./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1565269084

<...>
Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts.
execve("./syz-executor1565269084", ["./syz-executor1565269084"], 0x7ffdd7cf9250 /* 10 vars */) = 0
brk(NULL)                               = 0x5555558f3000
brk(0x5555558f3d00)                     = 0x5555558f3d00
arch_prctl(ARCH_SET_FS, 0x5555558f3380) = 0
set_tid_address(0x5555558f3650)         = 5060
set_robust_list(0x5555558f3660, 24)     = 0
rseq(0x5555558f3ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1565269084", 4096) = 28
getrandom("\x50\xe3\xe8\x98\xfb\xc8\x64\x4a", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555558f3d00
brk(0x555555914d00)                     = 0x555555914d00
brk(0x555555915000)                     = 0x555555915000
mprotect(0x7f1aad322000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.GaGggI", 0700)       = 0
chmod("./syzkaller.GaGggI", 0777)       = 0
chdir("./syzkaller.GaGggI")             = 0
mkdir("./0", 0777)                      = 0
[   79.754425][   T27] audit: type=1400 audit(1702832622.571:83): avc:  denied  { execmem } for  pid=5060 comm="syz-executor156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558f3650) = 5061
./strace-static-x86_64: Process 5061 attached
[pid  5061] set_robust_list(0x5555558f3660, 24) = 0
[pid  5061] chdir("./0")                = 0
[pid  5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5061] setpgid(0, 0)               = 0
[pid  5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5061] write(3, "1000", 4)         = 4
[pid  5061] close(3)                    = 0
[pid  5061] symlink("/dev/binderfs", "./binderfs") = 0
[   79.795324][   T27] audit: type=1400 audit(1702832622.611:84): avc:  denied  { read write } for  pid=5060 comm="syz-executor156" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   79.820474][   T27] audit: type=1400 audit(1702832622.611:85): avc:  denied  { open } for  pid=5060 comm="syz-executor156" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid  5061] memfd_create("syzkaller", 0) = 3
[pid  5061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[   79.846519][   T27] audit: type=1400 audit(1702832622.611:86): avc:  denied  { ioctl } for  pid=5060 comm="syz-executor156" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid  5061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5061] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5061] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5061] close(3)                    = 0
[pid  5061] mkdir("./file0", 0777)      = 0
[   79.950742][ T5061] loop0: detected capacity change from 0 to 8192
[   79.976847][   T27] audit: type=1400 audit(1702832622.791:87): avc:  denied  { mounton } for  pid=5061 comm="syz-executor156" path="/root/syzkaller.GaGggI/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   79.981842][ T5061] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   80.014688][ T5061] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   80.024350][ T5061] REISERFS (device loop0): using ordered data mode
[   80.030871][ T5061] reiserfs: using flush barriers
[   80.038226][ T5061] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   80.055057][ T5061] REISERFS (device loop0): checking transaction log (loop0)
[pid  5061] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5061] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5061] chdir("./file0")            = 0
[pid  5061] ioctl(4, LOOP_CLR_FD)       = 0
[   80.110696][ T5061] REISERFS (device loop0): Using r5 hash to sort names
[   80.117933][ T5061] REISERFS (device loop0): using 3.5.x disk format
[   80.125759][ T5061] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[   80.136058][   T27] audit: type=1400 audit(1702832622.961:88): avc:  denied  { mount } for  pid=5061 comm="syz-executor156" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[pid  5061] close(4)                    = 0
[pid  5061] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5061] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5061] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[   80.222981][   T27] audit: type=1800 audit(1702832623.021:89): pid=5061 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   80.245641][   T27] audit: type=1800 audit(1702832623.041:90): pid=5061 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[pid  5061] ftruncate(4, 33587199)      = 0
[pid  5061] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5061] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5061] exit_group(0)               = ?
[pid  5061] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5061, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} ---
[   80.267721][   T27] audit: type=1800 audit(1702832623.071:91): pid=5061 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   80.289757][   T27] audit: type=1400 audit(1702832623.091:92): avc:  denied  { append } for  pid=4492 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs")                  = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file0")                      = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5064 attached
, child_tidptr=0x5555558f3650) = 5064
[pid  5064] set_robust_list(0x5555558f3660, 24) = 0
[pid  5064] chdir("./1")                = 0
[pid  5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5064] setpgid(0, 0)               = 0
[pid  5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5064] write(3, "1000", 4)         = 4
[pid  5064] close(3)                    = 0
[pid  5064] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5064] memfd_create("syzkaller", 0) = 3
[pid  5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5064] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5064] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5064] close(3)                    = 0
[pid  5064] mkdir("./file0", 0777)      = 0
[   80.731138][ T5064] loop0: detected capacity change from 0 to 8192
[   80.753154][ T5064] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   80.766609][ T5064] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   80.776090][ T5064] REISERFS (device loop0): using ordered data mode
[   80.782613][ T5064] reiserfs: using flush barriers
[   80.789676][ T5064] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   80.806403][ T5064] REISERFS (device loop0): checking transaction log (loop0)
[pid  5064] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5064] chdir("./file0")            = 0
[pid  5064] ioctl(4, LOOP_CLR_FD)       = 0
[   80.864817][ T5064] REISERFS (device loop0): Using r5 hash to sort names
[   80.871705][ T5064] REISERFS (device loop0): using 3.5.x disk format
[   80.878827][ T5064] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5064] close(4)                    = 0
[pid  5064] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5064] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5064] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5064] ftruncate(4, 33587199)      = 0
[pid  5064] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5064] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5064] exit_group(0)               = ?
[pid  5064] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs")                  = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file0")                      = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached
, child_tidptr=0x5555558f3650) = 5066
[pid  5066] set_robust_list(0x5555558f3660, 24) = 0
[pid  5066] chdir("./2")                = 0
[pid  5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5066] setpgid(0, 0)               = 0
[pid  5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5066] write(3, "1000", 4)         = 4
[pid  5066] close(3)                    = 0
[pid  5066] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5066] memfd_create("syzkaller", 0) = 3
[pid  5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5066] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5066] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5066] close(3)                    = 0
[pid  5066] mkdir("./file0", 0777)      = 0
[   81.379852][ T5066] loop0: detected capacity change from 0 to 8192
[   81.405247][ T5066] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   81.418471][ T5066] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   81.427951][ T5066] REISERFS (device loop0): using ordered data mode
[   81.434535][ T5066] reiserfs: using flush barriers
[   81.441060][ T5066] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   81.457680][ T5066] REISERFS (device loop0): checking transaction log (loop0)
[pid  5066] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5066] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5066] chdir("./file0")            = 0
[   81.515497][ T5066] REISERFS (device loop0): Using r5 hash to sort names
[   81.522467][ T5066] REISERFS (device loop0): using 3.5.x disk format
[   81.529429][ T5066] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5066] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5066] close(4)                    = 0
[pid  5066] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5066] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5066] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5066] ftruncate(4, 33587199)      = 0
[pid  5066] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5066] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5066] exit_group(0)               = ?
[pid  5066] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs")                  = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./2/file0")                      = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached
, child_tidptr=0x5555558f3650) = 5068
[pid  5068] set_robust_list(0x5555558f3660, 24) = 0
[pid  5068] chdir("./3")                = 0
[pid  5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5068] setpgid(0, 0)               = 0
[pid  5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1000", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5068] memfd_create("syzkaller", 0) = 3
[pid  5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5068] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5068] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5068] close(3)                    = 0
[pid  5068] mkdir("./file0", 0777)      = 0
[   82.041095][ T5068] loop0: detected capacity change from 0 to 8192
[   82.056227][ T5068] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   82.069260][ T5068] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   82.078542][ T5068] REISERFS (device loop0): using ordered data mode
[   82.086093][ T5068] reiserfs: using flush barriers
[   82.094093][ T5068] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   82.111409][ T5068] REISERFS (device loop0): checking transaction log (loop0)
[pid  5068] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5068] chdir("./file0")            = 0
[   82.216468][ T5068] REISERFS (device loop0): Using r5 hash to sort names
[   82.224317][ T5068] REISERFS (device loop0): using 3.5.x disk format
[   82.231716][ T5068] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5068] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5068] close(4)                    = 0
[pid  5068] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5068] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5068] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5068] ftruncate(4, 33587199)      = 0
[pid  5068] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5068] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5068] exit_group(0)               = ?
