573] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 100.349904][ T5573] REISERFS (device loop0): using ordered data mode [ 100.356545][ T5573] reiserfs: using flush barriers [ 100.362248][ T5573] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 100.378500][ T5573] REISERFS (device loop0): checking transaction log (loop0) [ 100.408587][ T5573] REISERFS (device loop0): Using r5 hash to sort names [pid 5573] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5573] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5573] chdir("./file0") = 0 [pid 5573] ioctl(4, LOOP_CLR_FD) = 0 [pid 5573] close(4) = 0 [pid 5573] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... futex resumed>) = 0 [pid 5572] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5572] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] <... futex resumed>) = 1 [pid 5573] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5573] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... futex resumed>) = 0 [pid 5572] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5572] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] <... futex resumed>) = 1 [pid 5573] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5573] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... futex resumed>) = 0 [pid 5572] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5572] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] <... futex resumed>) = 1 [pid 5573] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5573] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... futex resumed>) = 0 [pid 5573] <... futex resumed>) = 1 [pid 5572] exit_group(0) = ? [pid 5573] +++ exited with 0 +++ [pid 5572] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5572, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./165/binderfs") = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./165/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 [ 100.415606][ T5573] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5575 ./strace-static-x86_64: Process 5575 attached [pid 5575] set_robust_list(0x555556c086e0, 24) = 0 [pid 5575] chdir("./166") = 0 [pid 5575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5575] setpgid(0, 0) = 0 [pid 5575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5575] write(3, "1000", 4) = 4 [pid 5575] close(3) = 0 [pid 5575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5575] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5575] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5575] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5576], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5576 [pid 5575] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5576 attached [pid 5576] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5576] memfd_create("syzkaller", 0) = 3 [pid 5576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5576] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5576] munmap(0x7f18a1998000, 4194304) = 0 [pid 5576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5576] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5576] close(3) = 0 [pid 5576] mkdir("./file0", 0777) = 0 [ 100.519572][ T5576] loop0: detected capacity change from 0 to 8192 [ 100.527975][ T5576] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 100.541005][ T5576] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 100.550311][ T5576] REISERFS (device loop0): using ordered data mode [ 100.556871][ T5576] reiserfs: using flush barriers [ 100.562570][ T5576] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 100.578839][ T5576] REISERFS (device loop0): checking transaction log (loop0) [ 100.605463][ T5576] REISERFS (device loop0): Using r5 hash to sort names [pid 5576] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5576] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5576] chdir("./file0") = 0 [pid 5576] ioctl(4, LOOP_CLR_FD) = 0 [pid 5576] close(4) = 0 [pid 5576] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] <... futex resumed>) = 0 [pid 5575] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] <... futex resumed>) = 1 [pid 5576] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5576] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] <... futex resumed>) = 0 [pid 5575] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] <... futex resumed>) = 1 [pid 5576] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5576] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] <... futex resumed>) = 0 [pid 5575] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5576] <... futex resumed>) = 1 [pid 5576] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5576] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] <... futex resumed>) = 0 [pid 5575] exit_group(0) = ? [pid 5576] <... futex resumed>) = ? [pid 5576] +++ exited with 0 +++ [pid 5575] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5575, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./166/binderfs") = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./166/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5578 ./strace-static-x86_64: Process 5578 attached [pid 5578] set_robust_list(0x555556c086e0, 24) = 0 [pid 5578] chdir("./167") = 0 [pid 5578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5578] setpgid(0, 0) = 0 [pid 5578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 100.612630][ T5576] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5578] write(3, "1000", 4) = 4 [pid 5578] close(3) = 0 [pid 5578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5578] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5578] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5578] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5579], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5579 [pid 5578] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5579 attached [pid 5579] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5579] memfd_create("syzkaller", 0) = 3 [pid 5579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5579] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5579] munmap(0x7f18a1998000, 4194304) = 0 [pid 5579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5579] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5579] close(3) = 0 [pid 5579] mkdir("./file0", 0777) = 0 [ 100.700818][ T5579] loop0: detected capacity change from 0 to 8192 [ 100.709755][ T5579] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 100.722823][ T5579] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 100.732112][ T5579] REISERFS (device loop0): using ordered data mode [ 100.738613][ T5579] reiserfs: using flush barriers [ 100.744217][ T5579] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 100.760664][ T5579] REISERFS (device loop0): checking transaction log (loop0) [pid 5579] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5579] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5579] chdir("./file0") = 0 [pid 5579] ioctl(4, LOOP_CLR_FD) = 0 [pid 5579] close(4) = 0 [pid 5579] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] <... futex resumed>) = 0 [pid 5578] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5579] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] <... futex resumed>) = 0 [pid 5579] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5578] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5579] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5579] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] <... futex resumed>) = 0 [pid 5579] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5578] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5578] <... futex resumed>) = 0 [pid 5579] ioctl(4, FS_IOC_GETVERSION [pid 5578] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5579] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] <... futex resumed>) = 0 [pid 5579] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5578] exit_group(0 [pid 5579] <... futex resumed>) = ? [pid 5578] <... exit_group resumed>) = ? [pid 5579] +++ exited with 0 +++ [pid 5578] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5578, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./167/binderfs") = 0 [ 100.795156][ T5579] REISERFS (device loop0): Using r5 hash to sort names [ 100.802200][ T5579] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./167/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5581 ./strace-static-x86_64: Process 5581 attached [pid 5581] set_robust_list(0x555556c086e0, 24) = 0 [pid 5581] chdir("./168") = 0 [pid 5581] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5581] setpgid(0, 0) = 0 [pid 5581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5581] write(3, "1000", 4) = 4 [pid 5581] close(3) = 0 [pid 5581] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5581] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5581] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5581] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5582], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5582 [pid 5581] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5581] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5582 attached [pid 5582] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5582] memfd_create("syzkaller", 0) = 3 [pid 5582] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5582] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5582] munmap(0x7f18a1998000, 4194304) = 0 [pid 5582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5582] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5582] close(3) = 0 [pid 5582] mkdir("./file0", 0777) = 0 [ 100.909267][ T5582] loop0: detected capacity change from 0 to 8192 [ 100.917882][ T5582] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 100.931164][ T5582] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 100.940551][ T5582] REISERFS (device loop0): using ordered data mode [ 100.947241][ T5582] reiserfs: using flush barriers [ 100.952914][ T5582] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 100.969228][ T5582] REISERFS (device loop0): checking transaction log (loop0) [ 100.997659][ T5582] REISERFS (device loop0): Using r5 hash to sort names [pid 5582] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5582] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5582] chdir("./file0") = 0 [pid 5582] ioctl(4, LOOP_CLR_FD) = 0 [pid 5582] close(4) = 0 [pid 5582] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5581] <... futex resumed>) = 0 [pid 5582] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5581] <... futex resumed>) = 0 [pid 5582] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5581] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] <... openat resumed>) = 4 [pid 5582] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5582] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] <... futex resumed>) = 0 [pid 5581] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] <... futex resumed>) = 0 [pid 5581] <... futex resumed>) = 1 [pid 5582] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5581] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] <... mmap resumed>) = 0x20000000 [pid 5582] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5581] <... futex resumed>) = 0 [pid 5582] ioctl(4, FS_IOC_GETVERSION [pid 5581] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5581] <... futex resumed>) = 0 [pid 5582] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] <... futex resumed>) = 0 [pid 5581] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5582] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5581] exit_group(0 [pid 5582] <... futex resumed>) = ? [pid 5581] <... exit_group resumed>) = ? [pid 5582] +++ exited with 0 +++ [pid 5581] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5581, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./168/binderfs") = 0 [ 101.004781][ T5582] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./168/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5584 ./strace-static-x86_64: Process 5584 attached [pid 5584] set_robust_list(0x555556c086e0, 24) = 0 [pid 5584] chdir("./169") = 0 [pid 5584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5584] setpgid(0, 0) = 0 [pid 5584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5584] write(3, "1000", 4) = 4 [pid 5584] close(3) = 0 [pid 5584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5584] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5584] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5584] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5585], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5585 [pid 5584] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5585 attached [pid 5585] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5585] memfd_create("syzkaller", 0) = 3 [pid 5585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5585] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5585] munmap(0x7f18a1998000, 4194304) = 0 [pid 5585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5585] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5585] close(3) = 0 [pid 5585] mkdir("./file0", 0777) = 0 [ 101.112231][ T5585] loop0: detected capacity change from 0 to 8192 [ 101.120705][ T5585] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 101.133864][ T5585] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 101.143239][ T5585] REISERFS (device loop0): using ordered data mode [ 101.149735][ T5585] reiserfs: using flush barriers [ 101.155410][ T5585] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 101.171832][ T5585] REISERFS (device loop0): checking transaction log (loop0) [ 101.201533][ T5585] REISERFS (device loop0): Using r5 hash to sort names [pid 5585] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5585] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5585] chdir("./file0") = 0 [pid 5585] ioctl(4, LOOP_CLR_FD) = 0 [pid 5585] close(4) = 0 [pid 5585] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] <... futex resumed>) = 0 [pid 5585] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5584] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5585] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5584] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5585] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5585] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] <... futex resumed>) = 0 [pid 5584] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5585] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5585] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] <... futex resumed>) = 0 [pid 5585] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5584] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5585] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5584] <... futex resumed>) = 0 [pid 5584] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5585] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [ 101.208778][ T5585] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5585] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] <... futex resumed>) = 0 [pid 5584] exit_group(0) = ? [pid 5585] +++ exited with 0 +++ [pid 5584] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5584, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./169/binderfs") = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./169/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5587 ./strace-static-x86_64: Process 5587 attached [pid 5587] set_robust_list(0x555556c086e0, 24) = 0 [pid 5587] chdir("./170") = 0 [pid 5587] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5587] setpgid(0, 0) = 0 [pid 5587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5587] write(3, "1000", 4) = 4 [pid 5587] close(3) = 0 [pid 5587] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5587] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5587] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5587] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5588 attached , parent_tid=[5588], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5588 [pid 5588] set_robust_list(0x7f18a9db89e0, 24 [pid 5587] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5588] <... set_robust_list resumed>) = 0 [pid 5587] <... futex resumed>) = 0 [pid 5587] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5588] memfd_create("syzkaller", 0) = 3 [pid 5588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5588] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5588] munmap(0x7f18a1998000, 4194304) = 0 [pid 5588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5588] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5588] close(3) = 0 [pid 5588] mkdir("./file0", 0777) = 0 [ 101.337284][ T5588] loop0: detected capacity change from 0 to 8192 [ 101.346524][ T5588] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 101.359810][ T5588] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 101.369146][ T5588] REISERFS (device loop0): using ordered data mode [ 101.375743][ T5588] reiserfs: using flush barriers [ 101.381391][ T5588] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 101.397864][ T5588] REISERFS (device loop0): checking transaction log (loop0) [pid 5588] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5588] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5588] chdir("./file0") = 0 [pid 5588] ioctl(4, LOOP_CLR_FD) = 0 [pid 5588] close(4) = 0 [pid 5588] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5587] <... futex resumed>) = 0 [pid 5587] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5587] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5588] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5588] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5587] <... futex resumed>) = 0 [pid 5587] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5588] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5587] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5588] <... mmap