./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1137305061

<...>
Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts.
execve("./syz-executor1137305061", ["./syz-executor1137305061"], 0x7ffd1e719d20 /* 10 vars */) = 0
brk(NULL)                               = 0x55555575d000
brk(0x55555575dc40)                     = 0x55555575dc40
arch_prctl(ARCH_SET_FS, 0x55555575d300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1137305061", 4096) = 28
brk(0x55555577ec40)                     = 0x55555577ec40
brk(0x55555577f000)                     = 0x55555577f000
mprotect(0x7f2d193c2000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 3635
mkdir("./syzkaller.8yf8S5", 0700)       = 0
chmod("./syzkaller.8yf8S5", 0777)       = 0
chdir("./syzkaller.8yf8S5")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3636 attached
, child_tidptr=0x55555575d5d0) = 3636
[pid  3636] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3636] setsid()                    = 1
[pid  3636] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3636] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3636] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3636] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3636] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  3636] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3636] unshare(CLONE_NEWNS)        = 0
[pid  3636] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3636] unshare(CLONE_NEWIPC)       = 0
[pid  3636] unshare(CLONE_NEWCGROUP)    = 0
[pid  3636] unshare(CLONE_NEWUTS)       = 0
[pid  3636] unshare(CLONE_SYSVSEM)      = 0
[pid  3636] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3636] write(3, "16777216", 8)     = 8
[pid  3636] close(3)                    = 0
[pid  3636] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3636] write(3, "536870912", 9)    = 9
[pid  3636] close(3)                    = 0
[pid  3636] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3636] write(3, "1024", 4)         = 4
[pid  3636] close(3)                    = 0
[pid  3636] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3636] write(3, "8192", 4)         = 4
[pid  3636] close(3)                    = 0
[pid  3636] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3636] write(3, "1024", 4)         = 4
[pid  3636] close(3)                    = 0
[pid  3636] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3636] write(3, "1024", 4)         = 4
[pid  3636] close(3)                    = 0
[pid  3636] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3636] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3636] close(3)                    = 0
[pid  3636] getpid()                    = 1
[pid  3636] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3636] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3636] unshare(CLONE_NEWNET)       = 0
[pid  3636] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  3636] write(3, "0 65535", 7)      = 7
[pid  3636] close(3)                    = 0
[pid  3636] mkdir("/dev/binderfs", 0777) = 0
[pid  3636] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3636] mkdir("./0", 0777)          = 0
[pid  3636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  3636] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  3636] close(3)                    = 0
[pid  3636] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555575d5d0) = 2
./strace-static-x86_64: Process 3638 attached
[pid  3638] chdir("./0")                = 0
[pid  3638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3638] setpgid(0, 0)               = 0
[pid  3638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3638] write(3, "1000", 4)         = 4
[pid  3638] close(3)                    = 0
[pid  3638] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3638] memfd_create("syzkaller", 0) = 3
[pid  3638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d10f04000
[pid  3638] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  3638] munmap(0x7f2d10f04000, 4194304) = 0
[pid  3638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3638] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3638] close(3)                    = 0
[pid  3638] mkdir("./file0", 0777)      = 0
syzkaller login: [   48.032922][ T3638] loop0: detected capacity change from 0 to 8192
[   48.044479][ T3638] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   48.057516][ T3638] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   48.066808][ T3638] REISERFS (device loop0): using ordered data mode
[   48.073419][ T3638] reiserfs: using flush barriers
[   48.079365][ T3638] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   48.095763][ T3638] REISERFS (device loop0): checking transaction log (loop0)
[pid  3638] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  3638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3638] chdir("./file0")            = 0
[pid  3638] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3638] close(4)                    = 0
[pid  3638] creat("./bus", 000)         = 4
[pid  3638] writev(4, [{iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3641}], 1) = 3641
[pid  3638] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid  3638] dup2(5, 4)                  = 4
[pid  3638] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid  3638] ftruncate(6, 2199023251456) = -1 EFBIG (File too large)
[pid  3638] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=2, si_uid=0} ---
[   48.137806][ T3638] REISERFS (device loop0): Using r5 hash to sort names
[   48.145371][ T3638] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  3638] +++ killed by SIGXFSZ (core dumped) +++
[pid  3636] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=2, si_uid=0, si_status=SIGXFSZ, si_utime=0, si_stime=22} ---
[pid  3636] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  3636] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 4 entries */, 32768) = 112
[pid  3636] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  3636] unlink("./0/binderfs")      = 0
[pid  3636] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  3636] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  3636] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(4, 0x555555766660 /* 2 entries */, 32768) = 48
[pid  3636] getdents64(4, 0x555555766660 /* 0 entries */, 32768) = 0
[pid  3636] close(4)                    = 0
[pid  3636] rmdir("./0/file0")          = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 0 entries */, 32768) = 0
[pid  3636] close(3)                    = 0
[pid  3636] rmdir("./0")                = 0
[pid  3636] mkdir("./1", 0777)          = 0
[pid  3636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  3636] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  3636] close(3)                    = 0