[pid  5068] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs")                  = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./3/file0")                      = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./3")                            = 0
mkdir("./4", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558f3650) = 5070
./strace-static-x86_64: Process 5070 attached
[pid  5070] set_robust_list(0x5555558f3660, 24) = 0
[pid  5070] chdir("./4")                = 0
[pid  5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5070] setpgid(0, 0)               = 0
[pid  5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5070] write(3, "1000", 4)         = 4
[pid  5070] close(3)                    = 0
[pid  5070] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5070] memfd_create("syzkaller", 0) = 3
[pid  5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5070] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5070] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5070] close(3)                    = 0
[pid  5070] mkdir("./file0", 0777)      = 0
[   82.621602][ T5070] loop0: detected capacity change from 0 to 8192
[   82.637507][ T5070] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   82.650839][ T5070] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   82.660194][ T5070] REISERFS (device loop0): using ordered data mode
[   82.666856][ T5070] reiserfs: using flush barriers
[   82.673677][ T5070] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   82.690335][ T5070] REISERFS (device loop0): checking transaction log (loop0)
[pid  5070] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5070] chdir("./file0")            = 0
[pid  5070] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5070] close(4)                    = 0
[pid  5070] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5070] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5070] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5070] ftruncate(4, 33587199)      = 0
[   82.752718][ T5070] REISERFS (device loop0): Using r5 hash to sort names
[   82.759768][ T5070] REISERFS (device loop0): using 3.5.x disk format
[   82.766626][ T5070] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5070] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5070] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5070] exit_group(0)               = ?
[pid  5070] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs")                  = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./4/file0")                      = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./4")                            = 0
mkdir("./5", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5072 attached
, child_tidptr=0x5555558f3650) = 5072
[pid  5072] set_robust_list(0x5555558f3660, 24) = 0
[pid  5072] chdir("./5")                = 0
[pid  5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5072] setpgid(0, 0)               = 0
[pid  5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5072] write(3, "1000", 4)         = 4
[pid  5072] close(3)                    = 0
[pid  5072] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5072] memfd_create("syzkaller", 0) = 3
[pid  5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5072] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5072] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5072] close(3)                    = 0
[pid  5072] mkdir("./file0", 0777)      = 0
[   83.207342][ T5072] loop0: detected capacity change from 0 to 8192
[   83.223420][ T5072] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   83.236678][ T5072] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   83.246736][ T5072] REISERFS (device loop0): using ordered data mode
[   83.253370][ T5072] reiserfs: using flush barriers
[   83.259659][ T5072] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   83.277623][ T5072] REISERFS (device loop0): checking transaction log (loop0)
[pid  5072] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5072] chdir("./file0")            = 0
[pid  5072] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5072] close(4)                    = 0
[pid  5072] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[   83.335313][ T5072] REISERFS (device loop0): Using r5 hash to sort names
[   83.342215][ T5072] REISERFS (device loop0): using 3.5.x disk format
[   83.349990][ T5072] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5072] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5072] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5072] ftruncate(4, 33587199)      = 0
[pid  5072] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5072] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5072] exit_group(0)               = ?
[pid  5072] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs")                  = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./5/file0")                      = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./5")                            = 0
mkdir("./6", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached
 <unfinished ...>
[pid  5074] set_robust_list(0x5555558f3660, 24 <unfinished ...>
[pid  5060] <... clone resumed>, child_tidptr=0x5555558f3650) = 5074
[pid  5074] <... set_robust_list resumed>) = 0
[pid  5074] chdir("./6")                = 0
[pid  5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5074] setpgid(0, 0)               = 0
[pid  5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5074] write(3, "1000", 4)         = 4
[pid  5074] close(3)                    = 0
[pid  5074] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5074] memfd_create("syzkaller", 0) = 3
[pid  5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5074] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5074] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5074] close(3)                    = 0
[pid  5074] mkdir("./file0", 0777)      = 0
[   83.818505][ T5074] loop0: detected capacity change from 0 to 8192
[   83.839377][ T5074] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   83.852518][ T5074] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   83.861827][ T5074] REISERFS (device loop0): using ordered data mode
[   83.868464][ T5074] reiserfs: using flush barriers
[   83.875032][ T5074] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   83.891972][ T5074] REISERFS (device loop0): checking transaction log (loop0)
[pid  5074] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5074] chdir("./file0")            = 0
[pid  5074] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5074] close(4)                    = 0
[pid  5074] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[   83.947520][ T5074] REISERFS (device loop0): Using r5 hash to sort names
[   83.954471][ T5074] REISERFS (device loop0): using 3.5.x disk format
[   83.961460][ T5074] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5074] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5074] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5074] ftruncate(4, 33587199)      = 0
[pid  5074] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5074] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5074] exit_group(0)               = ?
[pid  5074] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} ---
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs")                  = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./6/file0")                      = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./6")                            = 0
mkdir("./7", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached
, child_tidptr=0x5555558f3650) = 5076
[pid  5076] set_robust_list(0x5555558f3660, 24) = 0
[pid  5076] chdir("./7")                = 0
[pid  5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5076] setpgid(0, 0)               = 0
[pid  5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5076] write(3, "1000", 4)         = 4
[pid  5076] close(3)                    = 0
[pid  5076] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5076] memfd_create("syzkaller", 0) = 3
[pid  5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5076] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5076] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5076] close(3)                    = 0
[pid  5076] mkdir("./file0", 0777)      = 0
[   84.433804][ T5076] loop0: detected capacity change from 0 to 8192
[   84.455101][ T5076] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   84.468121][ T5076] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   84.477349][ T5076] REISERFS (device loop0): using ordered data mode
[   84.483930][ T5076] reiserfs: using flush barriers
[   84.490473][ T5076] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   84.507249][ T5076] REISERFS (device loop0): checking transaction log (loop0)
[pid  5076] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5076] chdir("./file0")            = 0
[pid  5076] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5076] close(4)                    = 0
[   84.573405][ T5076] REISERFS (device loop0): Using r5 hash to sort names
[   84.580293][ T5076] REISERFS (device loop0): using 3.5.x disk format
[   84.587251][ T5076] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5076] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5076] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5076] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5076] ftruncate(4, 33587199)      = 0
[pid  5076] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5076] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5076] exit_group(0)               = ?
[pid  5076] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs")                  = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./7/file0")                      = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./7")                            = 0
mkdir("./8", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached
, child_tidptr=0x5555558f3650) = 5078
[pid  5078] set_robust_list(0x5555558f3660, 24) = 0
[pid  5078] chdir("./8")                = 0
[pid  5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5078] setpgid(0, 0)               = 0
[pid  5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5078] write(3, "1000", 4)         = 4
[pid  5078] close(3)                    = 0
[pid  5078] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5078] memfd_create("syzkaller", 0) = 3
[pid  5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5078] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5078] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5078] close(3)                    = 0
[pid  5078] mkdir("./file0", 0777)      = 0
[   85.028029][ T5078] loop0: detected capacity change from 0 to 8192
[   85.053368][ T5078] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   85.066392][ T5078] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   85.075828][ T5078] REISERFS (device loop0): using ordered data mode
[   85.082447][ T5078] reiserfs: using flush barriers
[   85.089509][ T5078] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   85.106021][ T5078] REISERFS (device loop0): checking transaction log (loop0)
[pid  5078] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5078] chdir("./file0")            = 0
[pid  5078] ioctl(4, LOOP_CLR_FD)       = 0
[   85.165454][ T5078] REISERFS (device loop0): Using r5 hash to sort names
[   85.172466][ T5078] REISERFS (device loop0): using 3.5.x disk format
[   85.179518][ T5078] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5078] close(4)                    = 0
[pid  5078] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[   85.227506][   T27] kauditd_printk_skb: 32 callbacks suppressed
[   85.227520][   T27] audit: type=1800 audit(1702832628.041:125): pid=5078 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[pid  5078] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5078] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5078] ftruncate(4, 33587199)      = 0
[pid  5078] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[   85.257811][   T27] audit: type=1800 audit(1702832628.081:126): pid=5078 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   85.281339][   T27] audit: type=1800 audit(1702832628.101:127): pid=5078 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[pid  5078] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5078] exit_group(0)               = ?