resumed>) = 0x20000000 [pid 5588] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5587] <... futex resumed>) = 0 [pid 5588] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5587] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5587] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5588] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5588] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5587] <... futex resumed>) = 0 [pid 5587] exit_group(0) = ? [pid 5588] +++ exited with 0 +++ [pid 5587] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5587, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./170/binderfs") = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./170/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 101.428421][ T5588] REISERFS (device loop0): Using r5 hash to sort names [ 101.435856][ T5588] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5590 ./strace-static-x86_64: Process 5590 attached [pid 5590] set_robust_list(0x555556c086e0, 24) = 0 [pid 5590] chdir("./171") = 0 [pid 5590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5590] setpgid(0, 0) = 0 [pid 5590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5590] write(3, "1000", 4) = 4 [pid 5590] close(3) = 0 [pid 5590] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5590] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5590] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5590] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5591 attached , parent_tid=[5591], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5591 [pid 5591] set_robust_list(0x7f18a9db89e0, 24 [pid 5590] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... set_robust_list resumed>) = 0 [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5591] memfd_create("syzkaller", 0) = 3 [pid 5591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5591] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5591] munmap(0x7f18a1998000, 4194304) = 0 [pid 5591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5591] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5591] close(3) = 0 [pid 5591] mkdir("./file0", 0777) = 0 [ 101.528570][ T5591] loop0: detected capacity change from 0 to 8192 [ 101.537257][ T5591] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 101.550446][ T5591] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 101.559924][ T5591] REISERFS (device loop0): using ordered data mode [ 101.566556][ T5591] reiserfs: using flush barriers [ 101.572176][ T5591] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 101.588522][ T5591] REISERFS (device loop0): checking transaction log (loop0) [ 101.615743][ T5591] REISERFS (device loop0): Using r5 hash to sort names [pid 5591] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5591] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5591] chdir("./file0") = 0 [pid 5591] ioctl(4, LOOP_CLR_FD) = 0 [pid 5591] close(4) = 0 [pid 5591] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] <... futex resumed>) = 0 [pid 5591] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5590] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] <... openat resumed>) = 4 [pid 5591] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5590] <... futex resumed>) = 0 [pid 5591] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5590] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5591] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5590] <... futex resumed>) = 0 [pid 5590] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5590] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5591] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5591] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5590] <... futex resumed>) = 0 [pid 5591] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5590] exit_group(0 [pid 5591] <... futex resumed>) = ? [pid 5590] <... exit_group resumed>) = ? [pid 5591] +++ exited with 0 +++ [pid 5590] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5590, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./171/binderfs") = 0 [ 101.622835][ T5591] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./171/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5593 attached , child_tidptr=0x555556c086d0) = 5593 [pid 5593] set_robust_list(0x555556c086e0, 24) = 0 [pid 5593] chdir("./172") = 0 [pid 5593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5593] setpgid(0, 0) = 0 [pid 5593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5593] write(3, "1000", 4) = 4 [pid 5593] close(3) = 0 [pid 5593] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5593] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5593] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5593] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5594], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5594 ./strace-static-x86_64: Process 5594 attached [pid 5593] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5594] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5594] memfd_create("syzkaller", 0) = 3 [pid 5594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5594] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5594] munmap(0x7f18a1998000, 4194304) = 0 [pid 5594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5594] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5594] close(3) = 0 [pid 5594] mkdir("./file0", 0777) = 0 [ 101.717013][ T5594] loop0: detected capacity change from 0 to 8192 [ 101.726583][ T5594] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 101.739817][ T5594] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 101.749122][ T5594] REISERFS (device loop0): using ordered data mode [ 101.755801][ T5594] reiserfs: using flush barriers [ 101.761327][ T5594] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 101.777828][ T5594] REISERFS (device loop0): checking transaction log (loop0) [ 101.806841][ T5594] REISERFS (device loop0): Using r5 hash to sort names [pid 5594] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5594] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5594] chdir("./file0") = 0 [pid 5594] ioctl(4, LOOP_CLR_FD) = 0 [pid 5594] close(4) = 0 [pid 5594] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] <... futex resumed>) = 0 [pid 5593] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5594] <... futex resumed>) = 1 [pid 5594] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5594] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] <... futex resumed>) = 0 [pid 5593] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5594] <... futex resumed>) = 1 [pid 5594] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5594] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] <... futex resumed>) = 0 [pid 5593] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5593] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5594] <... futex resumed>) = 1 [pid 5594] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5594] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] <... futex resumed>) = 0 [pid 5593] exit_group(0) = ? [pid 5594] <... futex resumed>) = ? [pid 5594] +++ exited with 0 +++ [pid 5593] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5593, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./172/binderfs") = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./172/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5596 ./strace-static-x86_64: Process 5596 attached [pid 5596] set_robust_list(0x555556c086e0, 24) = 0 [pid 5596] chdir("./173") = 0 [pid 5596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5596] setpgid(0, 0) = 0 [pid 5596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5596] write(3, "1000", 4) = 4 [pid 5596] close(3) = 0 [pid 5596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5596] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5596] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5596] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5597], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5597 [pid 5596] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5597 attached [pid 5597] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5597] memfd_create("syzkaller", 0) = 3 [pid 5597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [ 101.814036][ T5594] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5597] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5597] munmap(0x7f18a1998000, 4194304) = 0 [pid 5597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5597] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5597] close(3) = 0 [pid 5597] mkdir("./file0", 0777) = 0 [ 101.904450][ T5597] loop0: detected capacity change from 0 to 8192 [ 101.913490][ T5597] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 101.926713][ T5597] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 101.936394][ T5597] REISERFS (device loop0): using ordered data mode [ 101.943044][ T5597] reiserfs: using flush barriers [ 101.948707][ T5597] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 101.965198][ T5597] REISERFS (device loop0): checking transaction log (loop0) [ 101.994305][ T5597] REISERFS (device loop0): Using r5 hash to sort names [pid 5597] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5597] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5597] chdir("./file0") = 0 [pid 5597] ioctl(4, LOOP_CLR_FD) = 0 [pid 5597] close(4) = 0 [pid 5597] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] <... futex resumed>) = 1 [pid 5597] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5597] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] <... futex resumed>) = 1 [pid 5597] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5597] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... futex resumed>) = 0 [pid 5596] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5597] <... futex resumed>) = 1 [pid 5597] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5597] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... futex resumed>) = 0 [pid 5596] exit_group(0) = ? [pid 5597] <... futex resumed>) = ? [pid 5597] +++ exited with 0 +++ [pid 5596] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5596, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./173/binderfs") = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./173/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5599 ./strace-static-x86_64: Process 5599 attached [pid 5599] set_robust_list(0x555556c086e0, 24) = 0 [ 102.001491][ T5597] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5599] chdir("./174") = 0 [pid 5599] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5599] setpgid(0, 0) = 0 [pid 5599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5599] write(3, "1000", 4) = 4 [pid 5599] close(3) = 0 [pid 5599] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5599] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5599] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5599] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5600], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5600 [pid 5599] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5599] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5600 attached [pid 5600] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5600] memfd_create("syzkaller", 0) = 3 [pid 5600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5600] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5600] munmap(0x7f18a1998000, 4194304) = 0 [pid 5600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5600] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5600] close(3) = 0 [pid 5600] mkdir("./file0", 0777) = 0 [ 102.098408][ T5600] loop0: detected capacity change from 0 to 8192 [ 102.107065][ T5600] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 102.121231][ T5600] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 102.130637][ T5600] REISERFS (device loop0): using ordered data mode [ 102.137356][ T5600] reiserfs: using flush barriers [ 102.143028][ T5600] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 102.159531][ T5600] REISERFS (device loop0): checking transaction log (loop0) [ 102.187761][ T5600] REISERFS (device loop0): Using r5 hash to sort names [pid 5600] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5600] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5600] chdir("./file0") = 0 [pid 5600] ioctl(4, LOOP_CLR_FD) = 0 [pid 5600] close(4) = 0 [pid 5600] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5599] <... futex resumed>) = 0 [pid 5599] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5599] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5600] <... futex resumed>) = 0 [pid 5600] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5600] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5599] <... futex resumed>) = 0 [pid 5599] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5599] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5600] <... futex resumed>) = 1 [pid 5600] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5600] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5599] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5599] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5600] <... futex resumed>) = 0 [pid 5599] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5600] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5600] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5599] <... futex resumed>) = 0 [pid 5600] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5599] exit_group(0) = ? [pid 5600] <... futex resumed>) = ? [pid 5600] +++ exited with 0 +++ [pid 5599] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5599, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./174/binderfs") = 0 [ 102.194804][ T5600] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./174/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5602 attached [pid 5602] set_robust_list(0x555556c086e0, 24) = 0 [pid 5602] chdir("./175") = 0 [pid 5602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5602] setpgid(0, 0) = 0 [pid 5602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5602] write(3, "1000", 4) = 4 [pid 5602] close(3) = 0 [pid 5602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5602] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5602] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5602] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5603], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5603 [pid 5602] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5603 attached [pid 5603] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5603] memfd_create("syzkaller", 0) = 3 [pid 5603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5067] <... clone resumed>, child_tidptr=0x555556c086d0) = 5602 [pid 5603] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5603] munmap(0x7f18a1998000, 4194304) = 0 [pid 5603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5603] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5603] close(3) = 0 [pid 5603] mkdir("./file0", 0777) = 0 [ 102.287414][ T5603] loop0: detected capacity change from 0 to 8192 [ 102.297805][ T5603] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 102.311173][ T5603] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 102.320788][ T5603] REISERFS (device loop0): using ordered data mode [ 102.327379][ T5603] reiserfs: using flush barriers [ 102.332956][ T5603] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 102.349202][ T5603] REISERFS (device loop0): checking transaction log (loop0) [pid 5603] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5603] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5603] chdir("./file0") = 0 [pid 5603] ioctl(4, LOOP_CLR_FD) = 0 [pid 5603] close(4) = 0 [pid 5603] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... futex resumed>) = 0 [pid 5603] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5603] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] <... futex resumed>) = 0 [pid 5603] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5603] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] <... futex resumed>) = 0 [pid 5602] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5603] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5603] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] <... futex resumed>) = 0 [pid 5602] exit_group(0) = ? [pid 5603] +++ exited with 0 +++ [pid 5602] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5602, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} --- umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./175/binderfs") = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./175/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 [ 102.380043][ T5603] REISERFS (device loop0): Using r5 hash to sort names [ 102.387098][ T5603] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. rmdir("./175/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5605 ./strace-static-x86_64: Process 5605 attached [pid 5605] set_robust_list(0x555556c086e0, 24) = 0 [pid 5605] chdir("./176") = 0 [pid 5605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5605] setpgid(0, 0) = 0 [pid 5605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5605] write(3, "1000", 4) = 4 [pid 5605] close(3) = 0 [pid 5605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5605] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5605] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5605] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5606 attached , parent_tid=[5606], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5606 [pid 5605] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5605] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5606] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5606] memfd_create("syzkaller", 0) = 3 [pid 5606] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5606] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5606] munmap(0x7f18a1998000, 