[pid  3636] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3640 attached
, child_tidptr=0x55555575d5d0) = 3
[pid  3640] chdir("./1")                = 0
[pid  3640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3640] setpgid(0, 0)               = 0
[pid  3640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3640] write(3, "1000", 4)         = 4
[pid  3640] close(3)                    = 0
[pid  3640] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3640] memfd_create("syzkaller", 0) = 3
[pid  3640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d10f04000
[pid  3640] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  3640] munmap(0x7f2d10f04000, 4194304) = 0
[pid  3640] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3640] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3640] close(3)                    = 0
[pid  3640] mkdir("./file0", 0777)      = 0
[   48.391842][ T3640] loop0: detected capacity change from 0 to 8192
[   48.402220][ T3640] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   48.415203][ T3640] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   48.424587][ T3640] REISERFS (device loop0): using ordered data mode
[   48.431162][ T3640] reiserfs: using flush barriers
[   48.437096][ T3640] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   48.453497][ T3640] REISERFS (device loop0): checking transaction log (loop0)
[pid  3640] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  3640] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3640] chdir("./file0")            = 0
[pid  3640] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3640] close(4)                    = 0
[pid  3640] creat("./bus", 000)         = 4
[pid  3640] writev(4, [{iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3641}], 1) = 3641
[pid  3640] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid  3640] dup2(5, 4)                  = 4
[pid  3640] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid  3640] ftruncate(6, 2199023251456) = -1 EFBIG (File too large)
[pid  3640] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=3, si_uid=0} ---
[   48.489741][ T3640] REISERFS (device loop0): Using r5 hash to sort names
[   48.497188][ T3640] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  3640] +++ killed by SIGXFSZ (core dumped) +++
[pid  3636] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=3, si_uid=0, si_status=SIGXFSZ, si_utime=0, si_stime=20} ---
[pid  3636] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  3636] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  3636] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 4 entries */, 32768) = 112
[pid  3636] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  3636] unlink("./1/binderfs")      = 0
[pid  3636] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  3636] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  3636] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(4, 0x555555766660 /* 2 entries */, 32768) = 48
[pid  3636] getdents64(4, 0x555555766660 /* 0 entries */, 32768) = 0
[pid  3636] close(4)                    = 0
[pid  3636] rmdir("./1/file0")          = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 0 entries */, 32768) = 0
[pid  3636] close(3)                    = 0
[pid  3636] rmdir("./1")                = 0
[pid  3636] mkdir("./2", 0777)          = 0
[pid  3636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  3636] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  3636] close(3)                    = 0
[pid  3636] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555575d5d0) = 4
./strace-static-x86_64: Process 3642 attached
[pid  3642] chdir("./2")                = 0
[pid  3642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3642] setpgid(0, 0)               = 0
[pid  3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3642] write(3, "1000", 4)         = 4
[pid  3642] close(3)                    = 0
[pid  3642] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3642] memfd_create("syzkaller", 0) = 3
[pid  3642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d10f04000
[pid  3642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  3642] munmap(0x7f2d10f04000, 4194304) = 0
[pid  3642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3642] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3642] close(3)                    = 0
[pid  3642] mkdir("./file0", 0777)      = 0
[   48.733433][ T3642] loop0: detected capacity change from 0 to 8192
[   48.744514][ T3642] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   48.757566][ T3642] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   48.766984][ T3642] REISERFS (device loop0): using ordered data mode
[   48.773542][ T3642] reiserfs: using flush barriers
[   48.779400][ T3642] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   48.795718][ T3642] REISERFS (device loop0): checking transaction log (loop0)
[pid  3642] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  3642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3642] chdir("./file0")            = 0
[pid  3642] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3642] close(4)                    = 0
[pid  3642] creat("./bus", 000)         = 4
[pid  3642] writev(4, [{iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3641}], 1) = 3641
[pid  3642] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid  3642] dup2(5, 4)                  = 4
[pid  3642] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid  3642] ftruncate(6, 2199023251456) = -1 EFBIG (File too large)
[pid  3642] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=4, si_uid=0} ---
[   48.832133][ T3642] REISERFS (device loop0): Using r5 hash to sort names
[   48.839682][ T3642] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  3642] +++ killed by SIGXFSZ (core dumped) +++
[pid  3636] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=4, si_uid=0, si_status=SIGXFSZ, si_utime=0, si_stime=20} ---
[pid  3636] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  3636] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  3636] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 4 entries */, 32768) = 112
[pid  3636] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  3636] unlink("./2/binderfs")      = 0
[pid  3636] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  3636] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  3636] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(4, 0x555555766660 /* 2 entries */, 32768) = 48
[pid  3636] getdents64(4, 0x555555766660 /* 0 entries */, 32768) = 0
[pid  3636] close(4)                    = 0
[pid  3636] rmdir("./2/file0")          = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 0 entries */, 32768) = 0