[pid  5078] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[   85.309715][   T27] audit: type=1800 audit(1702832628.121:128): pid=5078 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs")                  = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./8/file0")                      = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./8")                            = 0
mkdir("./9", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached
, child_tidptr=0x5555558f3650) = 5080
[pid  5080] set_robust_list(0x5555558f3660, 24) = 0
[pid  5080] chdir("./9")                = 0
[pid  5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5080] setpgid(0, 0)               = 0
[pid  5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5080] write(3, "1000", 4)         = 4
[pid  5080] close(3)                    = 0
[pid  5080] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5080] memfd_create("syzkaller", 0) = 3
[pid  5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5080] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5080] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5080] close(3)                    = 0
[pid  5080] mkdir("./file0", 0777)      = 0
[   85.716129][ T5080] loop0: detected capacity change from 0 to 8192
[   85.741075][ T5080] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   85.754150][ T5080] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   85.763988][ T5080] REISERFS (device loop0): using ordered data mode
[   85.770872][ T5080] reiserfs: using flush barriers
[   85.777873][ T5080] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   85.794409][ T5080] REISERFS (device loop0): checking transaction log (loop0)
[pid  5080] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5080] chdir("./file0")            = 0
[pid  5080] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5080] close(4)                    = 0
[   85.848927][ T5080] REISERFS (device loop0): Using r5 hash to sort names
[   85.855917][ T5080] REISERFS (device loop0): using 3.5.x disk format
[   85.862734][ T5080] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5080] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5080] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5080] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5080] ftruncate(4, 33587199)      = 0
[   85.905136][   T27] audit: type=1800 audit(1702832628.721:129): pid=5080 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   85.928084][   T27] audit: type=1800 audit(1702832628.721:130): pid=5080 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[pid  5080] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5080] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5080] exit_group(0)               = ?
[pid  5080] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[   85.950886][   T27] audit: type=1800 audit(1702832628.751:131): pid=5080 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   85.973391][   T27] audit: type=1800 audit(1702832628.771:132): pid=5080 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs")                  = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./9/file0")                      = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./9")                            = 0
mkdir("./10", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached
, child_tidptr=0x5555558f3650) = 5082
[pid  5082] set_robust_list(0x5555558f3660, 24) = 0
[pid  5082] chdir("./10")               = 0
[pid  5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5082] setpgid(0, 0)               = 0
[pid  5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5082] write(3, "1000", 4)         = 4
[pid  5082] close(3)                    = 0
[pid  5082] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5082] memfd_create("syzkaller", 0) = 3
[pid  5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5082] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5082] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5082] close(3)                    = 0
[pid  5082] mkdir("./file0", 0777)      = 0
[   86.399434][ T5082] loop0: detected capacity change from 0 to 8192
[   86.425566][ T5082] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   86.438599][ T5082] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   86.447905][ T5082] REISERFS (device loop0): using ordered data mode
[   86.454458][ T5082] reiserfs: using flush barriers
[   86.460926][ T5082] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   86.478223][ T5082] REISERFS (device loop0): checking transaction log (loop0)
[pid  5082] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5082] chdir("./file0")            = 0
[pid  5082] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5082] close(4)                    = 0
[   86.539400][ T5082] REISERFS (device loop0): Using r5 hash to sort names
[   86.546316][ T5082] REISERFS (device loop0): using 3.5.x disk format
[   86.553378][ T5082] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5082] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5082] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5082] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5082] ftruncate(4, 33587199)      = 0
[   86.610444][   T27] audit: type=1800 audit(1702832629.421:133): pid=5082 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   86.633733][   T27] audit: type=1800 audit(1702832629.421:134): pid=5082 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[pid  5082] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5082] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5082] exit_group(0)               = ?
[pid  5082] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs")                 = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./10/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./10")                           = 0
mkdir("./11", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached
 <unfinished ...>
[pid  5084] set_robust_list(0x5555558f3660, 24) = 0
[pid  5060] <... clone resumed>, child_tidptr=0x5555558f3650) = 5084
[pid  5084] chdir("./11")               = 0
[pid  5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5084] setpgid(0, 0)               = 0
[pid  5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5084] write(3, "1000", 4)         = 4
[pid  5084] close(3)                    = 0
[pid  5084] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5084] memfd_create("syzkaller", 0) = 3
[pid  5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5084] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5084] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5084] close(3)                    = 0
[pid  5084] mkdir("./file0", 0777)      = 0
[   87.102465][ T5084] loop0: detected capacity change from 0 to 8192
[   87.124252][ T5084] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   87.137318][ T5084] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   87.146697][ T5084] REISERFS (device loop0): using ordered data mode
[   87.153362][ T5084] reiserfs: using flush barriers
[   87.159844][ T5084] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   87.176622][ T5084] REISERFS (device loop0): checking transaction log (loop0)
[   87.204868][ T1137] cfg80211: failed to load regulatory.db
[pid  5084] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5084] chdir("./file0")            = 0
[pid  5084] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5084] close(4)                    = 0
[   87.246611][ T5084] REISERFS (device loop0): Using r5 hash to sort names
[   87.253646][ T5084] REISERFS (device loop0): using 3.5.x disk format
[   87.260505][ T5084] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5084] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5084] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5084] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5084] ftruncate(4, 33587199)      = 0
[pid  5084] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5084] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5084] exit_group(0)               = ?
[pid  5084] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} ---
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs")                 = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./11/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./11")                           = 0
mkdir("./12", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached
, child_tidptr=0x5555558f3650) = 5086
[pid  5086] set_robust_list(0x5555558f3660, 24) = 0
[pid  5086] chdir("./12")               = 0
[pid  5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5086] setpgid(0, 0)               = 0
[pid  5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5086] write(3, "1000", 4)         = 4
[pid  5086] close(3)                    = 0
[pid  5086] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5086] memfd_create("syzkaller", 0) = 3
[pid  5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5086] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5086] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5086] close(3)                    = 0
[pid  5086] mkdir("./file0", 0777)      = 0
[   87.751198][ T5086] loop0: detected capacity change from 0 to 8192
[   87.767586][ T5086] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   87.780773][ T5086] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   87.790237][ T5086] REISERFS (device loop0): using ordered data mode
[   87.796779][ T5086] reiserfs: using flush barriers
[   87.803578][ T5086] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   87.820216][ T5086] REISERFS (device loop0): checking transaction log (loop0)
[pid  5086] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5086] chdir("./file0")            = 0
[pid  5086] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5086] close(4)                    = 0
[pid  5086] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[   87.886012][ T5086] REISERFS (device loop0): Using r5 hash to sort names
[   87.893113][ T5086] REISERFS (device loop0): using 3.5.x disk format
[   87.900050][ T5086] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5086] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5086] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5086] ftruncate(4, 33587199)      = 0
[pid  5086] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5086] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5086] exit_group(0)               = ?
[pid  5086] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs")                 = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./12/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./12")                           = 0
mkdir("./13", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached
, child_tidptr=0x5555558f3650) = 5088
[pid  5088] set_robust_list(0x5555558f3660, 24) = 0
[pid  5088] chdir("./13")               = 0
[pid  5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5088] setpgid(0, 0)               = 0
[pid  5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5088] write(3, "1000", 4)         = 4
[pid  5088] close(3)                    = 0
[pid  5088] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5088] memfd_create("syzkaller", 0) = 3
[pid  5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5088] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5088] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5088] close(3)                    = 0
[pid  5088] mkdir("./file0", 0777)      = 0
[   88.341140][ T5088] loop0: detected capacity change from 0 to 8192
[   88.367243][ T5088] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   88.380517][ T5088] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   88.389871][ T5088] REISERFS (device loop0): using ordered data mode
[   88.396596][ T5088] reiserfs: using flush barriers
[   88.403941][ T5088] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   88.420518][ T5088] REISERFS (device loop0): checking transaction log (loop0)
[pid  5088] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5088] chdir("./file0")            = 0
[pid  5088] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5088] close(4)                    = 0
[pid  5088] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[   88.473483][ T5088] REISERFS (device loop0): Using r5 hash to sort names
[   88.480469][ T5088] REISERFS (device loop0): using 3.5.x disk format
[   88.487658][ T5088] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5088] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5088] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5088] ftruncate(4, 33587199)      = 0
[pid  5088] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5088] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5088] exit_group(0)               = ?