4194304) = 0 [pid 5606] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5606] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5606] close(3) = 0 [pid 5606] mkdir("./file0", 0777) = 0 [ 102.484889][ T5606] loop0: detected capacity change from 0 to 8192 [ 102.493406][ T5606] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 102.506409][ T5606] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 102.515593][ T5606] REISERFS (device loop0): using ordered data mode [ 102.522129][ T5606] reiserfs: using flush barriers [ 102.527718][ T5606] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 102.544095][ T5606] REISERFS (device loop0): checking transaction log (loop0) [ 102.571599][ T5606] REISERFS (device loop0): Using r5 hash to sort names [pid 5606] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5606] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5606] chdir("./file0") = 0 [pid 5606] ioctl(4, LOOP_CLR_FD) = 0 [pid 5606] close(4) = 0 [pid 5606] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5605] <... futex resumed>) = 0 [pid 5606] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5605] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5605] <... futex resumed>) = 0 [pid 5606] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5605] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5606] <... openat resumed>) = 4 [pid 5606] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5605] <... futex resumed>) = 0 [pid 5606] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5605] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5605] <... futex resumed>) = 0 [pid 5606] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5605] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5606] <... mmap resumed>) = 0x20000000 [pid 5606] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5605] <... futex resumed>) = 0 [pid 5606] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5605] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5605] <... futex resumed>) = 0 [pid 5606] ioctl(4, FS_IOC_GETVERSION [pid 5605] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5606] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5606] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5605] <... futex resumed>) = 0 [pid 5606] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5605] exit_group(0 [pid 5606] <... futex resumed>) = ? [pid 5605] <... exit_group resumed>) = ? [pid 5606] +++ exited with 0 +++ [pid 5605] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5605, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./176/binderfs") = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./176/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 [ 102.579386][ T5606] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5608 ./strace-static-x86_64: Process 5608 attached [pid 5608] set_robust_list(0x555556c086e0, 24) = 0 [pid 5608] chdir("./177") = 0 [pid 5608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5608] setpgid(0, 0) = 0 [pid 5608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5608] write(3, "1000", 4) = 4 [pid 5608] close(3) = 0 [pid 5608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5608] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5608] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5608] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5609], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5609 [pid 5608] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5609 attached [pid 5609] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5609] memfd_create("syzkaller", 0) = 3 [pid 5609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5609] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5609] munmap(0x7f18a1998000, 4194304) = 0 [pid 5609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5609] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5609] close(3) = 0 [pid 5609] mkdir("./file0", 0777) = 0 [ 102.666980][ T5609] loop0: detected capacity change from 0 to 8192 [ 102.676303][ T5609] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 102.689390][ T5609] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 102.698653][ T5609] REISERFS (device loop0): using ordered data mode [ 102.705221][ T5609] reiserfs: using flush barriers [ 102.710800][ T5609] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 102.727171][ T5609] REISERFS (device loop0): checking transaction log (loop0) [ 102.757006][ T5609] REISERFS (device loop0): Using r5 hash to sort names [pid 5609] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5609] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5609] chdir("./file0") = 0 [pid 5609] ioctl(4, LOOP_CLR_FD) = 0 [pid 5609] close(4) = 0 [pid 5609] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... futex resumed>) = 1 [pid 5609] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5609] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... futex resumed>) = 1 [pid 5609] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5609] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... futex resumed>) = 1 [pid 5609] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5609] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = 0 [pid 5608] exit_group(0) = ? [pid 5609] <... futex resumed>) = ? [pid 5609] +++ exited with 0 +++ [pid 5608] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5608, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./177/binderfs") = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./177/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5611 attached , child_tidptr=0x555556c086d0) = 5611 [pid 5611] set_robust_list(0x555556c086e0, 24) = 0 [pid 5611] chdir("./178") = 0 [pid 5611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5611] setpgid(0, 0) = 0 [pid 5611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5611] write(3, "1000", 4) = 4 [pid 5611] close(3) = 0 [pid 5611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5611] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5611] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5611] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5612 attached [pid 5612] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5612] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] <... clone resumed>, parent_tid=[5612], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5612 [ 102.764198][ T5609] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5611] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5612] <... futex resumed>) = 0 [pid 5611] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5612] memfd_create("syzkaller", 0) = 3 [pid 5612] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5612] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5612] munmap(0x7f18a1998000, 4194304) = 0 [pid 5612] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5612] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5612] close(3) = 0 [pid 5612] mkdir("./file0", 0777) = 0 [ 102.854612][ T5612] loop0: detected capacity change from 0 to 8192 [ 102.863225][ T5612] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 102.876337][ T5612] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 102.885593][ T5612] REISERFS (device loop0): using ordered data mode [ 102.892143][ T5612] reiserfs: using flush barriers [ 102.897692][ T5612] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 102.914026][ T5612] REISERFS (device loop0): checking transaction log (loop0) [ 102.943652][ T5612] REISERFS (device loop0): Using r5 hash to sort names [pid 5612] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5612] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5612] chdir("./file0") = 0 [pid 5612] ioctl(4, LOOP_CLR_FD) = 0 [pid 5612] close(4) = 0 [pid 5612] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = 0 [pid 5611] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] <... futex resumed>) = 1 [pid 5612] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5612] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = 0 [pid 5611] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] <... futex resumed>) = 1 [pid 5612] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5612] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = 0 [pid 5611] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] <... futex resumed>) = 1 [pid 5612] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5612] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = 0 [pid 5611] exit_group(0) = ? [pid 5612] <... futex resumed>) = ? [pid 5612] +++ exited with 0 +++ [pid 5611] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5611, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./178/binderfs") = 0 [ 102.950861][ T5612] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./178/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5614 attached , child_tidptr=0x555556c086d0) = 5614 [pid 5614] set_robust_list(0x555556c086e0, 24) = 0 [pid 