[pid  3636] close(3)                    = 0
[pid  3636] rmdir("./2")                = 0
[pid  3636] mkdir("./3", 0777)          = 0
[pid  3636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  3636] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  3636] close(3)                    = 0
[pid  3636] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3644 attached
 <unfinished ...>
[pid  3644] chdir("./3" <unfinished ...>
[pid  3636] <... clone resumed>, child_tidptr=0x55555575d5d0) = 5
[pid  3644] <... chdir resumed>)        = 0
[pid  3644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3644] setpgid(0, 0)               = 0
[pid  3644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3644] write(3, "1000", 4)         = 4
[pid  3644] close(3)                    = 0
[pid  3644] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3644] memfd_create("syzkaller", 0) = 3
[pid  3644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d10f04000
[pid  3644] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  3644] munmap(0x7f2d10f04000, 4194304) = 0
[pid  3644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3644] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3644] close(3)                    = 0
[pid  3644] mkdir("./file0", 0777)      = 0
[   49.070113][ T3644] loop0: detected capacity change from 0 to 8192
[   49.081442][ T3644] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   49.094450][ T3644] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   49.103647][ T3644] REISERFS (device loop0): using ordered data mode
[   49.110170][ T3644] reiserfs: using flush barriers
[   49.115957][ T3644] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   49.132462][ T3644] REISERFS (device loop0): checking transaction log (loop0)
[pid  3644] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  3644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3644] chdir("./file0")            = 0
[pid  3644] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3644] close(4)                    = 0
[pid  3644] creat("./bus", 000)         = 4
[pid  3644] writev(4, [{iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3641}], 1) = 3641
[pid  3644] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid  3644] dup2(5, 4)                  = 4
[pid  3644] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid  3644] ftruncate(6, 2199023251456) = -1 EFBIG (File too large)
[pid  3644] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=5, si_uid=0} ---
[   49.171854][ T3644] REISERFS (device loop0): Using r5 hash to sort names
[   49.179463][ T3644] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  3644] +++ killed by SIGXFSZ (core dumped) +++
[pid  3636] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=5, si_uid=0, si_status=SIGXFSZ, si_utime=0, si_stime=18} ---
[pid  3636] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  3636] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  3636] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 4 entries */, 32768) = 112
[pid  3636] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  3636] unlink("./3/binderfs")      = 0
[pid  3636] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  3636] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  3636] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(4, 0x555555766660 /* 2 entries */, 32768) = 48
[pid  3636] getdents64(4, 0x555555766660 /* 0 entries */, 32768) = 0
[pid  3636] close(4)                    = 0
[pid  3636] rmdir("./3/file0")          = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 0 entries */, 32768) = 0
[pid  3636] close(3)                    = 0
[pid  3636] rmdir("./3")                = 0
[pid  3636] mkdir("./4", 0777)          = 0
[pid  3636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  3636] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  3636] close(3)                    = 0
[pid  3636] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3646 attached
, child_tidptr=0x55555575d5d0) = 6
[pid  3646] chdir("./4")                = 0
[pid  3646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3646] setpgid(0, 0)               = 0
[pid  3646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3646] write(3, "1000", 4)         = 4
[pid  3646] close(3)                    = 0
[pid  3646] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3646] memfd_create("syzkaller", 0) = 3
[pid  3646] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d10f04000
[pid  3646] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  3646] munmap(0x7f2d10f04000, 4194304) = 0
[pid  3646] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3646] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3646] close(3)                    = 0
[pid  3646] mkdir("./file0", 0777)      = 0
[   49.418837][ T3646] loop0: detected capacity change from 0 to 8192
[   49.429419][ T3646] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   49.442736][ T3646] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   49.451976][ T3646] REISERFS (device loop0): using ordered data mode
[   49.458493][ T3646] reiserfs: using flush barriers
[   49.464284][ T3646] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   49.480573][ T3646] REISERFS (device loop0): checking transaction log (loop0)
[pid  3646] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  3646] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3646] chdir("./file0")            = 0
[pid  3646] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3646] close(4)                    = 0
[pid  3646] creat("./bus", 000)         = 4
[pid  3646] writev(4, [{iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3641}], 1) = 3641
[pid  3646] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid  3646] dup2(5, 4)                  = 4
[pid  3646] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid  3646] ftruncate(6, 2199023251456) = -1 EFBIG (File too large)
[pid  3646] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=6, si_uid=0} ---
[   49.516286][ T3646] REISERFS (device loop0): Using r5 hash to sort names
[   49.523597][ T3646] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  3646] +++ killed by SIGXFSZ (core dumped) +++
[pid  3636] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=6, si_uid=0, si_status=SIGXFSZ, si_utime=1, si_stime=20} ---
[pid  3636] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  3636] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 4 entries */, 32768) = 112
[pid  3636] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  3636] unlink("./4/binderfs")      = 0
[pid  3636] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  3636] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  3636] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(4, 0x555555766660 /* 2 entries */, 32768) = 48