[pid  5088] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs")                 = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./13/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./13")                           = 0
mkdir("./14", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached
, child_tidptr=0x5555558f3650) = 5090
[pid  5090] set_robust_list(0x5555558f3660, 24) = 0
[pid  5090] chdir("./14")               = 0
[pid  5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5090] setpgid(0, 0)               = 0
[pid  5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5090] write(3, "1000", 4)         = 4
[pid  5090] close(3)                    = 0
[pid  5090] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5090] memfd_create("syzkaller", 0) = 3
[pid  5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5090] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5090] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5090] close(3)                    = 0
[pid  5090] mkdir("./file0", 0777)      = 0
[   88.941461][ T5090] loop0: detected capacity change from 0 to 8192
[   88.957246][ T5090] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   88.970406][ T5090] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   88.979715][ T5090] REISERFS (device loop0): using ordered data mode
[   88.986233][ T5090] reiserfs: using flush barriers
[   88.992755][ T5090] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   89.013473][ T5090] REISERFS (device loop0): checking transaction log (loop0)
[pid  5090] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5090] chdir("./file0")            = 0
[pid  5090] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5090] close(4)                    = 0
[   89.077216][ T5090] REISERFS (device loop0): Using r5 hash to sort names
[   89.084140][ T5090] REISERFS (device loop0): using 3.5.x disk format
[   89.090896][ T5090] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5090] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5090] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5090] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5090] ftruncate(4, 33587199)      = 0
[   89.188169][ T5090] 
[   89.190521][ T5090] ======================================================
[   89.197529][ T5090] WARNING: possible circular locking dependency detected
[   89.204561][ T5090] 6.7.0-rc5-syzkaller-00230-g3b8a9b2e6809 #0 Not tainted
[   89.211586][ T5090] ------------------------------------------------------
[   89.218685][ T5090] syz-executor156/5090 is trying to acquire lock:
[   89.225084][ T5090] ffff888019696090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x79/0x100
[   89.234265][ T5090] 
[   89.234265][ T5090] but task is already holding lock:
[   89.241618][ T5090] ffff888029a94510 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x17a/0x380
[   89.250681][ T5090] 
[   89.250681][ T5090] which lock already depends on the new lock.
[   89.250681][ T5090] 
[   89.261281][ T5090] 
[   89.261281][ T5090] the existing dependency chain (in reverse order) is:
[   89.270292][ T5090] 
[   89.270292][ T5090] -> #2 (sb_pagefaults){.+.+}-{0:0}:
[   89.277759][ T5090]        filemap_page_mkwrite+0x174/0x7a0
[   89.283486][ T5090]        do_page_mkwrite+0x17a/0x380
[   89.288955][ T5090]        __handle_mm_fault+0x2a3b/0x3d70
[   89.294590][ T5090]        handle_mm_fault+0x47a/0xa10
[   89.299880][ T5090]        do_user_addr_fault+0x3d1/0x1000
[   89.305579][ T5090]        exc_page_fault+0x5d/0xc0
[   89.310916][ T5090]        asm_exc_page_fault+0x26/0x30
[   89.316298][ T5090] 
[   89.316298][ T5090] -> #1 (&mm->mmap_lock){++++}-{3:3}:
[   89.323855][ T5090]        __might_fault+0x11f/0x1a0
[   89.329059][ T5090]        reiserfs_ioctl+0x1c4/0x2e0
[   89.334341][ T5090]        __x64_sys_ioctl+0x18f/0x210
[   89.339622][ T5090]        do_syscall_64+0x40/0x110
[   89.344663][ T5090]        entry_SYSCALL_64_after_hwframe+0x63/0x6b
[   89.351527][ T5090] 
[   89.351527][ T5090] -> #0 (&sbi->lock){+.+.}-{3:3}:
[   89.358744][ T5090]        __lock_acquire+0x2433/0x3b20
[   89.364132][ T5090]        lock_acquire+0x1ae/0x520
[   89.369175][ T5090]        __mutex_lock+0x175/0x9d0
[   89.374208][ T5090]        reiserfs_write_lock+0x79/0x100
[   89.379840][ T5090]        reiserfs_dirty_inode+0xe6/0x270
[   89.385484][ T5090]        __mark_inode_dirty+0x1e0/0xd60
[   89.391036][ T5090]        generic_update_time+0xcf/0xf0
[   89.396501][ T5090]        file_update_time+0x12c/0x160
[   89.401877][ T5090]        filemap_page_mkwrite+0x295/0x7a0
[   89.407611][ T5090]        do_page_mkwrite+0x17a/0x380
[   89.412983][ T5090]        __handle_mm_fault+0x2a3b/0x3d70
[   89.418620][ T5090]        handle_mm_fault+0x47a/0xa10
[   89.423905][ T5090]        do_user_addr_fault+0x3d1/0x1000
[   89.429548][ T5090]        exc_page_fault+0x5d/0xc0
[   89.434580][ T5090]        asm_exc_page_fault+0x26/0x30
[   89.439962][ T5090] 
[   89.439962][ T5090] other info that might help us debug this:
[   89.439962][ T5090] 
[   89.450185][ T5090] Chain exists of:
[   89.450185][ T5090]   &sbi->lock --> &mm->mmap_lock --> sb_pagefaults
[   89.450185][ T5090] 
[   89.462631][ T5090]  Possible unsafe locking scenario:
[   89.462631][ T5090] 
[   89.470081][ T5090]        CPU0                    CPU1
[   89.475437][ T5090]        ----                    ----
[   89.480788][ T5090]   rlock(sb_pagefaults);
[   89.485112][ T5090]                                lock(&mm->mmap_lock);
[   89.491952][ T5090]                                lock(sb_pagefaults);
[   89.498713][ T5090]   lock(&sbi->lock);
[   89.502692][ T5090] 
[   89.502692][ T5090]  *** DEADLOCK ***
[   89.502692][ T5090] 
[   89.510833][ T5090] 2 locks held by syz-executor156/5090:
[   89.516394][ T5090]  #0: ffff888018b7f6a0 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x35/0x580
[   89.526416][ T5090]  #1: ffff888029a94510 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x17a/0x380
[   89.536016][ T5090] 
[   89.536016][ T5090] stack backtrace:
[   89.541897][ T5090] CPU: 1 PID: 5090 Comm: syz-executor156 Not tainted 6.7.0-rc5-syzkaller-00230-g3b8a9b2e6809 #0
[   89.552576][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[   89.562901][ T5090] Call Trace:
[   89.566206][ T5090]  <TASK>
[   89.569147][ T5090]  dump_stack_lvl+0xd9/0x1b0
[   89.573748][ T5090]  check_noncircular+0x317/0x400
[   89.578697][ T5090]  ? print_circular_bug+0x5c0/0x5c0
[   89.583900][ T5090]  ? hlock_class+0x4e/0x130
[   89.588406][ T5090]  ? mark_lock+0xb5/0xc50
[   89.592742][ T5090]  ? lockdep_lock+0xc6/0x200
[   89.597344][ T5090]  ? hlock_class+0x130/0x130
[   89.601945][ T5090]  __lock_acquire+0x2433/0x3b20
[   89.606822][ T5090]  ? lockdep_hardirqs_on_prepare+0x420/0x420
[   89.612898][ T5090]  lock_acquire+0x1ae/0x520
[   89.617407][ T5090]  ? reiserfs_write_lock+0x79/0x100
[   89.622610][ T5090]  ? lock_sync+0x190/0x190
[   89.627029][ T5090]  ? preempt_count_sub+0x160/0x160
[   89.632136][ T5090]  ? lockdep_hardirqs_on_prepare+0x420/0x420
[   89.638126][ T5090]  __mutex_lock+0x175/0x9d0
[   89.642649][ T5090]  ? reiserfs_write_lock+0x79/0x100
[   89.647849][ T5090]  ? reiserfs_write_lock+0x79/0x100
[   89.653045][ T5090]  ? find_held_lock+0x2d/0x110
[   89.658421][ T5090]  ? mutex_trylock+0x130/0x130
[   89.663283][ T5090]  ? timestamp_truncate+0x21f/0x2d0
[   89.668487][ T5090]  ? reiserfs_write_lock+0x79/0x100
[   89.673697][ T5090]  reiserfs_write_lock+0x79/0x100
[   89.678721][ T5090]  reiserfs_dirty_inode+0xe6/0x270
[   89.683833][ T5090]  ? reiserfs_unfreeze+0xa0/0xa0
[   89.688770][ T5090]  ? mode_strip_sgid+0x1c0/0x1c0
[   89.693715][ T5090]  ? reiserfs_unfreeze+0xa0/0xa0
[   89.698665][ T5090]  __mark_inode_dirty+0x1e0/0xd60
[   89.703867][ T5090]  generic_update_time+0xcf/0xf0
[   89.708823][ T5090]  file_update_time+0x12c/0x160
[   89.713680][ T5090]  filemap_page_mkwrite+0x295/0x7a0
[   89.718886][ T5090]  do_page_mkwrite+0x17a/0x380
[   89.723650][ T5090]  __handle_mm_fault+0x2a3b/0x3d70
[   89.728764][ T5090]  ? vm_iomap_memory+0x170/0x170
[   89.733707][ T5090]  ? find_vma+0x112/0x1b0
[   89.738037][ T5090]  ? get_unmapped_area+0x3e0/0x3e0
[   89.743152][ T5090]  handle_mm_fault+0x47a/0xa10
[   89.747921][ T5090]  ? lock_mm_and_find_vma+0xa6/0x580
[   89.753209][ T5090]  do_user_addr_fault+0x3d1/0x1000
[   89.758321][ T5090]  exc_page_fault+0x5d/0xc0
[   89.762828][ T5090]  asm_exc_page_fault+0x26/0x30
[   89.767693][ T5090] RIP: 0033:0x7f1aad278e00
[pid  5090] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5090] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5090] exit_group(0)               = ?
