./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1534275108
<...>
Warning: Permanently added '10.128.0.70' (ECDSA) to the list of known hosts.
execve("./syz-executor1534275108", ["./syz-executor1534275108"], 0x7ffd17ceff10 /* 10 vars */) = 0
brk(NULL) = 0x555555d22000
brk(0x555555d22c40) = 0x555555d22c40
arch_prctl(ARCH_SET_FS, 0x555555d22300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1534275108", 4096) = 28
brk(0x555555d43c40) = 0x555555d43c40
brk(0x555555d44000) = 0x555555d44000
mprotect(0x7fcd6a7bd000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5075
mkdir("./syzkaller.UMcN7U", 0700) = 0
chmod("./syzkaller.UMcN7U", 0777) = 0
chdir("./syzkaller.UMcN7U") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d225d0) = 5076
./strace-static-x86_64: Process 5076 attached
[pid 5076] chdir("./0") = 0
[pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5076] setpgid(0, 0) = 0
[pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5076] write(3, "1000", 4) = 4
[pid 5076] close(3) = 0
[pid 5076] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5076] memfd_create("syzkaller", 0) = 3
[pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd62301000
[pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 5076] munmap(0x7fcd62301000, 1048576) = 0
[pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5076] close(3) = 0
[pid 5076] mkdir("./file0", 0777) = 0
[pid 5076] mount("/dev/loop0", "./file0", "udf", MS_NOEXEC, "nostrict,umask=00000000000000000000001,undelete,iocharset=cp775,") = 0
[pid 5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5076] chdir("./file0") = 0
[pid 5076] ioctl(4, LOOP_CLR_FD) = 0
[pid 5076] close(4) = 0
[pid 5076] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5076] write(4, "14", 2) = 2
syzkaller login: [ 56.748003][ T5076] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5076 'syz-executor153'
[ 56.776975][ T5076] loop0: detected capacity change from 0 to 2048
[ 56.791559][ T5076] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 56.825439][ T5076] FAULT_INJECTION: forcing a failure.
[ 56.825439][ T5076] name failslab, interval 1, probability 0, space 0, times 1
[ 56.838280][ T5076] CPU: 1 PID: 5076 Comm: syz-executor153 Not tainted 6.2.0-rc1-next-20221226-syzkaller #0
[ 56.848193][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 56.858246][ T5076] Call Trace:
[ 56.861515][ T5076]
[ 56.864539][ T5076] dump_stack_lvl+0xd1/0x138
[ 56.869164][ T5076] should_fail_ex.cold+0x5/0xa
[ 56.873928][ T5076] should_failslab+0x9/0x20
[ 56.878429][ T5076] __kmem_cache_alloc_node+0x5b/0x430
[ 56.883800][ T5076] ? udf_fiiter_init+0x16c/0x630
[ 56.888741][ T5076] kmalloc_trace+0x26/0x60
[ 56.893152][ T5076] udf_fiiter_init+0x16c/0x630
[ 56.897912][ T5076] ? kasan_set_track+0x25/0x30
[ 56.902679][ T5076] udf_fiiter_find_entry+0x104/0x6c0
[ 56.907986][ T5076] udf_lookup.part.0+0x98/0x1e0
[ 56.912860][ T5076] ? udf_get_parent+0x1d0/0x1d0
[ 56.917717][ T5076] ? hook_path_mknod+0x47a/0x680
[ 56.922665][ T5076] ? d_alloc_parallel+0x694/0x1410
[ 56.927786][ T5076] ? map_id_up+0x178/0x2f0
[ 56.932231][ T5076] ? apparmor_path_mknod+0x16a/0x720
[ 56.937581][ T5076] ? from_kgid+0x8b/0xd0
[ 56.941844][ T5076] ? from_kuid_munged+0x130/0x130
[ 56.946883][ T5076] ? generic_permission+0x28f/0x7a0
[ 56.952093][ T5076] ? bpf_lsm_inode_permission+0x9/0x10
[ 56.957560][ T5076] ? security_inode_permission+0xc9/0xf0
[ 56.963213][ T5076] udf_lookup+0x6d/0x90
[ 56.967378][ T5076] lookup_open.isra.0+0x74c/0x1270