[pid  3636] getdents64(4, 0x555555766660 /* 0 entries */, 32768) = 0
[pid  3636] close(4)                    = 0
[pid  3636] rmdir("./4/file0")          = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 0 entries */, 32768) = 0
[pid  3636] close(3)                    = 0
[pid  3636] rmdir("./4")                = 0
[pid  3636] mkdir("./5", 0777)          = 0
[pid  3636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  3636] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  3636] close(3)                    = 0
[pid  3636] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555575d5d0) = 7
./strace-static-x86_64: Process 3648 attached
[pid  3648] chdir("./5")                = 0
[pid  3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3648] setpgid(0, 0)               = 0
[pid  3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3648] write(3, "1000", 4)         = 4
[pid  3648] close(3)                    = 0
[pid  3648] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3648] memfd_create("syzkaller", 0) = 3
[pid  3648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d10f04000
[pid  3648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  3648] munmap(0x7f2d10f04000, 4194304) = 0
[pid  3648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3648] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3648] close(3)                    = 0
[pid  3648] mkdir("./file0", 0777)      = 0
[   49.753579][ T3648] loop0: detected capacity change from 0 to 8192
[   49.764256][ T3648] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   49.777285][ T3648] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   49.786541][ T3648] REISERFS (device loop0): using ordered data mode
[   49.793072][ T3648] reiserfs: using flush barriers
[   49.798611][ T3648] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   49.815025][ T3648] REISERFS (device loop0): checking transaction log (loop0)
[pid  3648] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  3648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3648] chdir("./file0")            = 0
[pid  3648] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3648] close(4)                    = 0
[pid  3648] creat("./bus", 000)         = 4
[pid  3648] writev(4, [{iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3641}], 1) = 3641
[pid  3648] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid  3648] dup2(5, 4)                  = 4
[pid  3648] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid  3648] ftruncate(6, 2199023251456) = -1 EFBIG (File too large)
[pid  3648] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=7, si_uid=0} ---
[   49.850817][ T3648] REISERFS (device loop0): Using r5 hash to sort names
[   49.858061][ T3648] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  3648] +++ killed by SIGXFSZ (core dumped) +++
[pid  3636] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=7, si_uid=0, si_status=SIGXFSZ, si_utime=0, si_stime=22} ---
[pid  3636] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  3636] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 4 entries */, 32768) = 112
[pid  3636] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  3636] unlink("./5/binderfs")      = 0
[pid  3636] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  3636] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  3636] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(4, 0x555555766660 /* 2 entries */, 32768) = 48
[pid  3636] getdents64(4, 0x555555766660 /* 0 entries */, 32768) = 0
[pid  3636] close(4)                    = 0
[pid  3636] rmdir("./5/file0")          = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 0 entries */, 32768) = 0
[pid  3636] close(3)                    = 0
[pid  3636] rmdir("./5")                = 0
[pid  3636] mkdir("./6", 0777)          = 0
[pid  3636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  3636] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  3636] close(3)                    = 0
[pid  3636] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555575d5d0) = 8
./strace-static-x86_64: Process 3650 attached
[pid  3650] chdir("./6")                = 0
[pid  3650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3650] setpgid(0, 0)               = 0
[pid  3650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3650] write(3, "1000", 4)         = 4
[pid  3650] close(3)                    = 0
[pid  3650] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3650] memfd_create("syzkaller", 0) = 3
[pid  3650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d10f04000
[pid  3650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  3650] munmap(0x7f2d10f04000, 4194304) = 0
[pid  3650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3650] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3650] close(3)                    = 0
[pid  3650] mkdir("./file0", 0777)      = 0
[   50.100738][ T3650] loop0: detected capacity change from 0 to 8192
[   50.111448][ T3650] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   50.124483][ T3650] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   50.133706][ T3650] REISERFS (device loop0): using ordered data mode
[   50.140230][ T3650] reiserfs: using flush barriers
[   50.145912][ T3650] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   50.162273][ T3650] REISERFS (device loop0): checking transaction log (loop0)
[pid  3650] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  3650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3650] chdir("./file0")            = 0
[pid  3650] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3650] close(4)                    = 0
[pid  3650] creat("./bus", 000)         = 4
[pid  3650] writev(4, [{iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3641}], 1) = 3641
[pid  3650] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid  3650] dup2(5, 4)                  = 4
[pid  3650] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid  3650] ftruncate(6, 2199023251456) = -1 EFBIG (File too large)
[pid  3650] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=8, si_uid=0} ---
[   50.197884][ T3650] REISERFS (device loop0): Using r5 hash to sort names
[   50.204909][ T3650] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  3650] +++ killed by SIGXFSZ (core dumped) +++
[pid  3636] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=8, si_uid=0, si_status=SIGXFSZ, si_utime=0, si_stime=20} ---
[pid  3636] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  3636] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  3636] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 4 entries */, 32768) = 112