[pid  5090] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} ---
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[   89.772214][ T5090] Code: 09 00 00 00 e8 f1 43 03 00 48 8b 35 1a d3 0a 00 ba ff 7f 00 02 31 c0 bf 4d 00 00 00 e8 d9 43 03 00 31 c9 ba 42 da 14 00 31 c0 <c7> 04 25 c0 00 00 20 2e 2f 62 75 be c0 00 00 20 bf 02 00 00 00 66
[   89.791846][ T5090] RSP: 002b:00007ffe591027b0 EFLAGS: 00010246
[   89.797919][ T5090] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[   89.806041][ T5090] RDX: 000000000014da42 RSI: 0000000002007fff RDI: 0000000000000004
[   89.814022][ T5090] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   89.821999][ T5090] R10: 0000000000000005 R11: 0000000000000246 R12: 00007ffe591027dc
[   89.829972][ T5090] R13: 000000000000000e R14: 431bde82d7b634db R15: 00007ffe59102810
[   89.837945][ T5090]  </TASK>
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs")                 = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./14/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./14")                           = 0
mkdir("./15", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached
 <unfinished ...>
[pid  5092] set_robust_list(0x5555558f3660, 24) = 0
[pid  5092] chdir("./15")               = 0
[pid  5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5092] setpgid(0, 0)               = 0
[pid  5060] <... clone resumed>, child_tidptr=0x5555558f3650) = 5092
[pid  5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5092] write(3, "1000", 4)         = 4
[pid  5092] close(3)                    = 0
[pid  5092] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5092] memfd_create("syzkaller", 0) = 3
[pid  5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5092] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5092] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5092] close(3)                    = 0
[pid  5092] mkdir("./file0", 0777)      = 0
[   90.104758][ T5092] loop0: detected capacity change from 0 to 8192
[   90.120655][ T5092] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   90.133751][ T5092] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   90.143138][ T5092] REISERFS (device loop0): using ordered data mode
[   90.149746][ T5092] reiserfs: using flush barriers
[   90.157754][ T5092] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   90.174603][ T5092] REISERFS (device loop0): checking transaction log (loop0)
[pid  5092] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5092] chdir("./file0")            = 0
[pid  5092] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5092] close(4)                    = 0
[   90.226257][ T5092] REISERFS (device loop0): Using r5 hash to sort names
[   90.233194][ T5092] REISERFS (device loop0): using 3.5.x disk format
[   90.240080][ T5092] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5092] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5092] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5092] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5092] ftruncate(4, 33587199)      = 0
[   90.274170][   T27] kauditd_printk_skb: 18 callbacks suppressed
[   90.274186][   T27] audit: type=1800 audit(1702832633.091:153): pid=5092 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[pid  5092] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5092] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5092] exit_group(0)               = ?
[pid  5092] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[   90.303426][   T27] audit: type=1800 audit(1702832633.091:154): pid=5092 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   90.326994][   T27] audit: type=1800 audit(1702832633.091:155): pid=5092 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   90.348820][   T27] audit: type=1800 audit(1702832633.151:156): pid=5092 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs")                 = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./15/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./15")                           = 0
mkdir("./16", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5094 attached
, child_tidptr=0x5555558f3650) = 5094
[pid  5094] set_robust_list(0x5555558f3660, 24) = 0
[pid  5094] chdir("./16")               = 0
[pid  5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5094] setpgid(0, 0)               = 0
[pid  5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5094] write(3, "1000", 4)         = 4
[pid  5094] close(3)                    = 0
[pid  5094] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5094] memfd_create("syzkaller", 0) = 3
[pid  5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5094] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5094] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5094] close(3)                    = 0
[pid  5094] mkdir("./file0", 0777)      = 0
[   90.757756][ T5094] loop0: detected capacity change from 0 to 8192
[   90.782355][ T5094] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   90.795478][ T5094] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   90.804754][ T5094] REISERFS (device loop0): using ordered data mode
[   90.811572][ T5094] reiserfs: using flush barriers
[   90.817949][ T5094] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   90.834634][ T5094] REISERFS (device loop0): checking transaction log (loop0)
[pid  5094] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5094] chdir("./file0")            = 0
[pid  5094] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5094] close(4)                    = 0
[   90.883465][ T5094] REISERFS (device loop0): Using r5 hash to sort names
[   90.890393][ T5094] REISERFS (device loop0): using 3.5.x disk format
[   90.897248][ T5094] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5094] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5094] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5094] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5094] ftruncate(4, 33587199)      = 0
[pid  5094] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5094] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5094] exit_group(0)               = ?
[   90.924769][   T27] audit: type=1800 audit(1702832633.741:157): pid=5094 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   90.947352][   T27] audit: type=1800 audit(1702832633.751:158): pid=5094 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[pid  5094] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs")                 = 0
[   90.969945][   T27] audit: type=1800 audit(1702832633.751:159): pid=5094 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   90.991837][   T27] audit: type=1800 audit(1702832633.771:160): pid=5094 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./16/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./16")                           = 0
mkdir("./17", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached
 <unfinished ...>
[pid  5096] set_robust_list(0x5555558f3660, 24) = 0
[pid  5096] chdir("./17")               = 0
[pid  5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5096] setpgid(0, 0)               = 0
[pid  5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5060] <... clone resumed>, child_tidptr=0x5555558f3650) = 5096
[pid  5096] <... openat resumed>)       = 3
[pid  5096] write(3, "1000", 4)         = 4
[pid  5096] close(3)                    = 0
[pid  5096] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5096] memfd_create("syzkaller", 0) = 3
[pid  5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5096] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5096] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5096] close(3)                    = 0
[pid  5096] mkdir("./file0", 0777)      = 0
[   91.282005][ T5096] loop0: detected capacity change from 0 to 8192
[   91.296729][ T5096] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   91.310182][ T5096] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   91.319365][ T5096] REISERFS (device loop0): using ordered data mode
[   91.325884][ T5096] reiserfs: using flush barriers
[   91.332690][ T5096] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   91.349838][ T5096] REISERFS (device loop0): checking transaction log (loop0)
[pid  5096] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5096] chdir("./file0")            = 0
[pid  5096] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5096] close(4)                    = 0
[   91.401426][ T5096] REISERFS (device loop0): Using r5 hash to sort names
[   91.408497][ T5096] REISERFS (device loop0): using 3.5.x disk format
[   91.415399][ T5096] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5096] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5096] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5096] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5096] ftruncate(4, 33587199)      = 0
[pid  5096] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5096] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5096] exit_group(0)               = ?
