./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2930534293

<...>
Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts.
execve("./syz-executor2930534293", ["./syz-executor2930534293"], 0x7ffe2b89eb20 /* 10 vars */) = 0
brk(NULL)                               = 0x5555566d7000
brk(0x5555566d7c40)                     = 0x5555566d7c40
arch_prctl(ARCH_SET_FS, 0x5555566d7300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2930534293", 4096) = 28
brk(0x5555566f8c40)                     = 0x5555566f8c40
brk(0x5555566f9000)                     = 0x5555566f9000
mprotect(0x7f7025572000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 5070
mkdir("./syzkaller.ZJqWpA", 0700)       = 0
chmod("./syzkaller.ZJqWpA", 0777)       = 0
chdir("./syzkaller.ZJqWpA")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5071
./strace-static-x86_64: Process 5071 attached
[pid  5071] chdir("./0")                = 0
[pid  5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5071] setpgid(0, 0)               = 0
[pid  5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5071] write(3, "1000", 4)         = 4
[pid  5071] close(3)                    = 0
[pid  5071] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5071] memfd_create("syzkaller", 0) = 3
[pid  5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5071] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5071] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5071] close(3)                    = 0
[pid  5071] mkdir("./file0", 0777)      = 0
[   62.091154][ T5071] loop0: detected capacity change from 0 to 8192
[   62.104491][ T5071] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   62.117804][ T5071] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   62.127527][ T5071] REISERFS (device loop0): using ordered data mode
[   62.134177][ T5071] reiserfs: using flush barriers
[   62.140606][ T5071] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   62.157273][ T5071] REISERFS (device loop0): checking transaction log (loop0)
[pid  5071] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5071] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5071] chdir("./file0")            = 0
[pid  5071] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5071] close(4)                    = 0
[pid  5071] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5071] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5071] ftruncate(5, 33587199)      = 0
[pid  5071] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   62.206787][ T5071] REISERFS (device loop0): Using r5 hash to sort names
[   62.213980][ T5071] REISERFS (device loop0): using 3.5.x disk format
[   62.222280][ T5071] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5071] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5071] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5071] exit_group(0)               = ?
[pid  5071] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs")                  = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file0")                      = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5074
./strace-static-x86_64: Process 5074 attached
[pid  5074] chdir("./1")                = 0
[pid  5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5074] setpgid(0, 0)               = 0
[pid  5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5074] write(3, "1000", 4)         = 4
[pid  5074] close(3)                    = 0
[pid  5074] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5074] memfd_create("syzkaller", 0) = 3
[pid  5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5074] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5074] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5074] close(3)                    = 0
[pid  5074] mkdir("./file0", 0777)      = 0
[   62.454817][ T5074] loop0: detected capacity change from 0 to 8192
[   62.465005][ T5074] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   62.478316][ T5074] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   62.488032][ T5074] REISERFS (device loop0): using ordered data mode
[   62.494650][ T5074] reiserfs: using flush barriers
[   62.500623][ T5074] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   62.517342][ T5074] REISERFS (device loop0): checking transaction log (loop0)
[pid  5074] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5074] chdir("./file0")            = 0
[pid  5074] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5074] close(4)                    = 0
[pid  5074] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5074] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5074] ftruncate(5, 33587199)      = 0
[pid  5074] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   62.582209][ T5074] REISERFS (device loop0): Using r5 hash to sort names
[   62.589119][ T5074] REISERFS (device loop0): using 3.5.x disk format
[   62.596302][ T5074] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5074] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5074] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5074] exit_group(0)               = ?
[pid  5074] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs")                  = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file0")                      = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5076
./strace-static-x86_64: Process 5076 attached
[pid  5076] chdir("./2")                = 0
[pid  5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5076] setpgid(0, 0)               = 0
[pid  5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5076] write(3, "1000", 4)         = 4
[pid  5076] close(3)                    = 0
[pid  5076] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5076] memfd_create("syzkaller", 0) = 3
[pid  5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5076] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5076] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5076] close(3)                    = 0
[pid  5076] mkdir("./file0", 0777)      = 0
[   62.821825][ T5076] loop0: detected capacity change from 0 to 8192
[   62.833234][ T5076] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   62.846325][ T5076] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   62.855684][ T5076] REISERFS (device loop0): using ordered data mode
[   62.862498][ T5076] reiserfs: using flush barriers
[   62.868506][ T5076] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   62.886131][ T5076] REISERFS (device loop0): checking transaction log (loop0)
[pid  5076] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5076] chdir("./file0")            = 0
[pid  5076] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5076] close(4)                    = 0
[pid  5076] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5076] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5076] ftruncate(5, 33587199)      = 0
[pid  5076] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   62.933086][ T5076] REISERFS (device loop0): Using r5 hash to sort names
[   62.940137][ T5076] REISERFS (device loop0): using 3.5.x disk format
[   62.947435][ T5076] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5076] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[   63.043941][ T5076] 
[   63.046317][ T5076] ======================================================
[   63.053335][ T5076] WARNING: possible circular locking dependency detected
[   63.060428][ T5076] 6.2.0-rc4-syzkaller-00009-gd532dd102151 #0 Not tainted
[   63.067449][ T5076] ------------------------------------------------------
[   63.074455][ T5076] syz-executor293/5076 is trying to acquire lock:
[   63.080959][ T5076] ffff8880215ab090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x77/0xd0
[   63.090118][ T5076] 
[   63.090118][ T5076] but task is already holding lock:
[   63.097482][ T5076] ffff88802af36558 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x19e/0x5e0
[   63.106520][ T5076] 
[   63.106520][ T5076] which lock already depends on the new lock.
[   63.106520][ T5076] 
[   63.116914][ T5076] 
[   63.116914][ T5076] the existing dependency chain (in reverse order) is:
[   63.125943][ T5076] 
[   63.125943][ T5076] -> #2 (sb_pagefaults){.+.+}-{0:0}:
[   63.133411][ T5076]        lock_acquire+0x182/0x3c0
[   63.138422][ T5076]        filemap_page_mkwrite+0x15c/0x7a0
[   63.144129][ T5076]        do_page_mkwrite+0x19e/0x5e0
[   63.149408][ T5076]        wp_page_shared+0x15e/0x380
[   63.154592][ T5076]        handle_mm_fault+0x1b79/0x26b0
[   63.160063][ T5076]        do_user_addr_fault+0x69b/0xcb0
[   63.165595][ T5076]        exc_page_fault+0x7a/0x110
[   63.170708][ T5076]        asm_exc_page_fault+0x22/0x30
[   63.176069][ T5076] 
[   63.176069][ T5076] -> #1 (&mm->mmap_lock){++++}-{3:3}:
[   63.183610][ T5076]        lock_acquire+0x182/0x3c0
[   63.188620][ T5076]        __might_fault+0xb2/0x110
[   63.193629][ T5076]        reiserfs_ioctl+0x11c/0x340
[   63.198812][ T5076]        __se_sys_ioctl+0xfb/0x170
[   63.203911][ T5076]        do_syscall_64+0x3d/0xb0
[   63.208834][ T5076]        entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.215236][ T5076] 
[   63.215236][ T5076] -> #0 (&sbi->lock){+.+.}-{3:3}:
[   63.222600][ T5076]        validate_chain+0x1898/0x6ae0
[   63.227962][ T5076]        __lock_acquire+0x1292/0x1f60
[   63.233323][ T5076]        lock_acquire+0x182/0x3c0
[   63.238419][ T5076]        __mutex_lock_common+0x1bd/0x26e0
[   63.244736][ T5076]        mutex_lock_nested+0x17/0x20
[   63.250007][ T5076]        reiserfs_write_lock+0x77/0xd0
[   63.255483][ T5076]        reiserfs_dirty_inode+0xdf/0x230
[   63.261108][ T5076]        __mark_inode_dirty+0x1e7/0x600
[   63.266663][ T5076]        file_update_time+0x551/0x5d0
[   63.272059][ T5076]        filemap_page_mkwrite+0x248/0x7a0
[   63.277764][ T5076]        do_page_mkwrite+0x19e/0x5e0
[   63.283038][ T5076]        wp_page_shared+0x15e/0x380
[   63.288225][ T5076]        handle_mm_fault+0x1b79/0x26b0
[   63.293681][ T5076]        do_user_addr_fault+0x69b/0xcb0
[   63.299213][ T5076]        exc_page_fault+0x7a/0x110
[   63.304312][ T5076]        asm_exc_page_fault+0x22/0x30
[   63.309742][ T5076] 
[   63.309742][ T5076] other info that might help us debug this:
[   63.309742][ T5076] 
[   63.319951][ T5076] Chain exists of:
[   63.319951][ T5076]   &sbi->lock --> &mm->mmap_lock --> sb_pagefaults
[   63.319951][ T5076] 
[   63.332278][ T5076]  Possible unsafe locking scenario:
[   63.332278][ T5076] 
[   63.339796][ T5076]        CPU0                    CPU1
[   63.345143][ T5076]        ----                    ----
[   63.350489][ T5076]   lock(sb_pagefaults);
[   63.354736][ T5076]                                lock(&mm->mmap_lock);
[   63.361751][ T5076]                                lock(sb_pagefaults);
[   63.368493][ T5076]   lock(&sbi->lock);
[   63.372548][ T5076] 
[   63.372548][ T5076]  *** DEADLOCK ***
[   63.372548][ T5076] 
[   63.380723][ T5076] 2 locks held by syz-executor293/5076:
[   63.386255][ T5076]  #0: ffff88807d217318 (&mm->mmap_lock){++++}-{3:3}, at: do_user_addr_fault+0x2e2/0xcb0
[   63.396081][ T5076]  #1: ffff88802af36558 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x19e/0x5e0
[   63.405559][ T5076] 
[   63.405559][ T5076] stack backtrace:
[   63.411515][ T5076] CPU: 0 PID: 5076 Comm: syz-executor293 Not tainted 6.2.0-rc4-syzkaller-00009-gd532dd102151 #0
[   63.421909][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   63.431958][ T5076] Call Trace:
[   63.435224][ T5076]  <TASK>
[   63.438143][ T5076]  dump_stack_lvl+0x1b1/0x290
[   63.442835][ T5076]  ? nf_tcp_handle_invalid+0x630/0x630
[   63.448547][ T5076]  ? print_circular_bug+0x13e/0x1c0
[   63.453763][ T5076]  check_noncircular+0x2cc/0x390
[   63.458691][ T5076]  ? add_chain_block+0x850/0x850
[   63.463618][ T5076]  ? lockdep_lock+0x102/0x290
[   63.468281][ T5076]  ? validate_chain+0x177/0x6ae0
[   63.473295][ T5076]  ? _find_first_zero_bit+0xe8/0x110
[   63.478601][ T5076]  validate_chain+0x1898/0x6ae0
[   63.483456][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.488819][ T5076]  ? validate_chain+0x177/0x6ae0
[   63.493749][ T5076]  ? validate_chain+0x177/0x6ae0
[   63.498688][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.504059][ T5076]  ? validate_chain+0x177/0x6ae0
[   63.509163][ T5076]  ? mark_lock+0x9a/0x350
[   63.513493][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.519467][ T5076]  ? search_for_position_by_key+0x965/0xfa0
[   63.525354][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.530715][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.536074][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.541520][ T5076]  ? validate_chain+0x177/0x6ae0
[   63.546454][ T5076]  ? validate_chain+0x177/0x6ae0
[   63.552073][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.557436][ T5076]  ? validate_chain+0x177/0x6ae0
[   63.562541][ T5076]  ? validate_chain+0x177/0x6ae0
[   63.567463][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.572822][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.578538][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.583903][ T5076]  ? validate_chain+0x177/0x6ae0
[   63.588839][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.594197][ T5076]  ? validate_chain+0x177/0x6ae0
[   63.599125][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.604480][ T5076]  ? reiserfs_get_block+0x39e/0x5180
[   63.609793][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.615166][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.620531][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.625895][ T5076]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   63.631861][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.637220][ T5076]  ? reacquire_held_locks+0x650/0x650
[   63.642581][ T5076]  ? rcu_read_lock_sched_held+0x87/0x110
[   63.648197][ T5076]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   63.654426][ T5076]  ? mark_lock+0x9a/0x350
[   63.658741][ T5076]  ? __lock_acquire+0x1292/0x1f60
[   63.663752][ T5076]  ? rcu_preempt_deferred_qs_irqrestore+0x849/0xc10
[   63.670328][ T5076]  ? trace_lock_release+0x95/0x220
[   63.675427][ T5076]  ? make_le_item_head+0x5b0/0x5b0
[   63.680523][ T5076]  ? mark_lock+0x9a/0x350
[   63.684927][ T5076]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   63.691242][ T5076]  ? print_irqtrace_events+0x220/0x220
[   63.696685][ T5076]  ? do_raw_spin_unlock+0x134/0x8a0
[   63.701874][ T5076]  ? _raw_spin_unlock_irqrestore+0x8b/0x120
[   63.707755][ T5076]  ? lockdep_hardirqs_on+0x8d/0x130
[   63.712956][ T5076]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[   63.718837][ T5076]  ? _raw_spin_unlock+0x40/0x40
[   63.723680][ T5076]  ? rcu_read_lock_sched_held+0x87/0x110
[   63.729296][ T5076]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   63.735271][ T5076]  ? rcu_lock_release+0x5/0x20
[   63.740059][ T5076]  ? folio_unlock+0x112/0x310
[   63.744740][ T5076]  ? do_mpage_readpage+0x10e4/0x1c50
[   63.750034][ T5076]  ? mark_lock+0x9a/0x350
[   63.754359][ T5076]  ? rcu_read_lock_sched_held+0x87/0x110
[   63.759977][ T5076]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   63.765948][ T5076]  ? mark_lock+0x9a/0x350
[   63.770267][ T5076]  ? rcu_read_lock_sched_held+0x87/0x110
[   63.775887][ T5076]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   63.781872][ T5076]  ? local_lock_release+0x96/0x170
[   63.787016][ T5076]  ? mark_lock+0x9a/0x350
[   63.791352][ T5076]  __lock_acquire+0x1292/0x1f60
[   63.796198][ T5076]  lock_acquire+0x182/0x3c0
[   63.800686][ T5076]  ? reiserfs_write_lock+0x77/0xd0
[   63.805798][ T5076]  ? read_lock_is_recursive+0x10/0x10
[   63.811179][ T5076]  ? __might_sleep+0xc0/0xc0
[   63.815792][ T5076]  ? rcu_read_lock_sched_held+0x87/0x110
[   63.821424][ T5076]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   63.827400][ T5076]  __mutex_lock_common+0x1bd/0x26e0
[   63.832850][ T5076]  ? reiserfs_write_lock+0x77/0xd0
[   63.837952][ T5076]  ? mark_lock+0x9a/0x350
[   63.842274][ T5076]  ? reiserfs_write_lock+0x77/0xd0
[   63.847374][ T5076]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   63.853341][ T5076]  ? mutex_lock_io_nested+0x60/0x60
[   63.858528][ T5076]  ? print_irqtrace_events+0x220/0x220
[   63.863976][ T5076]  ? ktime_get_coarse_real_ts64+0x45/0x140
[   63.869786][ T5076]  ? lockdep_hardirqs_on+0x8d/0x130
[   63.875098][ T5076]  mutex_lock_nested+0x17/0x20
[   63.879861][ T5076]  reiserfs_write_lock+0x77/0xd0
[   63.884820][ T5076]  reiserfs_dirty_inode+0xdf/0x230
[   63.889944][ T5076]  ? reiserfs_free_inode+0x20/0x20
[   63.895051][ T5076]  ? rcu_read_lock_sched_held+0x87/0x110
[   63.900858][ T5076]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   63.906849][ T5076]  ? current_time+0x1ea/0x300
[   63.911526][ T5076]  ? reiserfs_free_inode+0x20/0x20
[   63.916630][ T5076]  __mark_inode_dirty+0x1e7/0x600
[   63.921643][ T5076]  file_update_time+0x551/0x5d0
[   63.926483][ T5076]  ? __file_remove_privs+0x610/0x610
[   63.931773][ T5076]  ? wp_page_shared+0x156/0x380
[   63.936631][ T5076]  filemap_page_mkwrite+0x248/0x7a0
[   63.941917][ T5076]  ? do_page_mkwrite+0x19e/0x5e0
[   63.946939][ T5076]  do_page_mkwrite+0x19e/0x5e0
[   63.951699][ T5076]  wp_page_shared+0x15e/0x380
[   63.956400][ T5076]  handle_mm_fault+0x1b79/0x26b0
[   63.961770][ T5076]  ? numa_migrate_prep+0x250/0x250
[   63.966875][ T5076]  ? __vma_adjust+0x21b0/0x21b0
[   63.971718][ T5076]  ? do_user_addr_fault+0x1cc/0xcb0
[   63.976906][ T5076]  do_user_addr_fault+0x69b/0xcb0
[   63.981924][ T5076]  exc_page_fault+0x7a/0x110
[   63.986519][ T5076]  asm_exc_page_fault+0x22/0x30
[   63.991362][ T5076] RIP: 0033:0x7f70254c0532
[   63.995789][ T5076] Code: ba 00 00 60 00 be 00 00 00 20 bf 09 00 00 00 6a 00 31 c0 e8 d0 24 04 00 bf 01 01 00 00 45 31 c0 48 b8 2f 64 65 76 2f 63 75 73 <48> 89 04 25 40 02 00 20 b9 02 00 00 00 ba 40 02 00 20 31 c0 66 c7
[   64.015486][ T5076] RSP: 002b:00007ffeaca6cb90 EFLAGS: 00010246
[   64.021557][ T5076] RAX: 7375632f7665642f RBX: 000000000000f3aa RCX: 00007f7025502a09
[   64.029517][ T5076] RDX: 00000000027fffff RSI: 0000000000600000 RDI: 0000000000000101
[   64.037483][ T5076] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[pid  5076] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5076] exit_group(0)               = ?