[ 56.972512][ T5076] ? link_path_walk.part.0+0xdf0/0xdf0
[ 56.977984][ T5076] ? rcu_read_lock_sched_held+0x3e/0x70
[ 56.983556][ T5076] ? lock_acquire+0x32/0xc0
[ 56.988068][ T5076] ? path_openat+0x90f/0x2a50
[ 56.992779][ T5076] path_openat+0x975/0x2a50
[ 56.997305][ T5076] ? path_lookupat+0x840/0x840
[ 57.002599][ T5076] do_filp_open+0x1ba/0x410
[ 57.008107][ T5076] ? may_open_dev+0xf0/0xf0
[ 57.014197][ T5076] ? find_held_lock+0x2d/0x110
[ 57.018982][ T5076] ? do_raw_spin_lock+0x124/0x2b0
[ 57.024021][ T5076] ? rwlock_bug.part.0+0x90/0x90
[ 57.028969][ T5076] ? _raw_spin_unlock+0x28/0x40
[ 57.033828][ T5076] ? alloc_fd+0x2d8/0x6d0
[ 57.038169][ T5076] do_sys_openat2+0x16d/0x4c0
[ 57.042850][ T5076] ? build_open_flags+0x6f0/0x6f0
[ 57.047878][ T5076] ? ptrace_notify+0xfe/0x140
[ 57.052559][ T5076] ? lock_downgrade+0x6e0/0x6e0
[ 57.057422][ T5076] __x64_sys_open+0x11d/0x1c0
[ 57.062105][ T5076] ? do_sys_open+0x150/0x150
[ 57.066699][ T5076] ? _raw_spin_unlock_irq+0x2e/0x50
[ 57.071907][ T5076] ? ptrace_notify+0xfe/0x140
[ 57.076595][ T5076] do_syscall_64+0x39/0xb0
[ 57.081026][ T5076] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.086923][ T5076] RIP: 0033:0x7fcd6a74ea39
[ 57.091337][ T5076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.110942][ T5076] RSP: 002b:00007ffc262fb5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[pid 5076] open("./bus", O_ACCMODE|O_CREAT|O_SYNC|O_NOATIME, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5076] exit_group(0) = ?
[pid 5076] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d23620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555d2b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d2b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555555d23620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d225d0) = 5078
./strace-static-x86_64: Process 5078 attached
[pid 5078] chdir("./1") = 0
[pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5078] setpgid(0, 0) = 0
[pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "1000", 4) = 4
[pid 5078] close(3) = 0
[pid 5078] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5078] memfd_create("syzkaller", 0) = 3
[pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd62301000
[pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 5078] munmap(0x7fcd62301000, 1048576) = 0
[pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5078] close(3) = 0
[pid 5078] mkdir("./file0", 0777) = 0
[ 57.119356][ T5076] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcd6a74ea39
[ 57.127329][ T5076] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 00000000200000c0
[ 57.135298][ T5076] RBP: 00007ffc262fb620 R08: 0000000000000002 R09: 00007ffc262fb630
[ 57.143266][ T5076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 57.151234][ T5076] R13: 00007ffc262fb660 R14: 00007ffc262fb640 R15: 0000000000000000
[ 57.159221][ T5076]
[pid 5078] mount("/dev/loop0", "./file0", "udf", MS_NOEXEC, "nostrict,umask=00000000000000000000001,undelete,iocharset=cp775,") = 0
[pid 5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5078] chdir("./file0") = 0
[pid 5078] ioctl(4, LOOP_CLR_FD) = 0
[pid 5078] close(4) = 0
[pid 5078] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5078] write(4, "14", 2) = 2
[ 57.235061][ T5078] loop0: detected capacity change from 0 to 2048
[ 57.249509][ T5078] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 57.264841][ T5078] FAULT_INJECTION: forcing a failure.