[pid  5096] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   91.468134][   T27] audit: type=1800 audit(1702832634.281:161): pid=5096 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   91.491975][   T27] audit: type=1800 audit(1702832634.301:162): pid=5096 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs")                 = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./17/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./17")                           = 0
mkdir("./18", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached
, child_tidptr=0x5555558f3650) = 5098
[pid  5098] set_robust_list(0x5555558f3660, 24) = 0
[pid  5098] chdir("./18")               = 0
[pid  5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5098] setpgid(0, 0)               = 0
[pid  5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5098] write(3, "1000", 4)         = 4
[pid  5098] close(3)                    = 0
[pid  5098] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5098] memfd_create("syzkaller", 0) = 3
[pid  5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5098] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5098] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5098] close(3)                    = 0
[pid  5098] mkdir("./file0", 0777)      = 0
[   91.849349][ T5098] loop0: detected capacity change from 0 to 8192
[   91.875414][ T5098] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   91.888555][ T5098] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   91.898219][ T5098] REISERFS (device loop0): using ordered data mode
[   91.904803][ T5098] reiserfs: using flush barriers
[   91.911003][ T5098] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   91.927815][ T5098] REISERFS (device loop0): checking transaction log (loop0)
[pid  5098] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5098] chdir("./file0")            = 0
[pid  5098] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5098] close(4)                    = 0
[pid  5098] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[   91.976281][ T5098] REISERFS (device loop0): Using r5 hash to sort names
[   91.983364][ T5098] REISERFS (device loop0): using 3.5.x disk format
[   91.990212][ T5098] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5098] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5098] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5098] ftruncate(4, 33587199)      = 0
[pid  5098] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5098] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5098] exit_group(0)               = ?
[pid  5098] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs")                 = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./18/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./18")                           = 0
mkdir("./19", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5100 attached
, child_tidptr=0x5555558f3650) = 5100
[pid  5100] set_robust_list(0x5555558f3660, 24) = 0
[pid  5100] chdir("./19")               = 0
[pid  5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5100] setpgid(0, 0)               = 0
[pid  5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5100] write(3, "1000", 4)         = 4
[pid  5100] close(3)                    = 0
[pid  5100] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5100] memfd_create("syzkaller", 0) = 3
[pid  5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5100] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5100] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5100] close(3)                    = 0
[pid  5100] mkdir("./file0", 0777)      = 0
[   92.406679][ T5100] loop0: detected capacity change from 0 to 8192
[   92.430882][ T5100] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   92.443975][ T5100] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   92.453335][ T5100] REISERFS (device loop0): using ordered data mode
[   92.459862][ T5100] reiserfs: using flush barriers
[   92.466175][ T5100] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   92.483033][ T5100] REISERFS (device loop0): checking transaction log (loop0)
[pid  5100] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5100] chdir("./file0")            = 0
[pid  5100] ioctl(4, LOOP_CLR_FD)       = 0
[   92.541157][ T5100] REISERFS (device loop0): Using r5 hash to sort names
[   92.548098][ T5100] REISERFS (device loop0): using 3.5.x disk format
[   92.555002][ T5100] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5100] close(4)                    = 0
[pid  5100] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5100] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5100] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5100] ftruncate(4, 33587199)      = 0
[pid  5100] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5100] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5100] exit_group(0)               = ?
[pid  5100] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs")                 = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./19/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./19")                           = 0
mkdir("./20", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached
, child_tidptr=0x5555558f3650) = 5102
[pid  5102] set_robust_list(0x5555558f3660, 24) = 0
[pid  5102] chdir("./20")               = 0
[pid  5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5102] setpgid(0, 0)               = 0
[pid  5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5102] write(3, "1000", 4)         = 4
[pid  5102] close(3)                    = 0
[pid  5102] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5102] memfd_create("syzkaller", 0) = 3
[pid  5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5102] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5102] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5102] close(3)                    = 0
[pid  5102] mkdir("./file0", 0777)      = 0
[   92.958910][ T5102] loop0: detected capacity change from 0 to 8192
[   92.973832][ T5102] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   92.986867][ T5102] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   92.996158][ T5102] REISERFS (device loop0): using ordered data mode
[   93.002667][ T5102] reiserfs: using flush barriers
[   93.009011][ T5102] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   93.025631][ T5102] REISERFS (device loop0): checking transaction log (loop0)
[pid  5102] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5102] chdir("./file0")            = 0
[pid  5102] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5102] close(4)                    = 0
[   93.076800][ T5102] REISERFS (device loop0): Using r5 hash to sort names
[   93.083938][ T5102] REISERFS (device loop0): using 3.5.x disk format
[   93.090747][ T5102] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5102] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5102] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5102] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5102] ftruncate(4, 33587199)      = 0
[pid  5102] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5102] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5102] exit_group(0)               = ?
[pid  5102] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs")                 = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./20/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./20")                           = 0
mkdir("./21", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached
 <unfinished ...>
[pid  5104] set_robust_list(0x5555558f3660, 24) = 0
[pid  5104] chdir("./21")               = 0
[pid  5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5104] setpgid(0, 0)               = 0
[pid  5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5060] <... clone resumed>, child_tidptr=0x5555558f3650) = 5104
[pid  5104] <... openat resumed>)       = 3
[pid  5104] write(3, "1000", 4)         = 4
[pid  5104] close(3)                    = 0
[pid  5104] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5104] memfd_create("syzkaller", 0) = 3
[pid  5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5104] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5104] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5104] close(3)                    = 0
[pid  5104] mkdir("./file0", 0777)      = 0
[   93.475973][ T5104] loop0: detected capacity change from 0 to 8192
[   93.491743][ T5104] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   93.504774][ T5104] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   93.513974][ T5104] REISERFS (device loop0): using ordered data mode
[   93.520560][ T5104] reiserfs: using flush barriers
[   93.526805][ T5104] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   93.543389][ T5104] REISERFS (device loop0): checking transaction log (loop0)
[pid  5104] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5104] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5104] chdir("./file0")            = 0
[pid  5104] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5104] close(4)                    = 0
[   93.589970][ T5104] REISERFS (device loop0): Using r5 hash to sort names
[   93.596868][ T5104] REISERFS (device loop0): using 3.5.x disk format
[   93.603761][ T5104] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5104] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5104] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5104] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5104] ftruncate(4, 33587199)      = 0
[pid  5104] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5104] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5104] exit_group(0)               = ?
[pid  5104] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs")                 = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./21/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./21")                           = 0
mkdir("./22", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5106 attached
, child_tidptr=0x5555558f3650) = 5106
[pid  5106] set_robust_list(0x5555558f3660, 24) = 0
[pid  5106] chdir("./22")               = 0
[pid  5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5106] setpgid(0, 0)               = 0
[pid  5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5106] write(3, "1000", 4)         = 4
[pid  5106] close(3)                    = 0
[pid  5106] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5106] memfd_create("syzkaller", 0) = 3
[pid  5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5106] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5106] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5106] close(3)                    = 0
[pid  5106] mkdir("./file0", 0777)      = 0
[   94.003448][ T5106] loop0: detected capacity change from 0 to 8192
[   94.019258][ T5106] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   94.032652][ T5106] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   94.041979][ T5106] REISERFS (device loop0): using ordered data mode
[   94.048520][ T5106] reiserfs: using flush barriers
[   94.054975][ T5106] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   94.071689][ T5106] REISERFS (device loop0): checking transaction log (loop0)
[pid  5106] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5106] chdir("./file0")            = 0
[pid  5106] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5106] close(4)                    = 0
[   94.112122][ T5106] REISERFS (device loop0): Using r5 hash to sort names
[   94.119105][ T5106] REISERFS (device loop0): using 3.5.x disk format
[   94.126064][ T5106] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5106] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5106] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5106] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5106] ftruncate(4, 33587199)      = 0
[pid  5106] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5106] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5106] exit_group(0)               = ?