[pid  5076] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs")                  = 0
[   64.045440][ T5076] R10: 0000000004002011 R11: 0000000000000246 R12: 00007ffeaca6cbbc
[   64.054129][ T5076] R13: 00007ffeaca6cbf0 R14: 00007ffeaca6cbd0 R15: 0000000000000002
[   64.062116][ T5076]  </TASK>
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./2/file0")                      = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5078
./strace-static-x86_64: Process 5078 attached
[pid  5078] chdir("./3")                = 0
[pid  5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5078] setpgid(0, 0)               = 0
[pid  5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5078] write(3, "1000", 4)         = 4
[pid  5078] close(3)                    = 0
[pid  5078] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5078] memfd_create("syzkaller", 0) = 3
[pid  5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5078] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5078] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5078] close(3)                    = 0
[pid  5078] mkdir("./file0", 0777)      = 0
[   64.162176][ T5078] loop0: detected capacity change from 0 to 8192
[   64.170753][ T5078] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   64.183902][ T5078] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   64.193206][ T5078] REISERFS (device loop0): using ordered data mode
[   64.199799][ T5078] reiserfs: using flush barriers
[   64.205404][ T5078] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   64.221800][ T5078] REISERFS (device loop0): checking transaction log (loop0)
[   64.250842][ T5078] REISERFS (device loop0): Using r5 hash to sort names
[pid  5078] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5078] chdir("./file0")            = 0
[pid  5078] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5078] close(4)                    = 0
[pid  5078] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5078] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5078] ftruncate(5, 33587199)      = 0
[pid  5078] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5078] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5078] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5078] exit_group(0)               = ?
[pid  5078] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
[   64.257721][ T5078] REISERFS (device loop0): using 3.5.x disk format
[   64.264472][ T5078] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs")                  = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./3/file0")                      = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./3")                            = 0
mkdir("./4", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5080
./strace-static-x86_64: Process 5080 attached
[pid  5080] chdir("./4")                = 0
[pid  5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5080] setpgid(0, 0)               = 0
[pid  5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5080] write(3, "1000", 4)         = 4
[pid  5080] close(3)                    = 0
[pid  5080] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5080] memfd_create("syzkaller", 0) = 3
[pid  5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5080] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5080] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5080] close(3)                    = 0
[pid  5080] mkdir("./file0", 0777)      = 0
[   64.402534][ T5080] loop0: detected capacity change from 0 to 8192
[   64.412139][ T5080] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   64.425220][ T5080] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   64.434555][ T5080] REISERFS (device loop0): using ordered data mode
[   64.441075][ T5080] reiserfs: using flush barriers
[   64.446531][ T5080] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   64.462865][ T5080] REISERFS (device loop0): checking transaction log (loop0)
[pid  5080] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5080] chdir("./file0")            = 0
[pid  5080] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5080] close(4)                    = 0
[pid  5080] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5080] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5080] ftruncate(5, 33587199)      = 0
[pid  5080] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5080] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[   64.494115][ T5080] REISERFS (device loop0): Using r5 hash to sort names
[   64.501063][ T5080] REISERFS (device loop0): using 3.5.x disk format
[   64.507709][ T5080] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5080] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5080] exit_group(0)               = ?
[pid  5080] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs")                  = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./4/file0")                      = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./4")                            = 0
mkdir("./5", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5082
./strace-static-x86_64: Process 5082 attached
[pid  5082] chdir("./5")                = 0
[pid  5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5082] setpgid(0, 0)               = 0
[pid  5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5082] write(3, "1000", 4)         = 4
[pid  5082] close(3)                    = 0
[pid  5082] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5082] memfd_create("syzkaller", 0) = 3
[pid  5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5082] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5082] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5082] close(3)                    = 0
[pid  5082] mkdir("./file0", 0777)      = 0
[   64.641272][ T5082] loop0: detected capacity change from 0 to 8192
[   64.649595][ T5082] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   64.662737][ T5082] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   64.671997][ T5082] REISERFS (device loop0): using ordered data mode
[   64.678548][ T5082] reiserfs: using flush barriers
[   64.684206][ T5082] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   64.700476][ T5082] REISERFS (device loop0): checking transaction log (loop0)
[   64.729988][ T5082] REISERFS (device loop0): Using r5 hash to sort names
[pid  5082] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5082] chdir("./file0")            = 0
[pid  5082] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5082] close(4)                    = 0
[pid  5082] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5082] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5082] ftruncate(5, 33587199)      = 0
[pid  5082] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5082] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5082] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5082] exit_group(0)               = ?
[pid  5082] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[   64.736971][ T5082] REISERFS (device loop0): using 3.5.x disk format
[   64.743838][ T5082] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
unlink("./5/binderfs")                  = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./5/file0")                      = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./5")                            = 0
mkdir("./6", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached
 <unfinished ...>
[pid  5084] chdir("./6")                = 0
[pid  5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5084] setpgid(0, 0)               = 0
[pid  5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC <unfinished ...>
[pid  5070] <... clone resumed>, child_tidptr=0x5555566d75d0) = 5084
[pid  5084] <... openat resumed>)       = 3
[pid  5084] write(3, "1000", 4)         = 4
[pid  5084] close(3)                    = 0
[pid  5084] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5084] memfd_create("syzkaller", 0) = 3
[pid  5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5084] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5084] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5084] close(3)                    = 0
[pid  5084] mkdir("./file0", 0777)      = 0
[   64.877267][ T5084] loop0: detected capacity change from 0 to 8192
[   64.887631][ T5084] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   64.901234][ T5084] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   64.910607][ T5084] REISERFS (device loop0): using ordered data mode
[   64.917107][ T5084] reiserfs: using flush barriers
[   64.922903][ T5084] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   64.939312][ T5084] REISERFS (device loop0): checking transaction log (loop0)
[   64.966630][ T5084] REISERFS (device loop0): Using r5 hash to sort names
[pid  5084] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5084] chdir("./file0")            = 0
[pid  5084] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5084] close(4)                    = 0
[pid  5084] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5084] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5084] ftruncate(5, 33587199)      = 0
[pid  5084] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5084] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5084] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5084] exit_group(0)               = ?
[   64.973576][ T5084] REISERFS (device loop0): using 3.5.x disk format
[   64.980317][ T5084] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5084] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs")                  = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./6/file0")                      = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./6")                            = 0
mkdir("./7", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5086
./strace-static-x86_64: Process 5086 attached
[pid  5086] chdir("./7")                = 0
[pid  5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5086] setpgid(0, 0)               = 0
[pid  5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5086] write(3, "1000", 4)         = 4
[pid  5086] close(3)                    = 0
[pid  5086] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5086] memfd_create("syzkaller", 0) = 3
[pid  5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5086] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5086] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5086] close(3)                    = 0
[pid  5086] mkdir("./file0", 0777)      = 0
[   65.113580][ T5086] loop0: detected capacity change from 0 to 8192
[   65.123629][ T5086] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   65.136764][ T5086] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   65.146035][ T5086] REISERFS (device loop0): using ordered data mode
[   65.152561][ T5086] reiserfs: using flush barriers
[   65.158210][ T5086] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   65.174574][ T5086] REISERFS (device loop0): checking transaction log (loop0)
[   65.203936][ T5086] REISERFS (device loop0): Using r5 hash to sort names
[pid  5086] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5086] chdir("./file0")            = 0
[pid  5086] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5086] close(4)                    = 0
[pid  5086] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5086] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5086] ftruncate(5, 33587199)      = 0
[pid  5086] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   65.210876][ T5086] REISERFS (device loop0): using 3.5.x disk format
[   65.217646][ T5086] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5086] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5086] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5086] exit_group(0)               = ?
[pid  5086] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs")                  = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./7/file0")                      = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./7")                            = 0
mkdir("./8", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5088
./strace-static-x86_64: Process 5088 attached
[pid  5088] chdir("./8")                = 0
[pid  5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5088] setpgid(0, 0)               = 0
[pid  5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5088] write(3, "1000", 4)         = 4
[pid  5088] close(3)                    = 0
[pid  5088] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5088] memfd_create("syzkaller", 0) = 3
[pid  5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5088] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5088] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5088] close(3)                    = 0
[pid  5088] mkdir("./file0", 0777)      = 0
[   65.364178][ T5088] loop0: detected capacity change from 0 to 8192
[   65.373858][ T5088] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   65.386961][ T5088] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   65.396149][ T5088] REISERFS (device loop0): using ordered data mode
[   65.402670][ T5088] reiserfs: using flush barriers
[   65.408215][ T5088] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   65.424576][ T5088] REISERFS (device loop0): checking transaction log (loop0)
[   65.452078][ T5088] REISERFS (device loop0): Using r5 hash to sort names
[pid  5088] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5088] chdir("./file0")            = 0
[pid  5088] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5088] close(4)                    = 0
[pid  5088] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5088] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5088] ftruncate(5, 33587199)      = 0
[pid  5088] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5088] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5088] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5088] exit_group(0)               = ?