5614] chdir("./179") = 0 [pid 5614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5614] setpgid(0, 0) = 0 [pid 5614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5614] write(3, "1000", 4) = 4 [pid 5614] close(3) = 0 [pid 5614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5614] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5614] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5614] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5615 attached [pid 5615] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5615] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] <... clone resumed>, parent_tid=[5615], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5615 [pid 5614] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] <... futex resumed>) = 0 [pid 5614] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5615] memfd_create("syzkaller", 0) = 3 [pid 5615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5615] munmap(0x7f18a1998000, 4194304) = 0 [pid 5615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5615] close(3) = 0 [pid 5615] mkdir("./file0", 0777) = 0 [ 103.057497][ T5615] loop0: detected capacity change from 0 to 8192 [ 103.066030][ T5615] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 103.079101][ T5615] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 103.088453][ T5615] REISERFS (device loop0): using ordered data mode [ 103.095076][ T5615] reiserfs: using flush barriers [ 103.100602][ T5615] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 103.117223][ T5615] REISERFS (device loop0): checking transaction log (loop0) [pid 5615] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5615] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5615] chdir("./file0") = 0 [pid 5615] ioctl(4, LOOP_CLR_FD) = 0 [pid 5615] close(4) = 0 [pid 5615] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... futex resumed>) = 0 [pid 5614] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5614] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... futex resumed>) = 1 [pid 5615] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5615] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... futex resumed>) = 0 [pid 5614] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5614] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... futex resumed>) = 1 [pid 5615] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5615] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... futex resumed>) = 0 [pid 5614] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5614] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... futex resumed>) = 1 [pid 5615] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5615] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... futex resumed>) = 0 [pid 5614] exit_group(0) = ? [pid 5615] <... futex resumed>) = ? [pid 5615] +++ exited with 0 +++ [pid 5614] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5614, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./179/binderfs") = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./179/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 [ 103.149444][ T5615] REISERFS (device loop0): Using r5 hash to sort names [ 103.156621][ T5615] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5617 ./strace-static-x86_64: Process 5617 attached [pid 5617] set_robust_list(0x555556c086e0, 24) = 0 [pid 5617] chdir("./180") = 0 [pid 5617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5617] setpgid(0, 0) = 0 [pid 5617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5617] write(3, "1000", 4) = 4 [pid 5617] close(3) = 0 [pid 5617] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5617] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5617] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5617] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5618 attached [pid 5618] set_robust_list(0x7f18a9db89e0, 24 [pid 5617] <... clone resumed>, parent_tid=[5618], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5618 [pid 5618] <... set_robust_list resumed>) = 0 [pid 5617] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5618] memfd_create("syzkaller", 0) = 3 [pid 5618] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5618] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5618] munmap(0x7f18a1998000, 4194304) = 0 [pid 5618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5618] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5618] close(3) = 0 [pid 5618] mkdir("./file0", 0777) = 0 [ 103.253568][ T5618] loop0: detected capacity change from 0 to 8192 [ 103.262756][ T5618] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 103.275716][ T5618] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 103.285075][ T5618] REISERFS (device loop0): using ordered data mode [ 103.291562][ T5618] reiserfs: using flush barriers [ 103.297328][ T5618] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 103.313728][ T5618] REISERFS (device loop0): checking transaction log (loop0) [ 103.343371][ T5618] REISERFS (device loop0): Using r5 hash to sort names [pid 5618] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5618] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5618] chdir("./file0") = 0 [pid 5618] ioctl(4, LOOP_CLR_FD) = 0 [pid 5618] close(4) = 0 [pid 5618] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] <... futex resumed>) = 0 [pid 5618] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5617] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5617] <... futex resumed>) = 0 [pid 5618] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5617] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5618] <... openat resumed>) = 4 [pid 5618] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] <... futex resumed>) = 0 [pid 5618] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5617] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5617] <... futex resumed>) = 0 [pid 5618] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5617] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5618] <... mmap resumed>) = 0x20000000 [pid 5618] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] <... futex resumed>) = 0 [pid 5618] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5617] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5617] <... futex resumed>) = 0 [pid 5618] ioctl(4, FS_IOC_GETVERSION [pid 5617] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5618] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5618] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] <... futex resumed>) = 0 [pid 5618] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5617] exit_group(0 [pid 5618] <... futex resumed>) = ? [pid 5617] <... exit_group resumed>) = ? [pid 5618] +++ exited with 0 +++ [pid 5617] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5617, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./180/binderfs") = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./180/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 103.350366][ T5618] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5620 ./strace-static-x86_64: Process 5620 attached [pid 5620] set_robust_list(0x555556c086e0, 24) = 0 [pid 5620] chdir("./181") = 0 [pid 5620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5620] setpgid(0, 0) = 0 [pid 5620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5620] write(3, "1000", 4) = 4 [pid 5620] close(3) = 0 [pid 5620] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5620] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5620] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5620] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5621], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5621 ./strace-static-x86_64: Process 5621 attached [pid 5621] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5621] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] <... futex resumed>) = 0 [pid 5620] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5621] memfd_create("syzkaller", 0) = 3 [pid 5621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5621] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5621] munmap(0x7f18a1998000, 4194304) = 0 [pid 5621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5621] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5621] close(3) = 0 [pid 5621] mkdir("./file0", 0777) = 0 [ 103.456072][ T5621] loop0: detected capacity change from 0 to 8192 [ 103.464679][ T5621] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 103.477878][ T5621] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 103.487104][ T5621] REISERFS (device loop0): using ordered data mode [ 103.493638][ T5621] reiserfs: using flush barriers [ 103.499114][ T5621] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 103.515460][ T5621] REISERFS (device loop0): checking transaction log (loop0) [ 103.545607][ T5621] REISERFS (device loop0): Using r5 hash to sort names [pid 5621] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5621] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5621] chdir("./file0") = 