./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4195236253
<...>
forked to background, child pid 4640
no interfaces have a carrier
[ 27.882392][ T4641] 8021q: adding VLAN 0 to HW filter on device bond0
[ 27.891838][ T4641] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.250' (ECDSA) to the list of known hosts.
execve("./syz-executor4195236253", ["./syz-executor4195236253"], 0x7fffbca794a0 /* 10 vars */) = 0
brk(NULL) = 0x555556755000
brk(0x555556755c40) = 0x555556755c40
arch_prctl(ARCH_SET_FS, 0x555556755300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor4195236253", 4096) = 28
brk(0x555556776c40) = 0x555556776c40
brk(0x555556777000) = 0x555556777000
mprotect(0x7f7c3baba000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5069
mkdir("./syzkaller.J3iyvv", 0700) = 0
chmod("./syzkaller.J3iyvv", 0777) = 0
chdir("./syzkaller.J3iyvv") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567555d0) = 5070
./strace-static-x86_64: Process 5070 attached
[pid 5070] chdir("./0") = 0
[pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5070] setpgid(0, 0) = 0
[pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5070] write(3, "1000", 4) = 4
[pid 5070] close(3) = 0
[pid 5070] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5070] memfd_create("syzkaller", 0) = 3
[pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7c335fc000
[pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5070] munmap(0x7f7c335fc000, 4194304) = 0
[pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5070] close(3) = 0
[pid 5070] mkdir("./file0", 0777) = 0
syzkaller login: [ 52.903747][ T5070] loop0: detected capacity change from 0 to 8192
[ 52.915989][ T5070] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 52.929161][ T5070] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 52.938942][ T5070] REISERFS (device loop0): using ordered data mode
[ 52.945739][ T5070] reiserfs: using flush barriers
[ 52.952007][ T5070] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 52.968718][ T5070] REISERFS (device loop0): checking transaction log (loop0)
[pid 5070] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5070] chdir("./file0") = 0
[pid 5070] ioctl(4, LOOP_CLR_FD) = 0
[pid 5070] close(4) = 0
[pid 5070] creat("./bus", 000) = 4
[pid 5070] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3505}], 2) = 3633
[pid 5070] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5070] dup2(5, 4) = 4
[pid 5070] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 5070] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5070] exit_group(0) = ?
[pid 5070] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556756620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 53.013166][ T5070] REISERFS (device loop0): Using r5 hash to sort names
[ 53.021027][ T5070] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555675e660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555675e660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556756620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567555d0) = 5073
./strace-static-x86_64: Process 5073 attached
[pid 5073] chdir("./1") = 0
[pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5073] setpgid(0, 0) = 0
[pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5073] write(3, "1000", 4) = 4
[pid 5073] close(3) = 0
[pid 5073] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5073] memfd_create("syzkaller", 0) = 3
[pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7c335fc000
[pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5073] munmap(0x7f7c335fc000, 4194304) = 0
[pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5073] close(3) = 0
[pid 5073] mkdir("./file0", 0777) = 0
[ 53.165041][ T5073] loop0: detected capacity change from 0 to 8192
[ 53.175533][ T5073] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 53.188574][ T5073] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 53.198207][ T5073] REISERFS (device loop0): using ordered data mode
[ 53.204887][ T5073] reiserfs: using flush barriers
[ 53.210792][ T5073] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 53.227254][ T5073] REISERFS (device loop0): checking transaction log (loop0)
[pid 5073] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5073] chdir("./file0") = 0
[pid 5073] ioctl(4, LOOP_CLR_FD) = 0
[pid 5073] close(4) = 0
[pid 5073] creat("./bus", 000) = 4
[pid 5073] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3505}], 2) = 3633
[pid 5073] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5073] dup2(5, 4) = 4
[pid 5073] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 5073] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5073] exit_group(0) = ?