[pid  5088] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[   65.459443][ T5088] REISERFS (device loop0): using 3.5.x disk format
[   65.466083][ T5088] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
unlink("./8/binderfs")                  = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./8/file0")                      = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./8")                            = 0
mkdir("./9", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5090
./strace-static-x86_64: Process 5090 attached
[pid  5090] chdir("./9")                = 0
[pid  5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5090] setpgid(0, 0)               = 0
[pid  5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5090] write(3, "1000", 4)         = 4
[pid  5090] close(3)                    = 0
[pid  5090] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5090] memfd_create("syzkaller", 0) = 3
[pid  5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5090] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5090] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5090] close(3)                    = 0
[pid  5090] mkdir("./file0", 0777)      = 0
[   65.601896][ T5090] loop0: detected capacity change from 0 to 8192
[   65.610258][ T5090] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   65.623387][ T5090] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   65.632600][ T5090] REISERFS (device loop0): using ordered data mode
[   65.639099][ T5090] reiserfs: using flush barriers
[   65.644860][ T5090] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   65.661125][ T5090] REISERFS (device loop0): checking transaction log (loop0)
[   65.687924][ T5090] REISERFS (device loop0): Using r5 hash to sort names
[   65.694834][ T5090] REISERFS (device loop0): using 3.5.x disk format
[pid  5090] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5090] chdir("./file0")            = 0
[pid  5090] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5090] close(4)                    = 0
[pid  5090] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5090] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5090] ftruncate(5, 33587199)      = 0
[pid  5090] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5090] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5090] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5090] exit_group(0)               = ?
[pid  5090] +++ exited with 0 +++
[   65.701599][ T5090] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs")                  = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./9/file0")                      = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./9")                            = 0
mkdir("./10", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5092
./strace-static-x86_64: Process 5092 attached
[pid  5092] chdir("./10")               = 0
[pid  5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5092] setpgid(0, 0)               = 0
[pid  5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5092] write(3, "1000", 4)         = 4
[pid  5092] close(3)                    = 0
[pid  5092] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5092] memfd_create("syzkaller", 0) = 3
[pid  5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5092] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5092] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5092] close(3)                    = 0
[pid  5092] mkdir("./file0", 0777)      = 0
[   65.838411][ T5092] loop0: detected capacity change from 0 to 8192
[   65.848636][ T5092] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   65.862181][ T5092] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   65.871526][ T5092] REISERFS (device loop0): using ordered data mode
[   65.878023][ T5092] reiserfs: using flush barriers
[   65.883856][ T5092] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   65.900471][ T5092] REISERFS (device loop0): checking transaction log (loop0)
[pid  5092] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5092] chdir("./file0")            = 0
[pid  5092] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5092] close(4)                    = 0
[pid  5092] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5092] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5092] ftruncate(5, 33587199)      = 0
[pid  5092] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   65.929701][ T5092] REISERFS (device loop0): Using r5 hash to sort names
[   65.936645][ T5092] REISERFS (device loop0): using 3.5.x disk format
[   65.943488][ T5092] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5092] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5092] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5092] exit_group(0)               = ?
[pid  5092] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./10/binderfs")                 = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./10/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./10")                           = 0
mkdir("./11", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5094
./strace-static-x86_64: Process 5094 attached
[pid  5094] chdir("./11")               = 0
[pid  5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5094] setpgid(0, 0)               = 0
[pid  5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5094] write(3, "1000", 4)         = 4
[pid  5094] close(3)                    = 0
[pid  5094] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5094] memfd_create("syzkaller", 0) = 3
[pid  5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5094] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5094] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5094] close(3)                    = 0
[pid  5094] mkdir("./file0", 0777)      = 0
[   66.083504][ T5094] loop0: detected capacity change from 0 to 8192
[   66.093062][ T5094] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   66.106113][ T5094] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   66.115319][ T5094] REISERFS (device loop0): using ordered data mode
[   66.121870][ T5094] reiserfs: using flush barriers
[   66.127594][ T5094] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   66.143982][ T5094] REISERFS (device loop0): checking transaction log (loop0)
[   66.173088][ T5094] REISERFS (device loop0): Using r5 hash to sort names
[pid  5094] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5094] chdir("./file0")            = 0
[pid  5094] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5094] close(4)                    = 0
[pid  5094] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5094] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5094] ftruncate(5, 33587199)      = 0
[pid  5094] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5094] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5094] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5094] exit_group(0)               = ?
[   66.180056][ T5094] REISERFS (device loop0): using 3.5.x disk format
[   66.186687][ T5094] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5094] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} ---
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./11/binderfs")                 = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./11/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./11")                           = 0
mkdir("./12", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5096
./strace-static-x86_64: Process 5096 attached
[pid  5096] chdir("./12")               = 0
[pid  5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5096] setpgid(0, 0)               = 0
[pid  5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5096] write(3, "1000", 4)         = 4
[pid  5096] close(3)                    = 0
[pid  5096] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5096] memfd_create("syzkaller", 0) = 3
[pid  5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5096] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5096] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5096] close(3)                    = 0
[pid  5096] mkdir("./file0", 0777)      = 0
[   66.331772][ T5096] loop0: detected capacity change from 0 to 8192
[   66.341970][ T5096] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   66.355322][ T5096] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   66.364773][ T5096] REISERFS (device loop0): using ordered data mode
[   66.371425][ T5096] reiserfs: using flush barriers
[   66.376983][ T5096] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   66.393657][ T5096] REISERFS (device loop0): checking transaction log (loop0)
[pid  5096] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5096] chdir("./file0")            = 0
[pid  5096] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5096] close(4)                    = 0
[pid  5096] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5096] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5096] ftruncate(5, 33587199)      = 0
[pid  5096] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   66.423269][ T5096] REISERFS (device loop0): Using r5 hash to sort names
[   66.430196][ T5096] REISERFS (device loop0): using 3.5.x disk format
[   66.436864][ T5096] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5096] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5096] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5096] exit_group(0)               = ?
[pid  5096] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./12/binderfs")                 = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./12/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./12")                           = 0
mkdir("./13", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5098
./strace-static-x86_64: Process 5098 attached
[pid  5098] chdir("./13")               = 0
[pid  5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5098] setpgid(0, 0)               = 0
[pid  5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5098] write(3, "1000", 4)         = 4
[pid  5098] close(3)                    = 0
[pid  5098] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5098] memfd_create("syzkaller", 0) = 3
[pid  5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5098] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5098] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5098] close(3)                    = 0
[pid  5098] mkdir("./file0", 0777)      = 0
[   66.573264][ T5098] loop0: detected capacity change from 0 to 8192
[   66.582720][ T5098] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   66.595781][ T5098] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   66.605068][ T5098] REISERFS (device loop0): using ordered data mode
[   66.611652][ T5098] reiserfs: using flush barriers
[   66.617223][ T5098] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   66.633664][ T5098] REISERFS (device loop0): checking transaction log (loop0)
[pid  5098] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5098] chdir("./file0")            = 0
[pid  5098] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5098] close(4)                    = 0
[pid  5098] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5098] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5098] ftruncate(5, 33587199)      = 0
[pid  5098] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   66.663725][ T5098] REISERFS (device loop0): Using r5 hash to sort names
[   66.670664][ T5098] REISERFS (device loop0): using 3.5.x disk format
[   66.677372][ T5098] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5098] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5098] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5098] exit_group(0)               = ?
[pid  5098] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./13/binderfs")                 = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./13/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./13")                           = 0
mkdir("./14", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5100
./strace-static-x86_64: Process 5100 attached
[pid  5100] chdir("./14")               = 0
[pid  5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5100] setpgid(0, 0)               = 0
[pid  5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5100] write(3, "1000", 4)         = 4
[pid  5100] close(3)                    = 0
[pid  5100] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5100] memfd_create("syzkaller", 0) = 3
[pid  5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5100] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5100] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5100] close(3)                    = 0
[pid  5100] mkdir("./file0", 0777)      = 0
[   66.812206][ T5100] loop0: detected capacity change from 0 to 8192
[   66.821705][ T5100] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   66.834813][ T5100] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   66.844146][ T5100] REISERFS (device loop0): using ordered data mode
[   66.850784][ T5100] reiserfs: using flush barriers
[   66.856505][ T5100] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   66.873081][ T5100] REISERFS (device loop0): checking transaction log (loop0)
[pid  5100] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5100] chdir("./file0")            = 0
[pid  5100] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5100] close(4)                    = 0
[pid  5100] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5100] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5100] ftruncate(5, 33587199)      = 0
[pid  5100] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   66.905321][ T5100] REISERFS (device loop0): Using r5 hash to sort names
[   66.912342][ T5100] REISERFS (device loop0): using 3.5.x disk format
[   66.919014][ T5100] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5100] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5100] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5100] exit_group(0)               = ?