[pid  3636] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  3636] unlink("./6/binderfs")      = 0
[pid  3636] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  3636] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  3636] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(4, 0x555555766660 /* 2 entries */, 32768) = 48
[pid  3636] getdents64(4, 0x555555766660 /* 0 entries */, 32768) = 0
[pid  3636] close(4)                    = 0
[pid  3636] rmdir("./6/file0")          = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 0 entries */, 32768) = 0
[pid  3636] close(3)                    = 0
[pid  3636] rmdir("./6")                = 0
[pid  3636] mkdir("./7", 0777)          = 0
[pid  3636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  3636] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  3636] close(3)                    = 0
[pid  3636] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555575d5d0) = 9
./strace-static-x86_64: Process 3652 attached
[pid  3652] chdir("./7")                = 0
[pid  3652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3652] setpgid(0, 0)               = 0
[pid  3652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3652] write(3, "1000", 4)         = 4
[pid  3652] close(3)                    = 0
[pid  3652] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3652] memfd_create("syzkaller", 0) = 3
[pid  3652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d10f04000
[pid  3652] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  3652] munmap(0x7f2d10f04000, 4194304) = 0
[pid  3652] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3652] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3652] close(3)                    = 0
[pid  3652] mkdir("./file0", 0777)      = 0
[   50.432783][ T3652] loop0: detected capacity change from 0 to 8192
[   50.443810][ T3652] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   50.456833][ T3652] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   50.466057][ T3652] REISERFS (device loop0): using ordered data mode
[   50.472698][ T3652] reiserfs: using flush barriers
[   50.478651][ T3652] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   50.495002][ T3652] REISERFS (device loop0): checking transaction log (loop0)
[pid  3652] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  3652] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3652] chdir("./file0")            = 0
[pid  3652] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3652] close(4)                    = 0
[pid  3652] creat("./bus", 000)         = 4
[pid  3652] writev(4, [{iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3641}], 1) = 3641
[pid  3652] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid  3652] dup2(5, 4)                  = 4
[pid  3652] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid  3652] ftruncate(6, 2199023251456) = -1 EFBIG (File too large)
[pid  3652] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=9, si_uid=0} ---
[   50.534804][ T3652] REISERFS (device loop0): Using r5 hash to sort names
[   50.541845][ T3652] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  3652] +++ killed by SIGXFSZ (core dumped) +++
[pid  3636] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=9, si_uid=0, si_status=SIGXFSZ, si_utime=0, si_stime=24} ---
[pid  3636] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  3636] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 4 entries */, 32768) = 112
[pid  3636] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  3636] unlink("./7/binderfs")      = 0
[pid  3636] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  3636] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  3636] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(4, 0x555555766660 /* 2 entries */, 32768) = 48
[pid  3636] getdents64(4, 0x555555766660 /* 0 entries */, 32768) = 0
[pid  3636] close(4)                    = 0
[pid  3636] rmdir("./7/file0")          = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 0 entries */, 32768) = 0
[pid  3636] close(3)                    = 0
[pid  3636] rmdir("./7")                = 0
[pid  3636] mkdir("./8", 0777)          = 0
[pid  3636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  3636] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  3636] close(3)                    = 0
[pid  3636] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3654 attached
, child_tidptr=0x55555575d5d0) = 10
[pid  3654] chdir("./8")                = 0
[pid  3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3654] setpgid(0, 0)               = 0
[pid  3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3654] write(3, "1000", 4)         = 4
[pid  3654] close(3)                    = 0
[pid  3654] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3654] memfd_create("syzkaller", 0) = 3
[pid  3654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d10f04000
[pid  3654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  3654] munmap(0x7f2d10f04000, 4194304) = 0
[pid  3654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3654] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3654] close(3)                    = 0
[pid  3654] mkdir("./file0", 0777)      = 0
[   50.760383][ T3654] loop0: detected capacity change from 0 to 8192
[   50.771885][ T3654] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   50.784917][ T3654] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   50.794226][ T3654] REISERFS (device loop0): using ordered data mode
[   50.800803][ T3654] reiserfs: using flush barriers
[   50.806588][ T3654] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   50.822931][ T3654] REISERFS (device loop0): checking transaction log (loop0)
[pid  3654] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  3654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3654] chdir("./file0")            = 0
[pid  3654] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3654] close(4)                    = 0
[pid  3654] creat("./bus", 000)         = 4
[pid  3654] writev(4, [{iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3641}], 1) = 3641
[pid  3654] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid  3654] dup2(5, 4)                  = 4
[pid  3654] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid  3654] ftruncate(6, 2199023251456) = -1 EFBIG (File too large)
[pid  3654] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=10, si_uid=0} ---
[   50.858710][ T3654] REISERFS (device loop0): Using r5 hash to sort names
[   50.866440][ T3654] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  3654] +++ killed by SIGXFSZ (core dumped) +++
[pid  3636] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_DUMPED, si_pid=10, si_uid=0, si_status=SIGXFSZ, si_utime=0, si_stime=23} ---