[pid 5073] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556756620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 53.264279][ T5073] REISERFS (device loop0): Using r5 hash to sort names
[ 53.271521][ T5073] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555675e660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555675e660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555556756620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567555d0) = 5075
./strace-static-x86_64: Process 5075 attached
[pid 5075] chdir("./2") = 0
[pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5075] setpgid(0, 0) = 0
[pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5075] write(3, "1000", 4) = 4
[pid 5075] close(3) = 0
[pid 5075] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5075] memfd_create("syzkaller", 0) = 3
[pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7c335fc000
[pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5075] munmap(0x7f7c335fc000, 4194304) = 0
[pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5075] close(3) = 0
[pid 5075] mkdir("./file0", 0777) = 0
[ 53.412636][ T5075] loop0: detected capacity change from 0 to 8192
[ 53.433502][ T5075] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 53.446615][ T5075] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 53.455885][ T5075] REISERFS (device loop0): using ordered data mode
[ 53.462408][ T5075] reiserfs: using flush barriers
[ 53.468181][ T5075] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 53.484565][ T5075] REISERFS (device loop0): checking transaction log (loop0)
[pid 5075] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5075] chdir("./file0") = 0
[pid 5075] ioctl(4, LOOP_CLR_FD) = 0
[pid 5075] close(4) = 0
[pid 5075] creat("./bus", 000) = 4
[pid 5075] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3505}], 2) = 3633
[pid 5075] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5075] dup2(5, 4) = 4
[pid 5075] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 5075] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5075] exit_group(0) = ?
[pid 5075] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556756620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 53.526995][ T5075] REISERFS (device loop0): Using r5 hash to sort names
[ 53.534201][ T5075] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555675e660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555675e660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555556756620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567555d0) = 5077
./strace-static-x86_64: Process 5077 attached
[pid 5077] chdir("./3") = 0
[pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5077] setpgid(0, 0) = 0
[pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5077] write(3, "1000", 4) = 4
[pid 5077] close(3) = 0
[pid 5077] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5077] memfd_create("syzkaller", 0) = 3
[pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7c335fc000
[pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5077] munmap(0x7f7c335fc000, 4194304) = 0
[pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5077] close(3) = 0
[pid 5077] mkdir("./file0", 0777) = 0
[ 53.671956][ T5077] loop0: detected capacity change from 0 to 8192
[ 53.682139][ T5077] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 53.695248][ T5077] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 53.704521][ T5077] REISERFS (device loop0): using ordered data mode
[ 53.711024][ T5077] reiserfs: using flush barriers
[ 53.716857][ T5077] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 53.733405][ T5077] REISERFS (device loop0): checking transaction log (loop0)
[pid 5077] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5077] chdir("./file0") = 0
[pid 5077] ioctl(4, LOOP_CLR_FD) = 0
[pid 5077] close(4) = 0
[pid 5077] creat("./bus", 000) = 4
[pid 5077] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3505}], 2) = 3633
[pid 5077] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5077] dup2(5, 4) = 4
[pid 5077] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 5077] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5077] exit_group(0) = ?
[pid 5077] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556756620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
[ 53.775015][ T5077] REISERFS (device loop0): Using r5 hash to sort names
[ 53.782328][ T5077] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555675e660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555675e660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x555556756620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567555d0) = 5079
./strace-static-x86_64: Process 5079 attached
[pid 5079] chdir("./4") = 0
[pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5079] setpgid(0, 0) = 0
[pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5079] write(3, "1000", 4) = 4
[pid 5079] close(3) = 0
[pid 5079] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5079] memfd_create("syzkaller", 0) = 3
[pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7c335fc000
[pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5079] munmap(0x7f7c335fc000, 4194304) = 0
[pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5079] close(3) = 0
[pid 5079] mkdir("./file0", 0777) = 0
[ 53.922614][ T5079] loop0: detected capacity change from 0 to 8192
[ 53.933011][ T5079] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 53.946152][ T5079] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 53.955436][ T5079] REISERFS (device loop0): using ordered data mode
[ 53.961990][ T5079] reiserfs: using flush barriers
[ 53.968113][ T5079] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 53.984591][ T5079] REISERFS (device loop0): checking transaction log (loop0)
[pid 5079] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5079] chdir("./file0") = 0
[pid 5079] ioctl(4, LOOP_CLR_FD) = 0
[pid 5079] close(4) = 0
[pid 5079] creat("./bus", 000) = 4
[pid 5079] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3505}], 2) = 3633
[pid 5079] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5079] dup2(5, 4) = 4
[pid 5079] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 5079] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5079] exit_group(0) = ?