[pid  5100] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./14/binderfs")                 = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./14/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./14")                           = 0
mkdir("./15", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached
 <unfinished ...>
[pid  5102] chdir("./15")               = 0
[pid  5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5102] setpgid(0, 0)               = 0
[pid  5070] <... clone resumed>, child_tidptr=0x5555566d75d0) = 5102
[pid  5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5102] write(3, "1000", 4)         = 4
[pid  5102] close(3)                    = 0
[pid  5102] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5102] memfd_create("syzkaller", 0) = 3
[pid  5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5102] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5102] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5102] close(3)                    = 0
[pid  5102] mkdir("./file0", 0777)      = 0
[   67.060943][ T5102] loop0: detected capacity change from 0 to 8192
[   67.071610][ T5102] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   67.084733][ T5102] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   67.094157][ T5102] REISERFS (device loop0): using ordered data mode
[   67.100820][ T5102] reiserfs: using flush barriers
[   67.106406][ T5102] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   67.123280][ T5102] REISERFS (device loop0): checking transaction log (loop0)
[pid  5102] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5102] chdir("./file0")            = 0
[pid  5102] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5102] close(4)                    = 0
[pid  5102] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5102] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5102] ftruncate(5, 33587199)      = 0
[pid  5102] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   67.164929][ T5102] REISERFS (device loop0): Using r5 hash to sort names
[   67.171973][ T5102] REISERFS (device loop0): using 3.5.x disk format
[   67.178795][ T5102] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5102] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5102] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5102] exit_group(0)               = ?
[pid  5102] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./15/binderfs")                 = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./15/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./15")                           = 0
mkdir("./16", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5104
./strace-static-x86_64: Process 5104 attached
[pid  5104] chdir("./16")               = 0
[pid  5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5104] setpgid(0, 0)               = 0
[pid  5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5104] write(3, "1000", 4)         = 4
[pid  5104] close(3)                    = 0
[pid  5104] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5104] memfd_create("syzkaller", 0) = 3
[pid  5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5104] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5104] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5104] close(3)                    = 0
[pid  5104] mkdir("./file0", 0777)      = 0
[   67.336908][ T5104] loop0: detected capacity change from 0 to 8192
[   67.346039][ T5104] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   67.359103][ T5104] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   67.368423][ T5104] REISERFS (device loop0): using ordered data mode
[   67.374949][ T5104] reiserfs: using flush barriers
[   67.380559][ T5104] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   67.396942][ T5104] REISERFS (device loop0): checking transaction log (loop0)
[   67.424683][ T5104] REISERFS (device loop0): Using r5 hash to sort names
[pid  5104] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5104] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5104] chdir("./file0")            = 0
[pid  5104] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5104] close(4)                    = 0
[pid  5104] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5104] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5104] ftruncate(5, 33587199)      = 0
[pid  5104] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5104] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5104] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5104] exit_group(0)               = ?
[pid  5104] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./16/binderfs")                 = 0
[   67.431592][ T5104] REISERFS (device loop0): using 3.5.x disk format
[   67.438269][ T5104] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./16/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./16")                           = 0
mkdir("./17", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5106
./strace-static-x86_64: Process 5106 attached
[pid  5106] chdir("./17")               = 0
[pid  5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5106] setpgid(0, 0)               = 0
[pid  5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5106] write(3, "1000", 4)         = 4
[pid  5106] close(3)                    = 0
[pid  5106] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5106] memfd_create("syzkaller", 0) = 3
[pid  5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5106] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5106] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5106] close(3)                    = 0
[pid  5106] mkdir("./file0", 0777)      = 0
[   67.569732][ T5106] loop0: detected capacity change from 0 to 8192
[   67.577862][ T5106] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   67.590865][ T5106] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   67.600132][ T5106] REISERFS (device loop0): using ordered data mode
[   67.606623][ T5106] reiserfs: using flush barriers
[   67.612240][ T5106] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   67.628605][ T5106] REISERFS (device loop0): checking transaction log (loop0)
[   67.657484][ T5106] REISERFS (device loop0): Using r5 hash to sort names
[pid  5106] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5106] chdir("./file0")            = 0
[pid  5106] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5106] close(4)                    = 0
[pid  5106] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5106] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5106] ftruncate(5, 33587199)      = 0
[pid  5106] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5106] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5106] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5106] exit_group(0)               = ?
[pid  5106] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
[   67.664422][ T5106] REISERFS (device loop0): using 3.5.x disk format
[   67.671360][ T5106] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./17/binderfs")                 = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./17/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./17")                           = 0
mkdir("./18", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5108
./strace-static-x86_64: Process 5108 attached
[pid  5108] chdir("./18")               = 0
[pid  5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5108] setpgid(0, 0)               = 0
[pid  5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5108] write(3, "1000", 4)         = 4
[pid  5108] close(3)                    = 0
[pid  5108] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5108] memfd_create("syzkaller", 0) = 3
[pid  5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5108] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5108] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5108] close(3)                    = 0
[pid  5108] mkdir("./file0", 0777)      = 0
[   67.804364][ T5108] loop0: detected capacity change from 0 to 8192
[   67.812780][ T5108] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   67.825947][ T5108] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   67.835549][ T5108] REISERFS (device loop0): using ordered data mode
[   67.842214][ T5108] reiserfs: using flush barriers
[   67.847729][ T5108] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   67.864250][ T5108] REISERFS (device loop0): checking transaction log (loop0)
[   67.892280][ T5108] REISERFS (device loop0): Using r5 hash to sort names
[pid  5108] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5108] chdir("./file0")            = 0
[pid  5108] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5108] close(4)                    = 0
[pid  5108] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5108] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5108] ftruncate(5, 33587199)      = 0
[pid  5108] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5108] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5108] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5108] exit_group(0)               = ?
[pid  5108] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./18/binderfs")                 = 0
[   67.899163][ T5108] REISERFS (device loop0): using 3.5.x disk format
[   67.905911][ T5108] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./18/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./18")                           = 0
mkdir("./19", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5110
./strace-static-x86_64: Process 5110 attached
[pid  5110] chdir("./19")               = 0
[pid  5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5110] setpgid(0, 0)               = 0
[pid  5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5110] write(3, "1000", 4)         = 4
[pid  5110] close(3)                    = 0
[pid  5110] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5110] memfd_create("syzkaller", 0) = 3
[pid  5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5110] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5110] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5110] close(3)                    = 0
[pid  5110] mkdir("./file0", 0777)      = 0
[   68.046102][ T5110] loop0: detected capacity change from 0 to 8192
[   68.055449][ T5110] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   68.068676][ T5110] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   68.077991][ T5110] REISERFS (device loop0): using ordered data mode
[   68.084543][ T5110] reiserfs: using flush barriers
[   68.090133][ T5110] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   68.106566][ T5110] REISERFS (device loop0): checking transaction log (loop0)
[   68.133894][ T5110] REISERFS (device loop0): Using r5 hash to sort names
[pid  5110] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5110] chdir("./file0")            = 0
[pid  5110] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5110] close(4)                    = 0
[pid  5110] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5110] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5110] ftruncate(5, 33587199)      = 0
[pid  5110] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5110] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5110] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5110] exit_group(0)               = ?
[pid  5110] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[   68.140830][ T5110] REISERFS (device loop0): using 3.5.x disk format
[   68.147491][ T5110] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./19/binderfs")                 = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./19/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./19")                           = 0
mkdir("./20", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5112
./strace-static-x86_64: Process 5112 attached
[pid  5112] chdir("./20")               = 0
[pid  5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5112] setpgid(0, 0)               = 0
[pid  5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5112] write(3, "1000", 4)         = 4
[pid  5112] close(3)                    = 0
[pid  5112] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5112] memfd_create("syzkaller", 0) = 3
[pid  5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5112] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5112] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5112] close(3)                    = 0
[pid  5112] mkdir("./file0", 0777)      = 0
[   68.289854][ T5112] loop0: detected capacity change from 0 to 8192
[   68.298263][ T5112] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   68.311965][ T5112] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   68.321318][ T5112] REISERFS (device loop0): using ordered data mode
[   68.328337][ T5112] reiserfs: using flush barriers
[   68.334157][ T5112] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   68.350651][ T5112] REISERFS (device loop0): checking transaction log (loop0)
[   68.379492][ T5112] REISERFS (device loop0): Using r5 hash to sort names
[pid  5112] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5112] chdir("./file0")            = 0
[pid  5112] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5112] close(4)                    = 0
[pid  5112] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5112] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5112] ftruncate(5, 33587199)      = 0
[pid  5112] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5112] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5112] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[   68.386417][ T5112] REISERFS (device loop0): using 3.5.x disk format
[   68.393479][ T5112] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5112] exit_group(0)               = ?
[pid  5112] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./20/binderfs")                 = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./20/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./20")                           = 0
mkdir("./21", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5114
./strace-static-x86_64: Process 5114 attached
[pid  5114] chdir("./21")               = 0
[pid  5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5114] setpgid(0, 0)               = 0
[pid  5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5114] write(3, "1000", 4)         = 4
[pid  5114] close(3)                    = 0
[pid  5114] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5114] memfd_create("syzkaller", 0) = 3
[pid  5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5114] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5114] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5114] close(3)                    = 0
[pid  5114] mkdir("./file0", 0777)      = 0
[   68.553986][ T5114] loop0: detected capacity change from 0 to 8192
[   68.563056][ T5114] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   68.576151][ T5114] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   68.586200][ T5114] REISERFS (device loop0): using ordered data mode
[   68.592726][ T5114] reiserfs: using flush barriers
[   68.598431][ T5114] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   68.614827][ T5114] REISERFS (device loop0): checking transaction log (loop0)
[   68.644190][ T5114] REISERFS (device loop0): Using r5 hash to sort names
[pid  5114] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5114] chdir("./file0")            = 0
[pid  5114] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5114] close(4)                    = 0
[pid  5114] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5114] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5114] ftruncate(5, 33587199)      = 0
[pid  5114] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5114] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5114] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5114] exit_group(0)               = ?