[pid  5106] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs")                 = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./22/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./22")                           = 0
mkdir("./23", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5108 attached
, child_tidptr=0x5555558f3650) = 5108
[pid  5108] set_robust_list(0x5555558f3660, 24) = 0
[pid  5108] chdir("./23")               = 0
[pid  5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5108] setpgid(0, 0)               = 0
[pid  5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5108] write(3, "1000", 4)         = 4
[pid  5108] close(3)                    = 0
[pid  5108] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5108] memfd_create("syzkaller", 0) = 3
[pid  5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5108] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5108] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5108] close(3)                    = 0
[pid  5108] mkdir("./file0", 0777)      = 0
[   94.498827][ T5108] loop0: detected capacity change from 0 to 8192
[   94.523140][ T5108] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   94.536488][ T5108] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   94.545710][ T5108] REISERFS (device loop0): using ordered data mode
[   94.552238][ T5108] reiserfs: using flush barriers
[   94.558469][ T5108] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   94.575381][ T5108] REISERFS (device loop0): checking transaction log (loop0)
[pid  5108] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5108] chdir("./file0")            = 0
[pid  5108] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5108] close(4)                    = 0
[pid  5108] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[   94.627960][ T5108] REISERFS (device loop0): Using r5 hash to sort names
[   94.634852][ T5108] REISERFS (device loop0): using 3.5.x disk format
[   94.641646][ T5108] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5108] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5108] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5108] ftruncate(4, 33587199)      = 0
[pid  5108] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5108] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5108] exit_group(0)               = ?
[pid  5108] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs")                 = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./23/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./23")                           = 0
mkdir("./24", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached
, child_tidptr=0x5555558f3650) = 5110
[pid  5110] set_robust_list(0x5555558f3660, 24) = 0
[pid  5110] chdir("./24")               = 0
[pid  5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5110] setpgid(0, 0)               = 0
[pid  5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5110] write(3, "1000", 4)         = 4
[pid  5110] close(3)                    = 0
[pid  5110] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5110] memfd_create("syzkaller", 0) = 3
[pid  5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5110] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5110] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5110] close(3)                    = 0
[pid  5110] mkdir("./file0", 0777)      = 0
[   95.079348][ T5110] loop0: detected capacity change from 0 to 8192
[   95.092649][ T5110] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   95.105738][ T5110] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   95.115184][ T5110] REISERFS (device loop0): using ordered data mode
[   95.121677][ T5110] reiserfs: using flush barriers
[   95.128348][ T5110] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   95.145106][ T5110] REISERFS (device loop0): checking transaction log (loop0)
[pid  5110] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5110] chdir("./file0")            = 0
[pid  5110] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5110] close(4)                    = 0
[pid  5110] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5110] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[   95.194820][ T5110] REISERFS (device loop0): Using r5 hash to sort names
[   95.201706][ T5110] REISERFS (device loop0): using 3.5.x disk format
[   95.208557][ T5110] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5110] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5110] ftruncate(4, 33587199)      = 0
[pid  5110] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5110] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5110] exit_group(0)               = ?
[pid  5110] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs")                 = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./24/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./24")                           = 0
mkdir("./25", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5112 attached
, child_tidptr=0x5555558f3650) = 5112
[pid  5112] set_robust_list(0x5555558f3660, 24) = 0
[pid  5112] chdir("./25")               = 0
[pid  5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5112] setpgid(0, 0)               = 0
[pid  5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5112] write(3, "1000", 4)         = 4
[pid  5112] close(3)                    = 0
[pid  5112] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5112] memfd_create("syzkaller", 0) = 3
[pid  5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5112] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5112] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5112] close(3)                    = 0
[pid  5112] mkdir("./file0", 0777)      = 0
[   95.657186][ T5112] loop0: detected capacity change from 0 to 8192
[   95.671198][ T5112] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   95.684468][ T5112] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   95.693770][ T5112] REISERFS (device loop0): using ordered data mode
[   95.700279][ T5112] reiserfs: using flush barriers
[   95.706709][ T5112] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   95.723327][ T5112] REISERFS (device loop0): checking transaction log (loop0)
[pid  5112] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5112] chdir("./file0")            = 0
[pid  5112] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5112] close(4)                    = 0
[   95.775207][ T5112] REISERFS (device loop0): Using r5 hash to sort names
[   95.782129][ T5112] REISERFS (device loop0): using 3.5.x disk format
[   95.789109][ T5112] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5112] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5112] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5112] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[   95.846460][   T27] kauditd_printk_skb: 30 callbacks suppressed
[   95.846474][   T27] audit: type=1800 audit(1702832638.661:193): pid=5112 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[pid  5112] ftruncate(4, 33587199)      = 0
[pid  5112] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5112] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5112] exit_group(0)               = ?
[pid  5112] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   95.875184][   T27] audit: type=1800 audit(1702832638.661:194): pid=5112 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   95.897655][   T27] audit: type=1800 audit(1702832638.661:195): pid=5112 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   95.920256][   T27] audit: type=1800 audit(1702832638.721:196): pid=5112 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs")                 = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./25/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./25")                           = 0
mkdir("./26", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5114 attached
, child_tidptr=0x5555558f3650) = 5114
[pid  5114] set_robust_list(0x5555558f3660, 24) = 0
[pid  5114] chdir("./26")               = 0
[pid  5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5114] setpgid(0, 0)               = 0
[pid  5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5114] write(3, "1000", 4)         = 4
[pid  5114] close(3)                    = 0
[pid  5114] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5114] memfd_create("syzkaller", 0) = 3
[pid  5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5114] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5114] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5114] close(3)                    = 0
[pid  5114] mkdir("./file0", 0777)      = 0
[   96.255409][ T5114] loop0: detected capacity change from 0 to 8192
[   96.269956][ T5114] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   96.283120][ T5114] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   96.292521][ T5114] REISERFS (device loop0): using ordered data mode
[   96.299085][ T5114] reiserfs: using flush barriers
[   96.305370][ T5114] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   96.321779][ T5114] REISERFS (device loop0): checking transaction log (loop0)
[pid  5114] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5114] chdir("./file0")            = 0
[pid  5114] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5114] close(4)                    = 0
[   96.363229][ T5114] REISERFS (device loop0): Using r5 hash to sort names
[   96.370473][ T5114] REISERFS (device loop0): using 3.5.x disk format
[   96.377253][ T5114] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5114] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5114] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5114] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[   96.413142][   T27] audit: type=1800 audit(1702832639.231:197): pid=5114 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   96.435276][   T27] audit: type=1800 audit(1702832639.231:198): pid=5114 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[pid  5114] ftruncate(4, 33587199)      = 0
[pid  5114] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5114] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5114] exit_group(0)               = ?