[pid 5079] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556756620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
[ 54.021262][ T5079] REISERFS (device loop0): Using r5 hash to sort names
[ 54.028692][ T5079] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555675e660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555675e660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x555556756620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567555d0) = 5081
./strace-static-x86_64: Process 5081 attached
[pid 5081] chdir("./5") = 0
[pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5081] setpgid(0, 0) = 0
[pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5081] write(3, "1000", 4) = 4
[pid 5081] close(3) = 0
[pid 5081] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5081] memfd_create("syzkaller", 0) = 3
[pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7c335fc000
[pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5081] munmap(0x7f7c335fc000, 4194304) = 0
[pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5081] close(3) = 0
[pid 5081] mkdir("./file0", 0777) = 0
[ 54.177901][ T5081] loop0: detected capacity change from 0 to 8192
[ 54.187326][ T5081] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 54.200388][ T5081] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 54.209691][ T5081] REISERFS (device loop0): using ordered data mode
[ 54.216587][ T5081] reiserfs: using flush barriers
[ 54.222802][ T5081] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 54.239359][ T5081] REISERFS (device loop0): checking transaction log (loop0)
[pid 5081] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5081] chdir("./file0") = 0
[pid 5081] ioctl(4, LOOP_CLR_FD) = 0
[pid 5081] close(4) = 0
[pid 5081] creat("./bus", 000) = 4
[pid 5081] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3505}], 2) = 3633
[pid 5081] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5081] dup2(5, 4) = 4
[pid 5081] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 5081] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5081] exit_group(0) = ?
[pid 5081] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556756620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
[ 54.276563][ T5081] REISERFS (device loop0): Using r5 hash to sort names
[ 54.283918][ T5081] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555675e660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555675e660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x555556756620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567555d0) = 5083
./strace-static-x86_64: Process 5083 attached
[pid 5083] chdir("./6") = 0
[pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5083] setpgid(0, 0) = 0
[pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "1000", 4) = 4
[pid 5083] close(3) = 0
[pid 5083] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5083] memfd_create("syzkaller", 0) = 3
[pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7c335fc000
[pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5083] munmap(0x7f7c335fc000, 4194304) = 0
[pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5083] close(3) = 0
[pid 5083] mkdir("./file0", 0777) = 0
[ 54.421094][ T5083] loop0: detected capacity change from 0 to 8192
[ 54.431136][ T5083] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 54.444215][ T5083] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 54.453495][ T5083] REISERFS (device loop0): using ordered data mode
[ 54.460026][ T5083] reiserfs: using flush barriers
[ 54.466036][ T5083] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 54.482350][ T5083] REISERFS (device loop0): checking transaction log (loop0)
[pid 5083] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5083] chdir("./file0") = 0
[pid 5083] ioctl(4, LOOP_CLR_FD) = 0
[pid 5083] close(4) = 0
[pid 5083] creat("./bus", 000) = 4
[pid 5083] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3505}], 2) = 3633
[pid 5083] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5083] dup2(5, 4) = 4
[pid 5083] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 5083] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5083] exit_group(0) = ?
[pid 5083] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556756620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs") = 0
[ 54.524599][ T5083] REISERFS (device loop0): Using r5 hash to sort names
[ 54.531675][ T5083] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555675e660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555675e660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x555556756620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567555d0) = 5085
./strace-static-x86_64: Process 5085 attached
[pid 5085] chdir("./7") = 0
[pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5085] setpgid(0, 0) = 0
[pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5085] write(3, "1000", 4) = 4
[pid 5085] close(3) = 0
[pid 5085] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5085] memfd_create("syzkaller", 0) = 3
[pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7c335fc000
[pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5085] munmap(0x7f7c335fc000, 4194304) = 0
[pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5085] close(3) = 0
[pid 5085] mkdir("./file0", 0777) = 0
[ 54.666131][ T5085] loop0: detected capacity change from 0 to 8192
[ 54.676314][ T5085] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 54.689475][ T5085] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 54.698913][ T5085] REISERFS (device loop0): using ordered data mode
[ 54.705492][ T5085] reiserfs: using flush barriers
[ 54.711189][ T5085] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 54.727606][ T5085] REISERFS (device loop0): checking transaction log (loop0)
[pid 5085] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5085] chdir("./file0") = 0
[pid 5085] ioctl(4, LOOP_CLR_FD) = 0
[pid 5085] close(4) = 0
[pid 5085] creat("./bus", 000) = 4
[pid 5085] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3505}], 2) = 3633
[pid 5085] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5085] dup2(5, 4) = 4
[pid 5085] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[pid 5085] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 65191) = 65191
[pid 5085] exit_group(0) = ?