[pid  5114] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./21/binderfs")                 = 0
[   68.651129][ T5114] REISERFS (device loop0): using 3.5.x disk format
[   68.657884][ T5114] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./21/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./21")                           = 0
mkdir("./22", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5116
./strace-static-x86_64: Process 5116 attached
[pid  5116] chdir("./22")               = 0
[pid  5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5116] setpgid(0, 0)               = 0
[pid  5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5116] write(3, "1000", 4)         = 4
[pid  5116] close(3)                    = 0
[pid  5116] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5116] memfd_create("syzkaller", 0) = 3
[pid  5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5116] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5116] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5116] close(3)                    = 0
[pid  5116] mkdir("./file0", 0777)      = 0
[   68.783875][ T5116] loop0: detected capacity change from 0 to 8192
[   68.793599][ T5116] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   68.806846][ T5116] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   68.816324][ T5116] REISERFS (device loop0): using ordered data mode
[   68.823044][ T5116] reiserfs: using flush barriers
[   68.828608][ T5116] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   68.845094][ T5116] REISERFS (device loop0): checking transaction log (loop0)
[pid  5116] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5116] chdir("./file0")            = 0
[pid  5116] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5116] close(4)                    = 0
[pid  5116] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5116] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5116] ftruncate(5, 33587199)      = 0
[pid  5116] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   68.875202][ T5116] REISERFS (device loop0): Using r5 hash to sort names
[   68.882127][ T5116] REISERFS (device loop0): using 3.5.x disk format
[   68.888786][ T5116] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5116] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5116] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5116] exit_group(0)               = ?
[pid  5116] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./22/binderfs")                 = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./22/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./22")                           = 0
mkdir("./23", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5118
./strace-static-x86_64: Process 5118 attached
[pid  5118] chdir("./23")               = 0
[pid  5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5118] setpgid(0, 0)               = 0
[pid  5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5118] write(3, "1000", 4)         = 4
[pid  5118] close(3)                    = 0
[pid  5118] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5118] memfd_create("syzkaller", 0) = 3
[pid  5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5118] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5118] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5118] close(3)                    = 0
[pid  5118] mkdir("./file0", 0777)      = 0
[   69.035580][ T5118] loop0: detected capacity change from 0 to 8192
[   69.045628][ T5118] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   69.058779][ T5118] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   69.068019][ T5118] REISERFS (device loop0): using ordered data mode
[   69.074628][ T5118] reiserfs: using flush barriers
[   69.080226][ T5118] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   69.096585][ T5118] REISERFS (device loop0): checking transaction log (loop0)
[   69.124018][ T5118] REISERFS (device loop0): Using r5 hash to sort names
[pid  5118] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5118] chdir("./file0")            = 0
[pid  5118] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5118] close(4)                    = 0
[pid  5118] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5118] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5118] ftruncate(5, 33587199)      = 0
[pid  5118] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5118] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5118] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5118] exit_group(0)               = ?
[   69.130961][ T5118] REISERFS (device loop0): using 3.5.x disk format
[   69.137616][ T5118] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5118] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./23/binderfs")                 = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./23/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./23")                           = 0
mkdir("./24", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5120
./strace-static-x86_64: Process 5120 attached
[pid  5120] chdir("./24")               = 0
[pid  5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5120] setpgid(0, 0)               = 0
[pid  5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5120] write(3, "1000", 4)         = 4
[pid  5120] close(3)                    = 0
[pid  5120] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5120] memfd_create("syzkaller", 0) = 3
[pid  5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5120] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5120] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5120] close(3)                    = 0
[pid  5120] mkdir("./file0", 0777)      = 0
[   69.284667][ T5120] loop0: detected capacity change from 0 to 8192
[   69.294150][ T5120] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   69.307150][ T5120] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   69.316356][ T5120] REISERFS (device loop0): using ordered data mode
[   69.322966][ T5120] reiserfs: using flush barriers
[   69.328612][ T5120] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   69.344961][ T5120] REISERFS (device loop0): checking transaction log (loop0)
[   69.373021][ T5120] REISERFS (device loop0): Using r5 hash to sort names
[pid  5120] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5120] chdir("./file0")            = 0
[pid  5120] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5120] close(4)                    = 0
[pid  5120] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5120] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5120] ftruncate(5, 33587199)      = 0
[pid  5120] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5120] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5120] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5120] exit_group(0)               = ?
[pid  5120] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   69.380118][ T5120] REISERFS (device loop0): using 3.5.x disk format
[   69.387237][ T5120] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./24/binderfs")                 = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./24/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./24")                           = 0
mkdir("./25", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5122 attached
, child_tidptr=0x5555566d75d0) = 5122
[pid  5122] chdir("./25")               = 0
[pid  5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5122] setpgid(0, 0)               = 0
[pid  5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5122] write(3, "1000", 4)         = 4
[pid  5122] close(3)                    = 0
[pid  5122] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5122] memfd_create("syzkaller", 0) = 3
[pid  5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5122] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5122] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5122] close(3)                    = 0
[pid  5122] mkdir("./file0", 0777)      = 0
[   69.531417][ T5122] loop0: detected capacity change from 0 to 8192
[   69.541225][ T5122] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   69.554205][ T5122] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   69.563390][ T5122] REISERFS (device loop0): using ordered data mode
[   69.569920][ T5122] reiserfs: using flush barriers
[   69.575485][ T5122] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   69.591862][ T5122] REISERFS (device loop0): checking transaction log (loop0)
[   69.618668][ T5122] REISERFS (device loop0): Using r5 hash to sort names
[pid  5122] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5122] chdir("./file0")            = 0
[pid  5122] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5122] close(4)                    = 0
[pid  5122] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5122] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5122] ftruncate(5, 33587199)      = 0
[pid  5122] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5122] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5122] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5122] exit_group(0)               = ?
[pid  5122] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./25/binderfs")                 = 0
[   69.625794][ T5122] REISERFS (device loop0): using 3.5.x disk format
[   69.632852][ T5122] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./25/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./25")                           = 0
mkdir("./26", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5124
./strace-static-x86_64: Process 5124 attached
[pid  5124] chdir("./26")               = 0
[pid  5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5124] setpgid(0, 0)               = 0
[pid  5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5124] write(3, "1000", 4)         = 4
[pid  5124] close(3)                    = 0
[pid  5124] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5124] memfd_create("syzkaller", 0) = 3
[pid  5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5124] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5124] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5124] close(3)                    = 0
[pid  5124] mkdir("./file0", 0777)      = 0
[   69.770615][ T5124] loop0: detected capacity change from 0 to 8192
[   69.779133][ T5124] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   69.792390][ T5124] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   69.801620][ T5124] REISERFS (device loop0): using ordered data mode
[   69.808117][ T5124] reiserfs: using flush barriers
[   69.813797][ T5124] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   69.830565][ T5124] REISERFS (device loop0): checking transaction log (loop0)
[pid  5124] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5124] chdir("./file0")            = 0
[pid  5124] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5124] close(4)                    = 0
[pid  5124] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5124] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5124] ftruncate(5, 33587199)      = 0
[pid  5124] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   69.861273][ T5124] REISERFS (device loop0): Using r5 hash to sort names
[   69.868203][ T5124] REISERFS (device loop0): using 3.5.x disk format
[   69.875067][ T5124] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5124] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5124] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5124] exit_group(0)               = ?
[pid  5124] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./26/binderfs")                 = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./26/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./26")                           = 0
mkdir("./27", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5126
./strace-static-x86_64: Process 5126 attached
[pid  5126] chdir("./27")               = 0
[pid  5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5126] setpgid(0, 0)               = 0
[pid  5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5126] write(3, "1000", 4)         = 4
[pid  5126] close(3)                    = 0
[pid  5126] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5126] memfd_create("syzkaller", 0) = 3
[pid  5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5126] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5126] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5126] close(3)                    = 0
[pid  5126] mkdir("./file0", 0777)      = 0
[   70.015622][ T5126] loop0: detected capacity change from 0 to 8192
[   70.025571][ T5126] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   70.039017][ T5126] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   70.048499][ T5126] REISERFS (device loop0): using ordered data mode
[   70.055380][ T5126] reiserfs: using flush barriers
[   70.061321][ T5126] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   70.077915][ T5126] REISERFS (device loop0): checking transaction log (loop0)
[pid  5126] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5126] chdir("./file0")            = 0
[pid  5126] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5126] close(4)                    = 0
[pid  5126] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5126] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5126] ftruncate(5, 33587199)      = 0
[pid  5126] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   70.107100][ T5126] REISERFS (device loop0): Using r5 hash to sort names
[   70.114320][ T5126] REISERFS (device loop0): using 3.5.x disk format
[   70.121214][ T5126] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5126] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5126] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5126] exit_group(0)               = ?