[pid  5114] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[   96.457349][   T27] audit: type=1800 audit(1702832639.261:199): pid=5114 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
[   96.481400][   T27] audit: type=1800 audit(1702832639.291:200): pid=5114 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs")                 = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./26/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./26")                           = 0
mkdir("./27", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5116 attached
 <unfinished ...>
[pid  5116] set_robust_list(0x5555558f3660, 24 <unfinished ...>
[pid  5060] <... clone resumed>, child_tidptr=0x5555558f3650) = 5116
[pid  5116] <... set_robust_list resumed>) = 0
[pid  5116] chdir("./27")               = 0
[pid  5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5116] setpgid(0, 0)               = 0
[pid  5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5116] write(3, "1000", 4)         = 4
[pid  5116] close(3)                    = 0
[pid  5116] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5116] memfd_create("syzkaller", 0) = 3
[pid  5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5116] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5116] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5116] close(3)                    = 0
[pid  5116] mkdir("./file0", 0777)      = 0
[   96.859313][ T5116] loop0: detected capacity change from 0 to 8192
[   96.878716][ T5116] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   96.891939][ T5116] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   96.901433][ T5116] REISERFS (device loop0): using ordered data mode
[   96.908163][ T5116] reiserfs: using flush barriers
[   96.914742][ T5116] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   96.931611][ T5116] REISERFS (device loop0): checking transaction log (loop0)
[pid  5116] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5116] chdir("./file0")            = 0
[pid  5116] ioctl(4, LOOP_CLR_FD)       = 0
[   96.988848][ T5116] REISERFS (device loop0): Using r5 hash to sort names
[   96.995809][ T5116] REISERFS (device loop0): using 3.5.x disk format
[   97.002983][ T5116] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5116] close(4)                    = 0
[pid  5116] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5116] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5116] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5116] ftruncate(4, 33587199)      = 0
[pid  5116] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5116] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5116] exit_group(0)               = ?
[pid  5116] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} ---
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   97.054260][   T27] audit: type=1800 audit(1702832639.871:201): pid=5116 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs")                 = 0
[   97.091537][   T27] audit: type=1800 audit(1702832639.891:202): pid=5116 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor156" name="bus" dev="loop0" ino=2 res=0 errno=0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./27/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./27")                           = 0
mkdir("./28", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5118 attached
 <unfinished ...>
[pid  5118] set_robust_list(0x5555558f3660, 24 <unfinished ...>
[pid  5060] <... clone resumed>, child_tidptr=0x5555558f3650) = 5118
[pid  5118] <... set_robust_list resumed>) = 0
[pid  5118] chdir("./28")               = 0
[pid  5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5118] setpgid(0, 0)               = 0
[pid  5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5118] write(3, "1000", 4)         = 4
[pid  5118] close(3)                    = 0
[pid  5118] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5118] memfd_create("syzkaller", 0) = 3
[pid  5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5118] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5118] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5118] close(3)                    = 0
[pid  5118] mkdir("./file0", 0777)      = 0
[   97.367022][ T5118] loop0: detected capacity change from 0 to 8192
[   97.382963][ T5118] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   97.395948][ T5118] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   97.405280][ T5118] REISERFS (device loop0): using ordered data mode
[   97.411799][ T5118] reiserfs: using flush barriers
[   97.418026][ T5118] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   97.435760][ T5118] REISERFS (device loop0): checking transaction log (loop0)
[pid  5118] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5118] chdir("./file0")            = 0
[pid  5118] ioctl(4, LOOP_CLR_FD)       = 0
[   97.485683][ T5118] REISERFS (device loop0): Using r5 hash to sort names
[   97.492566][ T5118] REISERFS (device loop0): using 3.5.x disk format
[   97.499572][ T5118] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5118] close(4)                    = 0
[pid  5118] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5118] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5118] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5118] ftruncate(4, 33587199)      = 0
[pid  5118] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5118] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5118] exit_group(0)               = ?
[pid  5118] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs")                 = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./28/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./28")                           = 0
mkdir("./29", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5120 attached
 <unfinished ...>
[pid  5120] set_robust_list(0x5555558f3660, 24) = 0
[pid  5120] chdir("./29")               = 0
[pid  5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5120] setpgid(0, 0)               = 0
[pid  5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5060] <... clone resumed>, child_tidptr=0x5555558f3650) = 5120
[pid  5120] <... openat resumed>)       = 3
[pid  5120] write(3, "1000", 4)         = 4
[pid  5120] close(3)                    = 0
[pid  5120] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5120] memfd_create("syzkaller", 0) = 3
[pid  5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5120] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5120] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5120] close(3)                    = 0
[pid  5120] mkdir("./file0", 0777)      = 0
[   97.826329][ T5120] loop0: detected capacity change from 0 to 8192
[   97.840978][ T5120] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   97.854003][ T5120] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   97.863719][ T5120] REISERFS (device loop0): using ordered data mode
[   97.870370][ T5120] reiserfs: using flush barriers
[   97.878443][ T5120] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   97.895579][ T5120] REISERFS (device loop0): checking transaction log (loop0)
[pid  5120] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5120] chdir("./file0")            = 0
[pid  5120] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5120] close(4)                    = 0
[   97.954157][ T5120] REISERFS (device loop0): Using r5 hash to sort names
[   97.961324][ T5120] REISERFS (device loop0): using 3.5.x disk format
[   97.968614][ T5120] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5120] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[pid  5120] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5120] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5120] ftruncate(4, 33587199)      = 0
[pid  5120] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5120] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5120] exit_group(0)               = ?
[pid  5120] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs")                 = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./29/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./29")                           = 0
mkdir("./30", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558f3650) = 5122
./strace-static-x86_64: Process 5122 attached
[pid  5122] set_robust_list(0x5555558f3660, 24) = 0
[pid  5122] chdir("./30")               = 0
[pid  5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5122] setpgid(0, 0)               = 0
[pid  5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5122] write(3, "1000", 4)         = 4
[pid  5122] close(3)                    = 0
[pid  5122] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5122] memfd_create("syzkaller", 0) = 3
[pid  5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5122] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5122] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5122] close(3)                    = 0
[pid  5122] mkdir("./file0", 0777)      = 0
[   98.357039][ T5122] loop0: detected capacity change from 0 to 8192
[   98.371596][ T5122] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   98.384640][ T5122] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   98.393904][ T5122] REISERFS (device loop0): using ordered data mode
[   98.400407][ T5122] reiserfs: using flush barriers
[   98.406695][ T5122] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   98.424435][ T5122] REISERFS (device loop0): checking transaction log (loop0)
[pid  5122] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5122] chdir("./file0")            = 0
[pid  5122] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5122] close(4)                    = 0
[pid  5122] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[   98.473856][ T5122] REISERFS (device loop0): Using r5 hash to sort names
[   98.480743][ T5122] REISERFS (device loop0): using 3.5.x disk format
[   98.487571][ T5122] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5122] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5122] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5122] ftruncate(4, 33587199)      = 0
[pid  5122] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5122] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5122] exit_group(0)               = ?
[pid  5122] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs")                 = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x5555558fc730 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555558fc730 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./30/file0")                     = 0
getdents64(3, 0x5555558f46f0 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./30")                           = 0
mkdir("./31", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5124 attached
, child_tidptr=0x5555558f3650) = 5124
[pid  5124] set_robust_list(0x5555558f3660, 24) = 0
[pid  5124] chdir("./31")               = 0
[pid  5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5124] setpgid(0, 0)               = 0
[pid  5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5124] write(3, "1000", 4)         = 4
[pid  5124] close(3)                    = 0
[pid  5124] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5124] memfd_create("syzkaller", 0) = 3
[pid  5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1aa4e6e000
[pid  5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5124] munmap(0x7f1aa4e6e000, 138412032) = 0
[pid  5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5124] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5124] close(3)                    = 0
[pid  5124] mkdir("./file0", 0777)      = 0
[   98.927094][ T5124] loop0: detected capacity change from 0 to 8192
[   98.941865][ T5124] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   98.955121][ T5124] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   98.964520][ T5124] REISERFS (device loop0): using ordered data mode
[   98.971013][ T5124] reiserfs: using flush barriers
[   98.977369][ T5124] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   98.993990][ T5124] REISERFS (device loop0): checking transaction log (loop0)
[pid  5124] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5124] chdir("./file0")            = 0
[pid  5124] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5124] close(4)                    = 0
[pid  5124] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[   99.049548][ T5124] REISERFS (device loop0): Using r5 hash to sort names
[   99.056729][ T5124] REISERFS (device loop0): using 3.5.x disk format
[   99.063675][ T5124] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5124] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5
[pid  5124] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 5, 0) = 0x20000000
[pid  5124] ftruncate(4, 33587199)      = 0
[pid  5124] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 6
[pid  5124] ioctl(6, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5124] exit_group(0)               = ?
[pid  5124] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555558f46f0 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs")                 = 0