[pid 5085] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556756620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
[ 54.764858][ T5085] REISERFS (device loop0): Using r5 hash to sort names
[ 54.772120][ T5085] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555675e660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555675e660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x555556756620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555567555d0) = 5087
./strace-static-x86_64: Process 5087 attached
[pid 5087] chdir("./8") = 0
[pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5087] setpgid(0, 0) = 0
[pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5087] write(3, "1000", 4) = 4
[pid 5087] close(3) = 0
[pid 5087] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5087] memfd_create("syzkaller", 0) = 3
[pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7c335fc000
[pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5087] munmap(0x7f7c335fc000, 4194304) = 0
[pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5087] close(3) = 0
[pid 5087] mkdir("./file0", 0777) = 0
[ 54.902022][ T5087] loop0: detected capacity change from 0 to 8192
[ 54.912737][ T5087] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 54.926322][ T5087] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 54.935588][ T5087] REISERFS (device loop0): using ordered data mode
[ 54.942110][ T5087] reiserfs: using flush barriers
[ 54.948147][ T5087] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 54.964765][ T5087] REISERFS (device loop0): checking transaction log (loop0)
[pid 5087] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 5087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5087] chdir("./file0") = 0
[pid 5087] ioctl(4, LOOP_CLR_FD) = 0
[pid 5087] close(4) = 0
[pid 5087] creat("./bus", 000) = 4
[pid 5087] writev(4, [{iov_base="\x14\x00\x00\x00\x24\x68\x37\xf7\x31\x99\xae\xe6\xfd\xb9\x29\x1b\x30\x91\xec\x1a\x2d\x41\xd2\x27\x97\x5a\xd8\xec\x03\x0f\x59\x19\xf3\x97\x86\x79\x97\xf9\xc0\xef\xa9\xc9\x09\x2a\x31\xcd\xbb\x98\xea\x27\x27\x87\xaf\xda\x0a\xf5\x9a\x32\x07\x09\xc3\xa5\x9e\xf0\x5c\x6f\x40\xce\xaf\xec\x53\xf4\x8d\x61\x86\xe7\xd8\x40\x9e\x35\x30\x62\x21\xca\xf6\x7b\x37\x0d\x87\x5e\xff\x31\x91\x93\x27\x28\xe5\xab\x6c\x9a"..., iov_len=128}, {iov_base="\xd1\xff\xac\xd5\x16\xde\x50\xac\x9d\x15\xbc\x75\x31\x6d\xa4\xde\xfa\x1e\x72\xf6\x5a\x65\xcd\xd2\x6d\xcc\x38\x9a\xac\xf7\x85\x6d\xa9\xae\xcf\x37\x65\xd4\xc0\x32\xe1\x96\x0f\xaf\x25\xba\xd9\x06\xb7\xd3\x44\x0b\x6e\x71\xa8\x2f\x1d\x8f\x8b\x8d\xb3\x5b\x60\x91\xf3\xaf\x94\xc6\xb4\x6b\x9a\xb1\x0f\xe3\x92\x3f\x26\x87\x71\x07\x8d\x26\x68\xbe\x7b\xd3\xeb\x94\x1d\x4b\xb5\xba\xa8\x54\x7e\x36\x28\x3a\x06\x5c"..., iov_len=3505}], 2) = 3633
[pid 5087] openat(AT_FDCWD, "/proc/thread-self/attr/exec", O_RDWR) = 5
[pid 5087] dup2(5, 4) = 4
[pid 5087] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6
[ 55.006312][ T5087] REISERFS (device loop0): Using r5 hash to sort names