[pid  5126] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} ---
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./27/binderfs")                 = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./27/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./27")                           = 0
mkdir("./28", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5128
./strace-static-x86_64: Process 5128 attached
[pid  5128] chdir("./28")               = 0
[pid  5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5128] setpgid(0, 0)               = 0
[pid  5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5128] write(3, "1000", 4)         = 4
[pid  5128] close(3)                    = 0
[pid  5128] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5128] memfd_create("syzkaller", 0) = 3
[pid  5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5128] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5128] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5128] close(3)                    = 0
[pid  5128] mkdir("./file0", 0777)      = 0
[   70.263454][ T5128] loop0: detected capacity change from 0 to 8192
[   70.272186][ T5128] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   70.285586][ T5128] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   70.295351][ T5128] REISERFS (device loop0): using ordered data mode
[   70.302148][ T5128] reiserfs: using flush barriers
[   70.307704][ T5128] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   70.324475][ T5128] REISERFS (device loop0): checking transaction log (loop0)
[pid  5128] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5128] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5128] chdir("./file0")            = 0
[pid  5128] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5128] close(4)                    = 0
[pid  5128] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5128] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5128] ftruncate(5, 33587199)      = 0
[pid  5128] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   70.355269][ T5128] REISERFS (device loop0): Using r5 hash to sort names
[   70.362203][ T5128] REISERFS (device loop0): using 3.5.x disk format
[   70.368861][ T5128] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5128] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5128] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5128] exit_group(0)               = ?
[pid  5128] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./28/binderfs")                 = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./28/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./28")                           = 0
mkdir("./29", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5130 attached
 <unfinished ...>
[pid  5130] chdir("./29")               = 0
[pid  5130] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5130] setpgid(0, 0)               = 0
[pid  5130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5130] write(3, "1000", 4)         = 4
[pid  5130] close(3)                    = 0
[pid  5130] symlink("/dev/binderfs", "./binderfs" <unfinished ...>
[pid  5070] <... clone resumed>, child_tidptr=0x5555566d75d0) = 5130
[pid  5130] <... symlink resumed>)      = 0
[pid  5130] memfd_create("syzkaller", 0) = 3
[pid  5130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5130] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5130] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5130] close(3)                    = 0
[pid  5130] mkdir("./file0", 0777)      = 0
[   70.516108][ T5130] loop0: detected capacity change from 0 to 8192
[   70.525562][ T5130] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   70.538617][ T5130] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   70.547860][ T5130] REISERFS (device loop0): using ordered data mode
[   70.554399][ T5130] reiserfs: using flush barriers
[   70.560028][ T5130] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   70.576321][ T5130] REISERFS (device loop0): checking transaction log (loop0)
[   70.606475][ T5130] REISERFS (device loop0): Using r5 hash to sort names
[pid  5130] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5130] chdir("./file0")            = 0
[pid  5130] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5130] close(4)                    = 0
[pid  5130] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5130] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5130] ftruncate(5, 33587199)      = 0
[pid  5130] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5130] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5130] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5130] exit_group(0)               = ?
[pid  5130] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5130, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./29/binderfs")                 = 0
[   70.613413][ T5130] REISERFS (device loop0): using 3.5.x disk format
[   70.620150][ T5130] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./29/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./29")                           = 0
mkdir("./30", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5132
./strace-static-x86_64: Process 5132 attached
[pid  5132] chdir("./30")               = 0
[pid  5132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5132] setpgid(0, 0)               = 0
[pid  5132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5132] write(3, "1000", 4)         = 4
[pid  5132] close(3)                    = 0
[pid  5132] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5132] memfd_create("syzkaller", 0) = 3
[pid  5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5132] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5132] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5132] close(3)                    = 0
[pid  5132] mkdir("./file0", 0777)      = 0
[   70.751443][ T5132] loop0: detected capacity change from 0 to 8192
[   70.759936][ T5132] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   70.772970][ T5132] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   70.782499][ T5132] REISERFS (device loop0): using ordered data mode
[   70.789037][ T5132] reiserfs: using flush barriers
[   70.794764][ T5132] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   70.811033][ T5132] REISERFS (device loop0): checking transaction log (loop0)
[   70.837529][ T5132] REISERFS (device loop0): Using r5 hash to sort names
[   70.844496][ T5132] REISERFS (device loop0): using 3.5.x disk format
[pid  5132] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5132] chdir("./file0")            = 0
[pid  5132] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5132] close(4)                    = 0
[pid  5132] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5132] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5132] ftruncate(5, 33587199)      = 0
[pid  5132] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5132] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5132] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5132] exit_group(0)               = ?
[pid  5132] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5132, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[   70.851266][ T5132] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./30/binderfs")                 = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./30/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./30")                           = 0
mkdir("./31", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5134 attached
, child_tidptr=0x5555566d75d0) = 5134
[pid  5134] chdir("./31")               = 0
[pid  5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5134] setpgid(0, 0)               = 0
[pid  5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5134] write(3, "1000", 4)         = 4
[pid  5134] close(3)                    = 0
[pid  5134] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5134] memfd_create("syzkaller", 0) = 3
[pid  5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5134] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5134] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5134] close(3)                    = 0
[pid  5134] mkdir("./file0", 0777)      = 0
[   70.988702][ T5134] loop0: detected capacity change from 0 to 8192
[   70.998159][ T5134] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   71.011254][ T5134] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   71.020603][ T5134] REISERFS (device loop0): using ordered data mode
[   71.027089][ T5134] reiserfs: using flush barriers
[   71.032886][ T5134] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   71.049261][ T5134] REISERFS (device loop0): checking transaction log (loop0)
[   71.076785][ T5134] REISERFS (device loop0): Using r5 hash to sort names
[pid  5134] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5134] chdir("./file0")            = 0
[pid  5134] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5134] close(4)                    = 0
[pid  5134] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5134] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5134] ftruncate(5, 33587199)      = 0
[pid  5134] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5134] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5134] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5134] exit_group(0)               = ?
[   71.083709][ T5134] REISERFS (device loop0): using 3.5.x disk format
[   71.090568][ T5134] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5134] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./31/binderfs")                 = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./31/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./31")                           = 0
mkdir("./32", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5136
./strace-static-x86_64: Process 5136 attached
[pid  5136] chdir("./32")               = 0
[pid  5136] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5136] setpgid(0, 0)               = 0
[pid  5136] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5136] write(3, "1000", 4)         = 4
[pid  5136] close(3)                    = 0
[pid  5136] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5136] memfd_create("syzkaller", 0) = 3
[pid  5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5136] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5136] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5136] close(3)                    = 0
[pid  5136] mkdir("./file0", 0777)      = 0
[   71.224952][ T5136] loop0: detected capacity change from 0 to 8192
[   71.249973][ T5136] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   71.263335][ T5136] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   71.272981][ T5136] REISERFS (device loop0): using ordered data mode
[   71.279897][ T5136] reiserfs: using flush barriers
[   71.285887][ T5136] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   71.302735][ T5136] REISERFS (device loop0): checking transaction log (loop0)
[pid  5136] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5136] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5136] chdir("./file0")            = 0
[pid  5136] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5136] close(4)                    = 0
[pid  5136] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5136] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5136] ftruncate(5, 33587199)      = 0
[pid  5136] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   71.338758][ T5136] REISERFS (device loop0): Using r5 hash to sort names
[   71.345659][ T5136] REISERFS (device loop0): using 3.5.x disk format
[   71.352484][ T5136] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5136] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5136] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5136] exit_group(0)               = ?
[pid  5136] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5136, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./32/binderfs")                 = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./32/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./32")                           = 0
mkdir("./33", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5138 attached
, child_tidptr=0x5555566d75d0) = 5138
[pid  5138] chdir("./33")               = 0
[pid  5138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5138] setpgid(0, 0)               = 0
[pid  5138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5138] write(3, "1000", 4)         = 4
[pid  5138] close(3)                    = 0
[pid  5138] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5138] memfd_create("syzkaller", 0) = 3
[pid  5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5138] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5138] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5138] close(3)                    = 0
[pid  5138] mkdir("./file0", 0777)      = 0
[   71.495930][ T5138] loop0: detected capacity change from 0 to 8192
[   71.505255][ T5138] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   71.518306][ T5138] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   71.527524][ T5138] REISERFS (device loop0): using ordered data mode
[   71.534087][ T5138] reiserfs: using flush barriers
[   71.539897][ T5138] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   71.556219][ T5138] REISERFS (device loop0): checking transaction log (loop0)
[   71.585318][ T5138] REISERFS (device loop0): Using r5 hash to sort names
[pid  5138] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5138] chdir("./file0")            = 0
[pid  5138] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5138] close(4)                    = 0
[pid  5138] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5138] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5138] ftruncate(5, 33587199)      = 0
[pid  5138] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5138] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5138] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5138] exit_group(0)               = ?