[pid  3636] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  3636] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  3636] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 4 entries */, 32768) = 112
[pid  3636] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  3636] unlink("./8/binderfs")      = 0
[pid  3636] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  3636] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  3636] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  3636] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  3636] getdents64(4, 0x555555766660 /* 2 entries */, 32768) = 48
[pid  3636] getdents64(4, 0x555555766660 /* 0 entries */, 32768) = 0
[pid  3636] close(4)                    = 0
[pid  3636] rmdir("./8/file0")          = 0
[pid  3636] getdents64(3, 0x55555575e620 /* 0 entries */, 32768) = 0
[pid  3636] close(3)                    = 0
[pid  3636] rmdir("./8")                = 0
[pid  3636] mkdir("./9", 0777)          = 0
[pid  3636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  3636] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  3636] close(3)                    = 0
[pid  3636] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555575d5d0) = 11
./strace-static-x86_64: Process 3656 attached
[pid  3656] chdir("./9")                = 0
[pid  3656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3656] setpgid(0, 0)               = 0
[pid  3656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3656] write(3, "1000", 4)         = 4
[pid  3656] close(3)                    = 0
[pid  3656] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3656] memfd_create("syzkaller", 0) = 3
[pid  3656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d10f04000
[pid  3656] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  3656] munmap(0x7f2d10f04000, 4194304) = 0
[pid  3656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3656] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3656] close(3)                    = 0
[pid  3656] mkdir("./file0", 0777)      = 0
[   51.089882][ T3656] loop0: detected capacity change from 0 to 8192
[   51.100900][ T3656] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   51.113934][ T3656] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   51.123264][ T3656] REISERFS (device loop0): using ordered data mode
[   51.129801][ T3656] reiserfs: using flush barriers
[   51.135445][ T3656] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   51.151691][ T3656] REISERFS (device loop0): checking transaction log (loop0)
[pid  3656] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  3656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3656] chdir("./file0")            = 0
[pid  3656] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3656] close(4)                    = 0
[pid  3656] creat("./bus", 000)         = 4
[pid  3656] writev(4, [{iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3641}], 1) = 3641
[pid  3656] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid  3656] dup2(5, 4)                  = 4
[pid  3656] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_NOATIME|FASYNC, 000) = 6
[pid  3656] ftruncate(6, 2199023251456) = -1 EFBIG (File too large)
[pid  3656] --- SIGXFSZ {si_signo=SIGXFSZ, si_code=SI_USER, si_pid=11, si_uid=0} ---
[   51.192986][ T3656] REISERFS (device loop0): Using r5 hash to sort names
[   51.200057][ T3656] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[   51.230167][ T3656] ==================================================================
[   51.238266][ T3656] BUG: KASAN: use-after-free in leaf_paste_in_buffer+0xa2d/0xc30
[   51.245996][ T3656] Read of size 80 at addr ffff888070daffe0 by task syz-executor113/3656
[   51.254306][ T3656] 
[   51.256609][ T3656] CPU: 1 PID: 3656 Comm: syz-executor113 Not tainted 6.1.0-syzkaller #0
[   51.264919][ T3656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   51.274955][ T3656] Call Trace:
[   51.278217][ T3656]  <TASK>
[   51.281131][ T3656]  dump_stack_lvl+0xd1/0x138
[   51.285717][ T3656]  print_report+0x15e/0x45d
[   51.290205][ T3656]  ? __phys_addr+0xc8/0x140
[   51.294787][ T3656]  ? leaf_paste_in_buffer+0xa2d/0xc30
[   51.300152][ T3656]  kasan_report+0xbf/0x1f0
[   51.304561][ T3656]  ? leaf_paste_in_buffer+0xa2d/0xc30
[   51.309927][ T3656]  kasan_check_range+0x141/0x190
[   51.314864][ T3656]  memcpy+0x24/0x60
[   51.318683][ T3656]  leaf_paste_in_buffer+0xa2d/0xc30
[   51.323874][ T3656]  leaf_copy_dir_entries.isra.0+0x7f3/0x980
[   51.329760][ T3656]  ? leaf_paste_entries+0x910/0x910
[   51.334948][ T3656]  ? lock_release+0x810/0x810
[   51.339618][ T3656]  leaf_move_items+0x16d2/0x3ad0
[   51.344553][ T3656]  ? rcu_read_lock_sched_held+0x3e/0x70
[   51.350091][ T3656]  ? trace_contention_end+0x153/0x1e0
[   51.355455][ T3656]  ? leaf_copy_dir_entries.isra.0+0x980/0x980
[   51.361515][ T3656]  ? __mutex_lock+0x231/0x1360
[   51.366272][ T3656]  ? mutex_lock_io_nested+0x11a0/0x11a0
[   51.371814][ T3656]  leaf_shift_left+0xa4/0x380
[   51.376482][ T3656]  balance_leaf+0x3337/0xde40
[   51.381145][ T3656]  ? reiserfs_prepare_for_journal+0x162/0x2b0
[   51.387194][ T3656]  ? fix_nodes+0x14cf/0x8650
[   51.391774][ T3656]  ? replace_key+0x170/0x170
[   51.396349][ T3656]  do_balance+0x319/0x810
[   51.400666][ T3656]  ? get_right_neighbor_position+0x170/0x170
[   51.406640][ T3656]  ? wait_for_completion_io_timeout+0x20/0x20
[   51.412707][ T3656]  ? folio_flags.constprop.0+0x53/0x150
[   51.418248][ T3656]  reiserfs_insert_item+0xdb2/0x11b0
[   51.423528][ T3656]  ? reiserfs_paste_into_item+0x8e0/0x8e0
[   51.429270][ T3656]  ? scan_bitmap_block.constprop.0+0xfd0/0xfd0
[   51.435414][ T3656]  ? journal_begin+0x214/0x400
[   51.440162][ T3656]  reiserfs_get_block+0x1b23/0x4150
[   51.445353][ T3656]  ? reiserfs_commit_write+0x6f0/0x6f0
[   51.450800][ T3656]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   51.456775][ T3656]  ? find_held_lock+0x2d/0x110
[   51.461534][ T3656]  ? create_page_buffers+0x440/0x640
[   51.466809][ T3656]  ? do_raw_spin_unlock+0x175/0x230
[   51.471992][ T3656]  __block_write_begin_int+0x3bd/0x14b0
[   51.477530][ T3656]  ? reiserfs_commit_write+0x6f0/0x6f0
[   51.482979][ T3656]  ? mark_held_locks+0x9f/0xe0
[   51.487736][ T3656]  ? invalidate_bh_lrus_cpu+0x140/0x140
[   51.493355][ T3656]  ? ktime_get_coarse_real_ts64+0x1bb/0x200
[   51.499240][ T3656]  ? PageHeadHuge+0x1a2/0x200
[   51.503910][ T3656]  reiserfs_write_begin+0x36e/0xa60
[   51.509096][ T3656]  ? current_time+0x1ea/0x2c0
[   51.513758][ T3656]  generic_perform_write+0x256/0x570
[   51.519121][ T3656]  ? folio_add_wait_queue+0x1c0/0x1c0
[   51.524483][ T3656]  ? new_inode+0x280/0x280
[   51.528881][ T3656]  ? generic_write_checks+0x2c0/0x400