[ 55.013667][ T5087] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[ 55.034369][ T5087] ==================================================================
[ 55.042491][ T5087] BUG: KASAN: use-after-free in leaf_paste_in_buffer+0xa2d/0xc30
[ 55.050270][ T5087] Read of size 80 at addr ffff88807187bfe0 by task syz-executor419/5087
[ 55.058685][ T5087]
[ 55.060992][ T5087] CPU: 1 PID: 5087 Comm: syz-executor419 Not tainted 6.1.0-syzkaller-14594-g72a85e2b0a1e #0
[ 55.071052][ T5087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 55.081110][ T5087] Call Trace:
[ 55.084378][ T5087]
[ 55.087290][ T5087] dump_stack_lvl+0xd1/0x138
[ 55.091865][ T5087] print_report+0x15e/0x45d
[ 55.096368][ T5087] ? __phys_addr+0xc8/0x140
[ 55.100863][ T5087] ? leaf_paste_in_buffer+0xa2d/0xc30
[ 55.106228][ T5087] kasan_report+0xbf/0x1f0
[ 55.110627][ T5087] ? leaf_paste_in_buffer+0xa2d/0xc30
[ 55.115990][ T5087] kasan_check_range+0x141/0x190
[ 55.120916][ T5087] memcpy+0x24/0x60
[ 55.124712][ T5087] leaf_paste_in_buffer+0xa2d/0xc30
[ 55.129898][ T5087] leaf_copy_dir_entries.isra.0+0x7f3/0x980
[ 55.135789][ T5087] ? leaf_paste_entries+0x910/0x910
[ 55.140980][ T5087] ? lock_release+0x810/0x810
[ 55.145640][ T5087] leaf_move_items+0x16d2/0x3ad0
[ 55.150566][ T5087] ? rcu_read_lock_sched_held+0x3e/0x70
[ 55.156101][ T5087] ? trace_contention_end+0x153/0x1e0
[ 55.161459][ T5087] ? leaf_copy_dir_entries.isra.0+0x980/0x980
[ 55.167518][ T5087] ? __mutex_lock+0x231/0x1360
[ 55.172271][ T5087] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 55.177817][ T5087] leaf_shift_left+0xa4/0x380
[ 55.182483][ T5087] balance_leaf+0x3337/0xde40
[ 55.187149][ T5087] ? reiserfs_prepare_for_journal+0x162/0x2b0
[ 55.193208][ T5087] ? fix_nodes+0x14cf/0x8660
[ 55.197781][ T5087] ? replace_key+0x170/0x170
[ 55.202353][ T5087] do_balance+0x319/0x810
[ 55.206673][ T5087] ? get_right_neighbor_position+0x170/0x170
[ 55.212644][ T5087] ? wait_for_completion_io_timeout+0x20/0x20
[ 55.218728][ T5087] ? folio_flags.constprop.0+0x53/0x150
[ 55.224269][ T5087] reiserfs_paste_into_item+0x767/0x8e0
[ 55.229806][ T5087] ? reiserfs_delete_object+0x210/0x210
[ 55.235446][ T5087] ? scan_bitmap_block.constprop.0+0xfd0/0xfd0
[ 55.241591][ T5087] ? journal_begin+0x214/0x400
[ 55.246355][ T5087] reiserfs_get_block+0x1588/0x4150
[ 55.251545][ T5087] ? reiserfs_commit_write+0x6f0/0x6f0
[ 55.256997][ T5087] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 55.262975][ T5087] ? create_page_buffers+0x440/0x640
[ 55.268245][ T5087] ? do_raw_spin_unlock+0x175/0x230
[ 55.273428][ T5087] __block_write_begin_int+0x3bd/0x14b0
[ 55.278965][ T5087] ? reiserfs_commit_write+0x6f0/0x6f0
[ 55.284415][ T5087] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 55.289949][ T5087] ? PageHeadHuge+0x1a2/0x200
[ 55.294618][ T5087] reiserfs_write_begin+0x36e/0xa60
[ 55.299805][ T5087] generic_perform_write+0x256/0x570
[ 55.305105][ T5087] ? folio_add_wait_queue+0x1c0/0x1c0
[ 55.310464][ T5087] ? new_inode+0x280/0x280
[ 55.314875][ T5087] ? generic_write_checks+0x2c0/0x400