0 [pid 5621] ioctl(4, LOOP_CLR_FD) = 0 [pid 5621] close(4) = 0 [pid 5621] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5620] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... futex resumed>) = 1 [pid 5621] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5621] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5620] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... futex resumed>) = 1 [pid 5621] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5621] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5620] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... futex resumed>) = 1 [pid 5621] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5621] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... futex resumed>) = 0 [pid 5620] exit_group(0) = ? [pid 5621] <... futex resumed>) = ? [pid 5621] +++ exited with 0 +++ [pid 5620] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5620, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./181/binderfs") = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./181/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5623 attached [pid 5623] set_robust_list(0x555556c086e0, 24) = 0 [pid 5623] chdir("./182") = 0 [pid 5623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5623] setpgid(0, 0) = 0 [pid 5623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5623] write(3, "1000", 4) = 4 [pid 5623] close(3) = 0 [pid 5623] symlink("/dev/binderfs", "./binderfs" [pid 5067] <... clone resumed>, child_tidptr=0x555556c086d0) = 5623 [pid 5623] <... symlink resumed>) = 0 [pid 5623] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5623] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5623] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5624], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5624 [pid 5623] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5624 attached [pid 5624] set_robust_list(0x7f18a9db89e0, 24) = 0 [ 103.552734][ T5621] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [pid 5624] memfd_create("syzkaller", 0) = 3 [pid 5624] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5624] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5624] munmap(0x7f18a1998000, 4194304) = 0 [pid 5624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5624] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5624] close(3) = 0 [pid 5624] mkdir("./file0", 0777) = 0 [ 103.643407][ T5624] loop0: detected capacity change from 0 to 8192 [ 103.653061][ T5624] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 103.666043][ T5624] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 103.675387][ T5624] REISERFS (device loop0): using ordered data mode [ 103.681883][ T5624] reiserfs: using flush barriers [ 103.687656][ T5624] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 103.704159][ T5624] REISERFS (device loop0): checking transaction log (loop0) [ 103.732785][ T5624] REISERFS (device loop0): Using r5 hash to sort names [pid 5624] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5624] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5624] chdir("./file0") = 0 [pid 5624] ioctl(4, LOOP_CLR_FD) = 0 [pid 5624] close(4) = 0 [pid 5624] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... futex resumed>) = 0 [pid 5624] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5623] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5623] <... futex resumed>) = 0 [pid 5624] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5623] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] <... openat resumed>) = 4 [pid 5624] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... futex resumed>) = 0 [pid 5624] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5623] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] <... mmap resumed>) = 0x20000000 [pid 5624] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... futex resumed>) = 0 [pid 5623] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5624] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... futex resumed>) = 0 [pid 5623] exit_group(0) = ? [pid 5624] +++ exited with 0 +++ [pid 5623] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5623, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./182/binderfs") = 0 [ 103.739943][ T5624] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./182/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5626 ./strace-static-x86_64: Process 5626 attached [pid 5626] set_robust_list(0x555556c086e0, 24) = 0 [pid 5626] chdir("./183") = 0 [pid 5626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5626] setpgid(0, 0) = 0 [pid 5626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5626] write(3, "1000", 4) = 4 [pid 5626] close(3) = 0 [pid 5626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5626] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5626] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5626] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5627 attached , parent_tid=[5627], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5627 [pid 5626] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5627] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5627] memfd_create("syzkaller", 0) = 3 [pid 5627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5627] munmap(0x7f18a1998000, 4194304) = 0 [pid 5627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5627] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5627] close(3) = 0 [pid 5627] mkdir("./file0", 0777) = 0 [ 103.841262][ T5627] loop0: detected capacity change from 0 to 8192 [ 103.850726][ T5627] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 103.863976][ T5627] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 103.873458][ T5627] REISERFS (device loop0): using ordered data mode [ 103.879966][ T5627] reiserfs: using flush barriers [ 103.885654][ T5627] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 103.902132][ T5627] REISERFS (device loop0): checking transaction log (loop0) [ 103.930377][ T5627] REISERFS (device loop0): Using r5 hash to sort names [pid 5627] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5627] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5627] chdir("./file0") = 0 [pid 5627] ioctl(4, LOOP_CLR_FD) = 0 [pid 5627] close(4) = 0 [pid 5627] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5626] <... futex resumed>) = 0 [pid 5627] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5626] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... openat resumed>) = 4 [pid 5627] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5626] <... futex resumed>) = 0 [pid 5627] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5626] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... mmap resumed>) = 0x20000000 [pid 5627] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5626] <... futex resumed>) = 0 [pid 5627] ioctl(4, FS_IOC_GETVERSION [pid 5626] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... ioctl resumed>, 0) = -1 EFAULT (Bad address) [pid 5627] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] exit_group(0 [pid 5627] <... futex resumed>) = ? [pid 5626] <... exit_group resumed>) = ? [pid 5627] +++ exited with 0 +++ [pid 5626] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5626, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./183/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./183/binderfs") = 0 [ 103.937527][ T5627] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./183/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5629 ./strace-static-x86_64: Process 5629 attached [pid 5629] set_robust_list(0x555556c086e0, 24) = 0 [pid 5629] chdir("./184") = 0 [pid 5629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5629] setpgid(0, 0) = 0 [pid 5629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5629] write(3, "1000", 4) = 4 [pid 5629] close(3) = 0 [pid 5629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5629] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5629] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5629] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5630 attached , parent_tid=[5630], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5630 [pid 5630] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5630] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5630] <... futex resumed>) = 0 [pid 5629] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5630] memfd_create("syzkaller", 0) = 3 [pid 5630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5630] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5630] munmap(0x7f18a1998000, 4194304) = 0 [pid 5630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5630] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5630] close(3) = 0 [pid 5630] mkdir("./file0", 0777) = 0 [ 104.043740][ T5630] loop0: detected capacity change from 0 to 8192 [ 104.052720][ T5630] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 104.065982][ T5630] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 104.075393][ T5630] REISERFS (device loop0): using ordered data mode [ 104.082120][ T5630] reiserfs: using flush barriers [ 104.087891][ T5630] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 104.104387][ T5630] REISERFS (device loop0): checking transaction log (loop0) [ 104.133540][ T5630] REISERFS (device loop0): Using r5 hash to sort names [pid 5630] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5630] chdir("./file0") = 0 [pid 5630] ioctl(4, LOOP_CLR_FD) = 0 [pid 5630] close(4) = 0 [pid 5630] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... futex resumed>) = 0 [pid 5629] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] <... futex resumed>) = 1 [pid 5630] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5630] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... futex resumed>) = 0 [pid 5629] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] <... futex resumed>) = 1 [pid 5630] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5630] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5630] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] <... futex resumed>) = 0 [pid 5629] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5629] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] <... futex resumed>) = 0 [pid 5630] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5630] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5629] <... futex resumed>) = 0 [pid 5630] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] exit_group(0) = ? [pid 5630] <... futex resumed>) = ? [pid 5630] +++ exited with 0 +++ [pid 5629] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5629, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./184", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./184/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./184/binderfs") = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./184/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5632 attached [pid 5632] set_robust_list(0x555556c086e0, 24) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555556c086d0) = 5632 [pid 5632] chdir("./185") = 0 [pid 5632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5632] setpgid(0, 0) = 0 [pid 5632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5632] write(3, "1000", 4) = 4 [pid 5632] close(3) = 0 [pid 5632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5632] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5632] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5632] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5633 attached [ 104.140592][ T5630] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. , parent_tid=[5633], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5633 [pid 5633] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5633] futex(0x7f18a9e927a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] <... futex resumed>) = 0 [pid 5632] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5633] memfd_create("syzkaller", 0) = 3 [pid 5633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5633] munmap(0x7f18a1998000, 4194304) = 0 [pid 5633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5633] close(3) = 0 [pid 5633] mkdir("./file0", 0777) = 0 [ 104.233188][ T5633] loop0: detected capacity change from 0 to 8192 [ 104.242624][ T5633] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 104.255686][ T5633] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 104.264902][ T5633] REISERFS (device loop0): using ordered data mode [ 104.271403][ T5633] reiserfs: using flush barriers [ 104.276942][ T5633] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 104.293504][ T5633] REISERFS (device loop0): checking transaction log (loop0) [pid 5633] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5633] chdir("./file0") = 0 [pid 5633] ioctl(4, LOOP_CLR_FD) = 0 [pid 5633] close(4) = 0 [pid 5633] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... futex resumed>) = 1 [pid 5633] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5633] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5633] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0 [pid 5632] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... mmap resumed>) = 0x20000000 [pid 5633] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... futex resumed>) = 1 [pid 5633] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5633] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = 0 [pid 5632] exit_group(0) = ? [pid 5633] <... futex resumed>) = ? [pid 5633] +++ exited with 0 +++ [pid 5632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5632, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./185", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./185/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./185/binderfs") = 0 [ 104.323748][ T5633] REISERFS (device loop0): Using r5 hash to sort names [ 104.330814][ T5633] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./185/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556c086d0) = 5635 ./strace-static-x86_64: Process 5635 attached [pid 5635] set_robust_list(0x555556c086e0, 24) = 0 [pid 5635] chdir("./186") = 0 [pid 5635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5635] setpgid(0, 0) = 0 [pid 5635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5635] write(3, "1000", 4) = 4 [pid 5635] close(3) = 0 [pid 5635] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5635] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f18a9d98000 [pid 5635] mprotect(0x7f18a9d99000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5635] clone(child_stack=0x7f18a9db82f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5636], tls=0x7f18a9db8700, child_tidptr=0x7f18a9db89d0) = 5636 [pid 5635] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5635] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5636 attached [pid 5636] set_robust_list(0x7f18a9db89e0, 24) = 0 [pid 5636] memfd_create("syzkaller", 0) = 3 [pid 5636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f18a1998000 [pid 5636] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5636] munmap(0x7f18a1998000, 4194304) = 0 [pid 5636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5636] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5636] close(3) = 0 [pid 5636] mkdir("./file0", 0777) = 0 [ 104.426077][ T5636] loop0: detected capacity change from 0 to 8192 [ 104.434407][ T5636] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 104.447540][ T5636] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 104.456755][ T5636] REISERFS (device loop0): using ordered data mode [ 104.463284][ T5636] reiserfs: using flush barriers [ 104.468793][ T5636] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 104.485237][ T5636] REISERFS (device loop0): checking transaction log (loop0) [ 104.515601][ T5636] REISERFS (device loop0): Using r5 hash to sort names [pid 5636] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0 [pid 5636] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5636] chdir("./file0") = 0 [pid 5636] ioctl(4, LOOP_CLR_FD) = 0 [pid 5636] close(4) = 0 [pid 5636] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = 0 [pid 5635] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5635] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5636] <... futex resumed>) = 1 [pid 5636] openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5636] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = 0 [pid 5635] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5635] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5636] <... futex resumed>) = 1 [pid 5636] mmap(0x20000000, 4194304, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_NONBLOCK, 4, 0) = 0x20000000 [pid 5636] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = 0 [pid 5635] futex(0x7f18a9e927a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5635] futex(0x7f18a9e927ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5636] <... futex resumed>) = 1 [pid 5636] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address) [pid 5636] futex(0x7f18a9e927ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5635] <... futex resumed>) = 0 [pid 5635] exit_group(0) = ? [pid 5636] <... futex resumed>) = ? [pid 5636] +++ exited with 0 +++ [pid 5635] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5635, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./186", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555556c09720 /* 4 entries */, 32768) = 112 umount2("./186/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./186/binderfs") = 0 [ 104.522624][ T5636] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./186/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555556c11760 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556c11760 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/file0") = 0 getdents64(3, 0x555556c09720 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)