[   51.534245][ T3656]  __generic_file_write_iter+0x2ae/0x4d0
[   51.539871][ T3656]  generic_file_write_iter+0xe3/0x350
[   51.545238][ T3656]  ? __stack_depot_save+0x3e/0x560
[   51.550336][ T3656]  __kernel_write_iter+0x262/0x730
[   51.555436][ T3656]  ? vfs_read+0x930/0x930
[   51.559842][ T3656]  ? kasan_save_stack+0x35/0x40
[   51.564680][ T3656]  ? arch_do_signal_or_restart+0x86/0x2300
[   51.570474][ T3656]  ? exit_to_user_mode_prepare+0x15f/0x250
[   51.576264][ T3656]  ? syscall_exit_to_user_mode+0x1d/0x50
[   51.581881][ T3656]  ? do_syscall_64+0x46/0xb0
[   51.586460][ T3656]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   51.592518][ T3656]  __kernel_write+0xcb/0x110
[   51.597270][ T3656]  ? __kernel_write_iter+0x730/0x730
[   51.602556][ T3656]  ? find_held_lock+0x2d/0x110
[   51.607328][ T3656]  dump_emit+0x21d/0x340
[   51.611576][ T3656]  ? __dump_skip+0x5c0/0x5c0
[   51.616153][ T3656]  elf_core_dump+0x1d7c/0x3520
[   51.620905][ T3656]  ? load_elf_phdrs+0x210/0x210
[   51.625743][ T3656]  ? kvmalloc_node+0x43/0x1b0
[   51.630411][ T3656]  ? kasan_save_stack+0x35/0x40
[   51.635336][ T3656]  ? kasan_set_track+0x25/0x30
[   51.640088][ T3656]  ? __kasan_kmalloc+0xa5/0xb0
[   51.644836][ T3656]  ? __kmalloc_node+0x5d/0xd0
[   51.649498][ T3656]  ? __lock_acquire+0x166e/0x56d0
[   51.654520][ T3656]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   51.660502][ T3656]  do_coredump+0x276d/0x3c70
[   51.665082][ T3656]  ? dump_emit+0x340/0x340
[   51.669489][ T3656]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   51.675461][ T3656]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   51.681430][ T3656]  ? __switch_to+0x5d0/0x10e0
[   51.686106][ T3656]  ? find_held_lock+0x2d/0x110
[   51.690865][ T3656]  ? io_openat+0x20/0x20
[   51.695099][ T3656]  ? _raw_spin_unlock_irq+0x23/0x50
[   51.700284][ T3656]  get_signal+0x1bf1/0x2440
[   51.704772][ T3656]  ? lock_release+0x810/0x810
[   51.709437][ T3656]  ? exit_signals+0x8b0/0x8b0
[   51.714095][ T3656]  ? do_raw_spin_lock+0x124/0x2b0
[   51.719105][ T3656]  ? rwlock_bug.part.0+0x90/0x90
[   51.724026][ T3656]  ? _raw_spin_lock_irq+0x45/0x50
[   51.729034][ T3656]  arch_do_signal_or_restart+0x86/0x2300
[   51.734654][ T3656]  ? find_held_lock+0x2d/0x110
[   51.739409][ T3656]  ? get_sigframe_size+0x10/0x10
[   51.744326][ T3656]  ? ptrace_notify+0xfe/0x140
[   51.748996][ T3656]  ? lock_downgrade+0x6e0/0x6e0
[   51.753925][ T3656]  ? _raw_spin_unlock_irq+0x23/0x50
[   51.759113][ T3656]  exit_to_user_mode_prepare+0x15f/0x250
[   51.764730][ T3656]  syscall_exit_to_user_mode+0x1d/0x50
[   51.770174][ T3656]  do_syscall_64+0x46/0xb0
[   51.774580][ T3656]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   51.780463][ T3656] RIP: 0033:0x7f2d19351d09
[   51.784862][ T3656] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   51.804454][ T3656] RSP: 002b:00007ffc7057dbf8 EFLAGS: 00000216 ORIG_RAX: 000000000000004d
[   51.812848][ T3656] RAX: ffffffffffffffe5 RBX: 0000000000000003 RCX: 00007f2d19351d09
[   51.820801][ T3656] RDX: 00007f2d19351d09 RSI: 000001fffffff000 RDI: 0000000000000006
[   51.828751][ T3656] RBP: 0000000000000000 R08: 00007ffc7057dc20 R09: 00007ffc7057dc20
[   51.836712][ T3656] R10: 00007ffc7057dc20 R11: 0000000000000216 R12: 00007ffc7057dc1c
[   51.844671][ T3656] R13: 00007ffc7057dc50 R14: 00007ffc7057dc30 R15: 0000000000000009
[   51.852732][ T3656]  </TASK>
[   51.856518][ T3656] 
[   51.858821][ T3656] The buggy address belongs to the physical page:
[   51.865295][ T3656] page:ffffea0001c36bc0 refcount:2 mapcount:0 mapping:ffff888144cf5ff8 index:0x213 pfn:0x70daf
[   51.875710][ T3656] memcg:ffff888140140000
[   51.879931][ T3656] aops:def_blk_aops ino:700000
[   51.884678][ T3656] flags: 0xfff00000002032(referenced|lru|active|private|node=0|zone=1|lastcpupid=0x7ff)
[   51.894472][ T3656] raw: 00fff00000002032 ffffea0001c36b88 ffffea0000811848 ffff888144cf5ff8
[   51.903128][ T3656] raw: 0000000000000213 ffff888071655910 00000002ffffffff ffff888140140000
[   51.911691][ T3656] page dumped because: kasan: bad access detected
[   51.918080][ T3656] page_owner tracks the page as allocated
[   51.923793][ T3656] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 3656, tgid 3656 (syz-executor113), ts 51192805041, free_ts 49671715235
[   51.944474][ T3656]  get_page_from_freelist+0x10b5/0x2d50
[   51.950019][ T3656]  __alloc_pages+0x1cb/0x5b0
[   51.954599][ T3656]  alloc_pages+0x1aa/0x270
[   51.959001][ T3656]  folio_alloc+0x20/0x70
[   51.963228][ T3656]  filemap_alloc_folio+0x362/0x450
[   51.968327][ T3656]  __filemap_get_folio+0x32c/0xd90
[   51.973435][ T3656]  pagecache_get_page+0x32/0x280
[   51.978360][ T3656]  __getblk_slow+0x1f4/0x1030
[   51.983025][ T3656]  __getblk_gfp+0x72/0x80
[   51.987337][ T3656]  search_by_key+0x3ac/0x3bf0
[   51.992006][ T3656]  reiserfs_read_locked_inode+0x158/0x2160
[   51.997884][ T3656]  reiserfs_fill_super+0x1273/0x2e90
[   52.003157][ T3656]  mount_bdev+0x351/0x410
[   52.007480][ T3656]  legacy_get_tree+0x109/0x220
[   52.012312][ T3656]  vfs_get_tree+0x8d/0x2f0
[   52.016739][ T3656]  path_mount+0x132a/0x1e20
[   52.021233][ T3656] page last free stack trace:
[   52.025880][ T3656]  free_pcp_prepare+0x65c/0xd90
[   52.030725][ T3656]  free_unref_page_list+0x176/0xc40
[   52.035910][ T3656]  release_pages+0xc8a/0x1360
[   52.040665][ T3656]  __pagevec_release+0x7b/0x110
[   52.045503][ T3656]  shmem_undo_range+0x63a/0x1360
[   52.050433][ T3656]  shmem_evict_inode+0x3ca/0xc30
[   52.055363][ T3656]  evict+0x2ed/0x6b0
[   52.059239][ T3656]  iput.part.0+0x59b/0x880
[   52.063636][ T3656]  iput+0x5c/0x80
[   52.067249][ T3656]  dentry_unlink_inode+0x2b1/0x460
[   52.072349][ T3656]  __dentry_kill+0x3c0/0x640
[   52.077013][ T3656]  dput+0x80a/0xdb0
[   52.080809][ T3656]  __fput+0x3cc/0xa90
[   52.084777][ T3656]  task_work_run+0x16f/0x270
[   52.089353][ T3656]  ptrace_notify+0x118/0x140
[   52.093933][ T3656]  syscall_exit_to_user_mode_prepare+0x129/0x280
[   52.100244][ T3656] 
[   52.102547][ T3656] Memory state around the buggy address:
[   52.108153][ T3656]  ffff888070daff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   52.116198][ T3656]  ffff888070daff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   52.124241][ T3656] >ffff888070db0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   52.132279][ T3656]                    ^
[   52.136328][ T3656]  ffff888070db0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   52.144542][ T3656]  ffff888070db0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   52.152582][ T3656] ==================================================================
[   52.176800][ T3656] Kernel panic - not syncing: panic_on_warn set ...