[ 55.320237][ T5087] __generic_file_write_iter+0x2ae/0x500
[ 55.325900][ T5087] generic_file_write_iter+0xe3/0x350
[ 55.331263][ T5087] vfs_write+0x9ed/0xdd0
[ 55.335501][ T5087] ? kernel_write+0x630/0x630
[ 55.340164][ T5087] ? find_held_lock+0x2d/0x110
[ 55.344921][ T5087] ? lock_downgrade+0x6e0/0x6e0
[ 55.349767][ T5087] ? __fget_light+0x20a/0x270
[ 55.354432][ T5087] ksys_write+0x12b/0x250
[ 55.358748][ T5087] ? __ia32_sys_read+0xb0/0xb0
[ 55.363495][ T5087] ? lockdep_hardirqs_on+0x7d/0x100
[ 55.368675][ T5087] ? _raw_spin_unlock_irq+0x2e/0x50
[ 55.373863][ T5087] ? ptrace_notify+0xfe/0x140
[ 55.378530][ T5087] do_syscall_64+0x39/0xb0
[ 55.382934][ T5087] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.388817][ T5087] RIP: 0033:0x7f7c3ba49a39
[ 55.393240][ T5087] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.412843][ T5087] RSP: 002b:00007ffdb67b2ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 55.421237][ T5087] RAX: ffffffffffffffda RBX: 000000000000d53b RCX: 00007f7c3ba49a39
[ 55.429221][ T5087] RDX: 000000000000fea7 RSI: 00000000200001c0 RDI: 0000000000000006
[ 55.437189][ T5087] RBP: 0000000000000000 R08: 00007ffdb67b2b10 R09: 00007ffdb67b2b10
[ 55.445151][ T5087] R10: 00007ffdb67b2b10 R11: 0000000000000246 R12: 00007ffdb67b2b0c
[ 55.453108][ T5087] R13: 00007ffdb67b2b40 R14: 00007ffdb67b2b20 R15: 0000000000000008
[ 55.461071][ T5087]
[ 55.464074][ T5087]
[ 55.466374][ T5087] The buggy address belongs to the physical page:
[ 55.472764][ T5087] page:ffffea0001c61ec0 refcount:3 mapcount:0 mapping:ffff888144c828f8 index:0x214 pfn:0x7187b
[ 55.483076][ T5087] memcg:ffff888140140000
[ 55.487290][ T5087] aops:def_blk_aops ino:700000
[ 55.492033][ T5087] flags: 0xfff00000002022(referenced|active|private|node=0|zone=1|lastcpupid=0x7ff)
[ 55.501399][ T5087] raw: 00fff00000002022 0000000000000000 dead000000000122 ffff888144c828f8
[ 55.509979][ T5087] raw: 0000000000000214 ffff8880725b5bc8 00000003ffffffff ffff888140140000
[ 55.518642][ T5087] page dumped because: kasan: bad access detected
[ 55.525048][ T5087] page_owner tracks the page as allocated
[ 55.530742][ T5087] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5087, tgid 5087 (syz-executor419), ts 55032122070, free_ts 54828502019
[ 55.551404][ T5087] get_page_from_freelist+0x119c/0x2ce0
[ 55.556952][ T5087] __alloc_pages+0x1cb/0x5b0
[ 55.561527][ T5087] alloc_pages+0x1aa/0x270
[ 55.565932][ T5087] folio_alloc+0x20/0x70
[ 55.570155][ T5087] filemap_alloc_folio+0x362/0x450
[ 55.575252][ T5087] __filemap_get_folio+0x32c/0xd80
[ 55.580350][ T5087] pagecache_get_page+0x2e/0x280
[ 55.585274][ T5087] __getblk_slow+0x1f4/0x1030
[ 55.589930][ T5087] __getblk_gfp+0x72/0x80
[ 55.594240][ T5087] get_empty_nodes+0x519/0x7d0
[ 55.598987][ T5087] fix_nodes+0x1c21/0x8660
[ 55.603383][ T5087] reiserfs_insert_item+0x7fc/0x11b0
[ 55.608649][ T5087] reiserfs_new_inode+0xe55/0x2190
[ 55.613744][ T5087] reiserfs_create+0x351/0x730
[ 55.618485][ T5087] lookup_open.isra.0+0xee7/0x1270