[   71.592249][ T5138] REISERFS (device loop0): using 3.5.x disk format
[   71.598901][ T5138] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5138] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5138, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./33/binderfs")                 = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./33/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./33")                           = 0
mkdir("./34", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5140
./strace-static-x86_64: Process 5140 attached
[pid  5140] chdir("./34")               = 0
[pid  5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5140] setpgid(0, 0)               = 0
[pid  5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5140] write(3, "1000", 4)         = 4
[pid  5140] close(3)                    = 0
[pid  5140] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5140] memfd_create("syzkaller", 0) = 3
[pid  5140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5140] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5140] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5140] close(3)                    = 0
[pid  5140] mkdir("./file0", 0777)      = 0
[   71.742633][ T5140] loop0: detected capacity change from 0 to 8192
[   71.751710][ T5140] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   71.764753][ T5140] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   71.774195][ T5140] REISERFS (device loop0): using ordered data mode
[   71.780736][ T5140] reiserfs: using flush barriers
[   71.786369][ T5140] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   71.802987][ T5140] REISERFS (device loop0): checking transaction log (loop0)
[   71.832129][ T5140] REISERFS (device loop0): Using r5 hash to sort names
[pid  5140] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5140] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5140] chdir("./file0")            = 0
[pid  5140] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5140] close(4)                    = 0
[pid  5140] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5140] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5140] ftruncate(5, 33587199)      = 0
[pid  5140] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[pid  5140] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5140] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5140] exit_group(0)               = ?
[   71.839010][ T5140] REISERFS (device loop0): using 3.5.x disk format
[   71.845772][ T5140] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5140] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} ---
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./34/binderfs")                 = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./34/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./34")                           = 0
mkdir("./35", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5142
./strace-static-x86_64: Process 5142 attached
[pid  5142] chdir("./35")               = 0
[pid  5142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5142] setpgid(0, 0)               = 0
[pid  5142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5142] write(3, "1000", 4)         = 4
[pid  5142] close(3)                    = 0
[pid  5142] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5142] memfd_create("syzkaller", 0) = 3
[pid  5142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5142] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5142] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5142] close(3)                    = 0
[pid  5142] mkdir("./file0", 0777)      = 0
[   71.989602][ T5142] loop0: detected capacity change from 0 to 8192
[   71.998069][ T5142] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   72.011424][ T5142] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   72.020817][ T5142] REISERFS (device loop0): using ordered data mode
[   72.027743][ T5142] reiserfs: using flush barriers
[   72.033663][ T5142] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   72.050177][ T5142] REISERFS (device loop0): checking transaction log (loop0)
[pid  5142] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5142] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5142] chdir("./file0")            = 0
[pid  5142] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5142] close(4)                    = 0
[pid  5142] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5142] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5142] ftruncate(5, 33587199)      = 0
[pid  5142] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   72.079976][ T5142] REISERFS (device loop0): Using r5 hash to sort names
[   72.086864][ T5142] REISERFS (device loop0): using 3.5.x disk format
[   72.093808][ T5142] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5142] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5142] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5142] exit_group(0)               = ?
[pid  5142] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5142, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./35/binderfs")                 = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./35/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./35")                           = 0
mkdir("./36", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5144 attached
 <unfinished ...>
[pid  5144] chdir("./36")               = 0
[pid  5144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5144] setpgid(0, 0)               = 0
[pid  5070] <... clone resumed>, child_tidptr=0x5555566d75d0) = 5144
[pid  5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5144] write(3, "1000", 4)         = 4
[pid  5144] close(3)                    = 0
[pid  5144] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5144] memfd_create("syzkaller", 0) = 3
[pid  5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5144] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5144] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5144] close(3)                    = 0
[pid  5144] mkdir("./file0", 0777)      = 0
[   72.247882][ T5144] loop0: detected capacity change from 0 to 8192
[   72.257625][ T5144] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   72.271144][ T5144] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   72.280574][ T5144] REISERFS (device loop0): using ordered data mode
[   72.287125][ T5144] reiserfs: using flush barriers
[   72.292912][ T5144] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   72.309614][ T5144] REISERFS (device loop0): checking transaction log (loop0)
[pid  5144] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5144] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5144] chdir("./file0")            = 0
[pid  5144] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5144] close(4)                    = 0
[pid  5144] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5144] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5144] ftruncate(5, 33587199)      = 0
[pid  5144] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   72.341159][ T5144] REISERFS (device loop0): Using r5 hash to sort names
[   72.348141][ T5144] REISERFS (device loop0): using 3.5.x disk format
[   72.354974][ T5144] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5144] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5144] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5144] exit_group(0)               = ?
[pid  5144] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./36/binderfs")                 = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./36/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./36")                           = 0
mkdir("./37", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5146
./strace-static-x86_64: Process 5146 attached
[pid  5146] chdir("./37")               = 0
[pid  5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5146] setpgid(0, 0)               = 0
[pid  5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5146] write(3, "1000", 4)         = 4
[pid  5146] close(3)                    = 0
[pid  5146] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5146] memfd_create("syzkaller", 0) = 3
[pid  5146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5146] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5146] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5146] close(3)                    = 0
[pid  5146] mkdir("./file0", 0777)      = 0
[   72.503262][ T5146] loop0: detected capacity change from 0 to 8192
[   72.512881][ T5146] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   72.526835][ T5146] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   72.536194][ T5146] REISERFS (device loop0): using ordered data mode
[   72.542882][ T5146] reiserfs: using flush barriers
[   72.548454][ T5146] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   72.564974][ T5146] REISERFS (device loop0): checking transaction log (loop0)
[pid  5146] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5146] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5146] chdir("./file0")            = 0
[pid  5146] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5146] close(4)                    = 0
[pid  5146] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5146] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5146] ftruncate(5, 33587199)      = 0
[pid  5146] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   72.594038][ T5146] REISERFS (device loop0): Using r5 hash to sort names
[   72.600969][ T5146] REISERFS (device loop0): using 3.5.x disk format
[   72.607623][ T5146] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5146] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5146] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5146] exit_group(0)               = ?
[pid  5146] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} ---
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./37/binderfs")                 = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./37/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./37")                           = 0
mkdir("./38", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5148
./strace-static-x86_64: Process 5148 attached
[pid  5148] chdir("./38")               = 0
[pid  5148] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5148] setpgid(0, 0)               = 0
[pid  5148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5148] write(3, "1000", 4)         = 4
[pid  5148] close(3)                    = 0
[pid  5148] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5148] memfd_create("syzkaller", 0) = 3
[pid  5148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5148] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5148] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5148] close(3)                    = 0
[pid  5148] mkdir("./file0", 0777)      = 0
[   72.745124][ T5148] loop0: detected capacity change from 0 to 8192
[   72.755136][ T5148] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   72.768445][ T5148] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   72.777783][ T5148] REISERFS (device loop0): using ordered data mode
[   72.784460][ T5148] reiserfs: using flush barriers
[   72.790054][ T5148] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   72.806496][ T5148] REISERFS (device loop0): checking transaction log (loop0)
[pid  5148] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid  5148] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5148] chdir("./file0")            = 0
[pid  5148] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5148] close(4)                    = 0
[pid  5148] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4
[pid  5148] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 5
[pid  5148] ftruncate(5, 33587199)      = 0
[pid  5148] ioctl(4, FS_IOC_GETVERSION, 0) = -1 EFAULT (Bad address)
[   72.836353][ T5148] REISERFS (device loop0): Using r5 hash to sort names
[   72.843337][ T5148] REISERFS (device loop0): using 3.5.x disk format
[   72.850138][ T5148] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid  5148] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<<MAP_HUGE_SHIFT, 4, 0) = 0x20000000
[pid  5148] openat(AT_FDCWD, "/dev/cuse", O_RDWR) = 6
[pid  5148] exit_group(0)               = ?
[pid  5148] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5148, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555566d8620 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./38/binderfs")                 = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555566e0660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555566e0660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./38/file0")                     = 0
getdents64(3, 0x5555566d8620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./38")                           = 0
mkdir("./39", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555566d75d0) = 5150
./strace-static-x86_64: Process 5150 attached
[pid  5150] chdir("./39")               = 0
[pid  5150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5150] setpgid(0, 0)               = 0
[pid  5150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5150] write(3, "1000", 4)         = 4
[pid  5150] close(3)                    = 0
[pid  5150] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5150] memfd_create("syzkaller", 0) = 3
[pid  5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f701d0b5000
[pid  5150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid  5150] munmap(0x7f701d0b5000, 4194304) = 0
[pid  5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5150] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5150] close(3)                    = 0
[pid  5150] mkdir("./file0", 0777)      = 0
[   72.990319][ T5150] loop0: detected capacity change from 0 to 8192
[   72.998726][ T5150] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[   73.012090][ T5150] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[   73.021544][ T5150] REISERFS (device loop0): using ordered data mode
[   73.028182][ T5150] reiserfs: using flush barriers
[   73.034195][ T5150] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   73.050486][ T5150] REISERFS (device loop0): checking transaction log (loop0)
[   73.077173][ T5150] REISERFS (device loop0): Using r5 hash to sort names
[   73.084118][ T5150] REISERFS (device loop0): using 3.5.x disk format