[   52.183373][ T3656] CPU: 1 PID: 3656 Comm: syz-executor113 Not tainted 6.1.0-syzkaller #0
[   52.191683][ T3656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   52.201720][ T3656] Call Trace:
[   52.204979][ T3656]  <TASK>
[   52.207892][ T3656]  dump_stack_lvl+0xd1/0x138
[   52.212476][ T3656]  panic+0x2cc/0x626
[   52.216361][ T3656]  ? panic_print_sys_info.part.0+0x110/0x110
[   52.222333][ T3656]  ? preempt_schedule_common+0x59/0xc0
[   52.227784][ T3656]  ? preempt_schedule_thunk+0x1a/0x1c
[   52.233150][ T3656]  end_report.part.0+0x3f/0x7c
[   52.237897][ T3656]  ? leaf_paste_in_buffer+0xa2d/0xc30
[   52.243260][ T3656]  kasan_report.cold+0xa/0xf
[   52.247833][ T3656]  ? leaf_paste_in_buffer+0xa2d/0xc30
[   52.253195][ T3656]  kasan_check_range+0x141/0x190
[   52.258122][ T3656]  memcpy+0x24/0x60
[   52.261919][ T3656]  leaf_paste_in_buffer+0xa2d/0xc30
[   52.267126][ T3656]  leaf_copy_dir_entries.isra.0+0x7f3/0x980
[   52.273012][ T3656]  ? leaf_paste_entries+0x910/0x910
[   52.278201][ T3656]  ? lock_release+0x810/0x810
[   52.282870][ T3656]  leaf_move_items+0x16d2/0x3ad0
[   52.287796][ T3656]  ? rcu_read_lock_sched_held+0x3e/0x70
[   52.293333][ T3656]  ? trace_contention_end+0x153/0x1e0
[   52.298692][ T3656]  ? leaf_copy_dir_entries.isra.0+0x980/0x980
[   52.304750][ T3656]  ? __mutex_lock+0x231/0x1360
[   52.309507][ T3656]  ? mutex_lock_io_nested+0x11a0/0x11a0
[   52.315047][ T3656]  leaf_shift_left+0xa4/0x380
[   52.319728][ T3656]  balance_leaf+0x3337/0xde40
[   52.324388][ T3656]  ? reiserfs_prepare_for_journal+0x162/0x2b0
[   52.330454][ T3656]  ? fix_nodes+0x14cf/0x8650
[   52.335031][ T3656]  ? replace_key+0x170/0x170
[   52.339606][ T3656]  do_balance+0x319/0x810
[   52.343919][ T3656]  ? get_right_neighbor_position+0x170/0x170
[   52.349881][ T3656]  ? wait_for_completion_io_timeout+0x20/0x20
[   52.355940][ T3656]  ? folio_flags.constprop.0+0x53/0x150
[   52.361481][ T3656]  reiserfs_insert_item+0xdb2/0x11b0
[   52.366755][ T3656]  ? reiserfs_paste_into_item+0x8e0/0x8e0
[   52.372483][ T3656]  ? scan_bitmap_block.constprop.0+0xfd0/0xfd0
[   52.378617][ T3656]  ? journal_begin+0x214/0x400
[   52.383365][ T3656]  reiserfs_get_block+0x1b23/0x4150
[   52.388553][ T3656]  ? reiserfs_commit_write+0x6f0/0x6f0
[   52.394014][ T3656]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   52.400070][ T3656]  ? find_held_lock+0x2d/0x110
[   52.404825][ T3656]  ? create_page_buffers+0x440/0x640
[   52.410096][ T3656]  ? do_raw_spin_unlock+0x175/0x230
[   52.415292][ T3656]  __block_write_begin_int+0x3bd/0x14b0
[   52.420826][ T3656]  ? reiserfs_commit_write+0x6f0/0x6f0
[   52.426272][ T3656]  ? mark_held_locks+0x9f/0xe0
[   52.431024][ T3656]  ? invalidate_bh_lrus_cpu+0x140/0x140
[   52.436555][ T3656]  ? ktime_get_coarse_real_ts64+0x1bb/0x200
[   52.442435][ T3656]  ? PageHeadHuge+0x1a2/0x200
[   52.447104][ T3656]  reiserfs_write_begin+0x36e/0xa60
[   52.452288][ T3656]  ? current_time+0x1ea/0x2c0
[   52.456948][ T3656]  generic_perform_write+0x256/0x570
[   52.462236][ T3656]  ? folio_add_wait_queue+0x1c0/0x1c0
[   52.467594][ T3656]  ? new_inode+0x280/0x280
[   52.471989][ T3656]  ? generic_write_checks+0x2c0/0x400
[   52.477348][ T3656]  __generic_file_write_iter+0x2ae/0x4d0
[   52.482975][ T3656]  generic_file_write_iter+0xe3/0x350
[   52.488334][ T3656]  ? __stack_depot_save+0x3e/0x560
[   52.493429][ T3656]  __kernel_write_iter+0x262/0x730
[   52.498525][ T3656]  ? vfs_read+0x930/0x930
[   52.502839][ T3656]  ? kasan_save_stack+0x35/0x40
[   52.507674][ T3656]  ? arch_do_signal_or_restart+0x86/0x2300
[   52.513465][ T3656]  ? exit_to_user_mode_prepare+0x15f/0x250
[   52.519256][ T3656]  ? syscall_exit_to_user_mode+0x1d/0x50
[   52.524870][ T3656]  ? do_syscall_64+0x46/0xb0
[   52.529447][ T3656]  ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.535501][ T3656]  __kernel_write+0xcb/0x110
[   52.540076][ T3656]  ? __kernel_write_iter+0x730/0x730
[   52.545345][ T3656]  ? find_held_lock+0x2d/0x110
[   52.550100][ T3656]  dump_emit+0x21d/0x340
[   52.554329][ T3656]  ? __dump_skip+0x5c0/0x5c0
[   52.558904][ T3656]  elf_core_dump+0x1d7c/0x3520
[   52.563753][ T3656]  ? load_elf_phdrs+0x210/0x210
[   52.568589][ T3656]  ? kvmalloc_node+0x43/0x1b0
[   52.573254][ T3656]  ? kasan_save_stack+0x35/0x40
[   52.578092][ T3656]  ? kasan_set_track+0x25/0x30
[   52.582839][ T3656]  ? __kasan_kmalloc+0xa5/0xb0
[   52.587586][ T3656]  ? __kmalloc_node+0x5d/0xd0
[   52.592271][ T3656]  ? __lock_acquire+0x166e/0x56d0
[   52.597311][ T3656]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   52.603300][ T3656]  do_coredump+0x276d/0x3c70
[   52.607884][ T3656]  ? dump_emit+0x340/0x340
[   52.612296][ T3656]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   52.618267][ T3656]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   52.624322][ T3656]  ? __switch_to+0x5d0/0x10e0
[   52.628988][ T3656]  ? find_held_lock+0x2d/0x110
[   52.633742][ T3656]  ? io_openat+0x20/0x20
[   52.637974][ T3656]  ? _raw_spin_unlock_irq+0x23/0x50
[   52.643161][ T3656]  get_signal+0x1bf1/0x2440
[   52.647650][ T3656]  ? lock_release+0x810/0x810
[   52.652321][ T3656]  ? exit_signals+0x8b0/0x8b0
[   52.656982][ T3656]  ? do_raw_spin_lock+0x124/0x2b0
[   52.661991][ T3656]  ? rwlock_bug.part.0+0x90/0x90
[   52.666914][ T3656]  ? _raw_spin_lock_irq+0x45/0x50
[   52.671926][ T3656]  arch_do_signal_or_restart+0x86/0x2300
[   52.677545][ T3656]  ? find_held_lock+0x2d/0x110
[   52.682298][ T3656]  ? get_sigframe_size+0x10/0x10
[   52.687217][ T3656]  ? ptrace_notify+0xfe/0x140
[   52.691883][ T3656]  ? lock_downgrade+0x6e0/0x6e0
[   52.696729][ T3656]  ? _raw_spin_unlock_irq+0x23/0x50
[   52.701921][ T3656]  exit_to_user_mode_prepare+0x15f/0x250
[   52.707537][ T3656]  syscall_exit_to_user_mode+0x1d/0x50
[   52.712979][ T3656]  do_syscall_64+0x46/0xb0
[   52.717386][ T3656]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.723265][ T3656] RIP: 0033:0x7f2d19351d09
[   52.727662][ T3656] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   52.747275][ T3656] RSP: 002b:00007ffc7057dbf8 EFLAGS: 00000216 ORIG_RAX: 000000000000004d
[   52.755674][ T3656] RAX: ffffffffffffffe5 RBX: 0000000000000003 RCX: 00007f2d19351d09
[   52.763628][ T3656] RDX: 00007f2d19351d09 RSI: 000001fffffff000 RDI: 0000000000000006
[   52.771607][ T3656] RBP: 0000000000000000 R08: 00007ffc7057dc20 R09: 00007ffc7057dc20
[   52.779565][ T3656] R10: 00007ffc7057dc20 R11: 0000000000000216 R12: 00007ffc7057dc1c
[   52.787526][ T3656] R13: 00007ffc7057dc50 R14: 00007ffc7057dc30 R15: 0000000000000009
[   52.795492][ T3656]  </TASK>
[   52.799221][ T3656] Kernel Offset: disabled
[   52.803526][ T3656] Rebooting in 86400 seconds..