[ 55.623578][ T5087] path_openat+0x975/0x2a50
[ 55.628062][ T5087] page last free stack trace:
[ 55.632741][ T5087] free_pcp_prepare+0x65c/0xc00
[ 55.637571][ T5087] free_unref_page_list+0x176/0xcd0
[ 55.642752][ T5087] release_pages+0xcb1/0x1330
[ 55.647439][ T5087] __pagevec_release+0x77/0xe0
[ 55.652182][ T5087] truncate_inode_pages_range+0x2ec/0xec0
[ 55.657899][ T5087] blkdev_flush_mapping+0x140/0x2f0
[ 55.663090][ T5087] blkdev_put_whole+0xd1/0xf0
[ 55.667752][ T5087] blkdev_put+0x224/0x770
[ 55.672066][ T5087] deactivate_locked_super+0x98/0x160
[ 55.677433][ T5087] deactivate_super+0xb1/0xd0
[ 55.682097][ T5087] cleanup_mnt+0x2ae/0x3d0
[ 55.686509][ T5087] task_work_run+0x16f/0x270
[ 55.691087][ T5087] ptrace_notify+0x118/0x140
[ 55.695661][ T5087] syscall_exit_to_user_mode_prepare+0x129/0x280
[ 55.701985][ T5087] syscall_exit_to_user_mode+0xd/0x50
[ 55.707345][ T5087] do_syscall_64+0x46/0xb0
[ 55.711749][ T5087]
[ 55.714051][ T5087] Memory state around the buggy address:
[ 55.719656][ T5087] ffff88807187bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 55.727709][ T5087] ffff88807187bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 55.735757][ T5087] >ffff88807187c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 55.743802][ T5087] ^
[ 55.747846][ T5087] ffff88807187c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 55.755979][ T5087] ffff88807187c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 55.764017][ T5087] ==================================================================
[ 55.772768][ T5087] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 55.779986][ T5087] CPU: 1 PID: 5087 Comm: syz-executor419 Not tainted 6.1.0-syzkaller-14594-g72a85e2b0a1e #0
[ 55.790083][ T5087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 55.800173][ T5087] Call Trace:
[ 55.803466][ T5087]
[ 55.806385][ T5087] dump_stack_lvl+0xd1/0x138
[ 55.810975][ T5087] panic+0x2cc/0x626
[ 55.814875][ T5087] ? panic_print_sys_info.part.0+0x110/0x110
[ 55.820861][ T5087] ? preempt_schedule_thunk+0x1a/0x20
[ 55.826237][ T5087] ? preempt_schedule_common+0x59/0xc0
[ 55.831711][ T5087] check_panic_on_warn.cold+0x19/0x35
[ 55.837108][ T5087] end_report.part.0+0x36/0x73
[ 55.841902][ T5087] ? leaf_paste_in_buffer+0xa2d/0xc30
[ 55.847294][ T5087] kasan_report.cold+0xa/0xf
[ 55.851892][ T5087] ? leaf_paste_in_buffer+0xa2d/0xc30
[ 55.857271][ T5087] kasan_check_range+0x141/0x190
[ 55.862244][ T5087] memcpy+0x24/0x60
[ 55.866061][ T5087] leaf_paste_in_buffer+0xa2d/0xc30
[ 55.871298][ T5087] leaf_copy_dir_entries.isra.0+0x7f3/0x980
[ 55.877201][ T5087] ? leaf_paste_entries+0x910/0x910
[ 55.882400][ T5087] ? lock_release+0x810/0x810
[ 55.887073][ T5087] leaf_move_items+0x16d2/0x3ad0
[ 55.892010][ T5087] ? rcu_read_lock_sched_held+0x3e/0x70
[ 55.897569][ T5087] ? trace_contention_end+0x153/0x1e0
[ 55.902946][ T5087] ? leaf_copy_dir_entries.isra.0+0x980/0x980
[ 55.909096][ T5087] ? __mutex_lock+0x231/0x1360
[ 55.913863][ T5087] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 55.919407][ T5087] leaf_shift_left+0xa4/0x380
[ 55.924083][ T5087] balance_leaf+0x3337/0xde40
[ 55.928752][ T5087] ? reiserfs_prepare_for_journal+0x162/0x2b0
[ 55.934821][ T5087] ? fix_nodes+0x14cf/0x8660
[ 55.939401][ T5087] ? replace_key+0x170/0x170
[ 55.943986][ T5087] do_balance+0x319/0x810
[ 55.948306][ T5087] ? get_right_neighbor_position+0x170/0x170
[ 55.954272][ T5087] ? wait_for_completion_io_timeout+0x20/0x20
[ 55.960344][ T5087] ? folio_flags.constprop.0+0x53/0x150
[ 55.965980][ T5087] reiserfs_paste_into_item+0x767/0x8e0
[ 55.971531][ T5087] ? reiserfs_delete_object+0x210/0x210
[ 55.977099][ T5087] ? scan_bitmap_block.constprop.0+0xfd0/0xfd0
[ 55.983254][ T5087] ? journal_begin+0x214/0x400
[ 55.988018][ T5087] reiserfs_get_block+0x1588/0x4150
[ 55.993212][ T5087] ? reiserfs_commit_write+0x6f0/0x6f0
[ 55.998660][ T5087] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 56.004639][ T5087] ? create_page_buffers+0x440/0x640
[ 56.009917][ T5087] ? do_raw_spin_unlock+0x175/0x230
[ 56.015111][ T5087] __block_write_begin_int+0x3bd/0x14b0
[ 56.020649][ T5087] ? reiserfs_commit_write+0x6f0/0x6f0
[ 56.026109][ T5087] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 56.031651][ T5087] ? PageHeadHuge+0x1a2/0x200
[ 56.036328][ T5087] reiserfs_write_begin+0x36e/0xa60
[ 56.041523][ T5087] generic_perform_write+0x256/0x570
[ 56.046816][ T5087] ? folio_add_wait_queue+0x1c0/0x1c0
[ 56.052183][ T5087] ? new_inode+0x280/0x280
[ 56.056606][ T5087] ? generic_write_checks+0x2c0/0x400
[ 56.061977][ T5087] __generic_file_write_iter+0x2ae/0x500
[ 56.067616][ T5087] generic_file_write_iter+0xe3/0x350
[ 56.072988][ T5087] vfs_write+0x9ed/0xdd0
[ 56.077222][ T5087] ? kernel_write+0x630/0x630
[ 56.081893][ T5087] ? find_held_lock+0x2d/0x110
[ 56.086662][ T5087] ? lock_downgrade+0x6e0/0x6e0
[ 56.091502][ T5087] ? __fget_light+0x20a/0x270
[ 56.096180][ T5087] ksys_write+0x12b/0x250
[ 56.100505][ T5087] ? __ia32_sys_read+0xb0/0xb0
[ 56.105257][ T5087] ? lockdep_hardirqs_on+0x7d/0x100
[ 56.110444][ T5087] ? _raw_spin_unlock_irq+0x2e/0x50
[ 56.115635][ T5087] ? ptrace_notify+0xfe/0x140
[ 56.120303][ T5087] do_syscall_64+0x39/0xb0
[ 56.124717][ T5087] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.130601][ T5087] RIP: 0033:0x7f7c3ba49a39
[ 56.135011][ T5087] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 56.154618][ T5087] RSP: 002b:00007ffdb67b2ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 56.163023][ T5087] RAX: ffffffffffffffda RBX: 000000000000d53b RCX: 00007f7c3ba49a39
[ 56.170981][ T5087] RDX: 000000000000fea7 RSI: 00000000200001c0 RDI: 0000000000000006
[ 56.178953][ T5087] RBP: 0000000000000000 R08: 00007ffdb67b2b10 R09: 00007ffdb67b2b10
[ 56.186920][ T5087] R10: 00007ffdb67b2b10 R11: 0000000000000246 R12: 00007ffdb67b2b0c
[ 56.194883][ T5087] R13: 00007ffdb67b2b40 R14: 00007ffdb67b2b20 R15: 0000000000000008
[ 56.202847][ T5087]
[ 56.206696][ T5087] Kernel Offset: disabled
[ 56.211048][ T5087] Rebooting in 86400 seconds..