[ 57.264841][ T5078] name failslab, interval 1, probability 0, space 0, times 0
[ 57.277807][ T5078] CPU: 0 PID: 5078 Comm: syz-executor153 Not tainted 6.2.0-rc1-next-20221226-syzkaller #0
[ 57.287720][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 57.297783][ T5078] Call Trace:
[ 57.301068][ T5078]
[ 57.304012][ T5078] dump_stack_lvl+0xd1/0x138
[ 57.308618][ T5078] should_fail_ex.cold+0x5/0xa
[ 57.313392][ T5078] should_failslab+0x9/0x20
[ 57.317903][ T5078] __kmem_cache_alloc_node+0x5b/0x430
[ 57.323281][ T5078] ? udf_fiiter_init+0x16c/0x630
[ 57.328235][ T5078] kmalloc_trace+0x26/0x60
[ 57.332660][ T5078] udf_fiiter_init+0x16c/0x630
[ 57.337443][ T5078] ? kasan_set_track+0x25/0x30
[ 57.342219][ T5078] udf_fiiter_find_entry+0x104/0x6c0
[ 57.347521][ T5078] udf_lookup.part.0+0x98/0x1e0
[ 57.352377][ T5078] ? udf_get_parent+0x1d0/0x1d0
[ 57.357230][ T5078] ? hook_path_mknod+0x47a/0x680
[ 57.362176][ T5078] ? d_alloc_parallel+0x694/0x1410
[ 57.367296][ T5078] ? map_id_up+0x178/0x2f0
[ 57.372513][ T5078] ? apparmor_path_mknod+0x16a/0x720
[ 57.377814][ T5078] ? from_kgid+0x8b/0xd0
[ 57.382068][ T5078] ? from_kuid_munged+0x130/0x130
[ 57.387106][ T5078] ? generic_permission+0x28f/0x7a0
[ 57.392314][ T5078] ? bpf_lsm_inode_permission+0x9/0x10
[ 57.397781][ T5078] ? security_inode_permission+0xc9/0xf0
[ 57.403426][ T5078] udf_lookup+0x6d/0x90
[ 57.407594][ T5078] lookup_open.isra.0+0x74c/0x1270
[ 57.412740][ T5078] ? link_path_walk.part.0+0xdf0/0xdf0
[ 57.418736][ T5078] ? rcu_read_lock_sched_held+0x3e/0x70
[ 57.424302][ T5078] ? lock_acquire+0x32/0xc0
[ 57.428806][ T5078] ? path_openat+0x90f/0x2a50
[ 57.433511][ T5078] path_openat+0x975/0x2a50
[ 57.438037][ T5078] ? path_lookupat+0x840/0x840
[ 57.442822][ T5078] do_filp_open+0x1ba/0x410
[ 57.447335][ T5078] ? may_open_dev+0xf0/0xf0
[ 57.451863][ T5078] ? find_held_lock+0x2d/0x110
[ 57.456655][ T5078] ? do_raw_spin_lock+0x124/0x2b0
[ 57.461686][ T5078] ? rwlock_bug.part.0+0x90/0x90
[ 57.466636][ T5078] ? _raw_spin_unlock+0x28/0x40
[ 57.471546][ T5078] ? alloc_fd+0x2d8/0x6d0
[ 57.475896][ T5078] do_sys_openat2+0x16d/0x4c0
[ 57.480589][ T5078] ? build_open_flags+0x6f0/0x6f0
[ 57.485653][ T5078] ? ptrace_notify+0xfe/0x140
[ 57.490335][ T5078] ? lock_downgrade+0x6e0/0x6e0
[ 57.495194][ T5078] __x64_sys_open+0x11d/0x1c0
[ 57.499873][ T5078] ? do_sys_open+0x150/0x150
[ 57.504466][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50
[ 57.509669][ T5078] ? ptrace_notify+0xfe/0x140
[ 57.514354][ T5078] do_syscall_64+0x39/0xb0
[ 57.518784][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.524681][ T5078] RIP: 0033:0x7fcd6a74ea39
[pid 5078] open("./bus", O_ACCMODE|O_CREAT|O_SYNC|O_NOATIME, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5078] exit_group(0) = ?
[pid 5078] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d23620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 57.529099][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.548714][ T5078] RSP: 002b:00007ffc262fb5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 57.557149][ T5078] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcd6a74ea39
[ 57.565138][ T5078] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 00000000200000c0
[ 57.573112][ T5078] RBP: 00007ffc262fb620 R08: 0000000000000002 R09: 00007ffc262fb630
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555d2b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d2b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555555d23620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d225d0) = 5079
./strace-static-x86_64: Process 5079 attached
[pid 5079] chdir("./2") = 0
[pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5079] setpgid(0, 0) = 0
[pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5079] write(3, "1000", 4) = 4
[pid 5079] close(3) = 0
[pid 5079] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5079] memfd_create("syzkaller", 0) = 3
[pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd62301000
[pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 5079] munmap(0x7fcd62301000, 1048576) = 0
[pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 57.581082][ T5078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 57.589052][ T5078] R13: 00007ffc262fb660 R14: 00007ffc262fb640 R15: 0000000000000001
[ 57.597038][ T5078]
[pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5079] close(3) = 0
[pid 5079] mkdir("./file0", 0777) = 0
[pid 5079] mount("/dev/loop0", "./file0", "udf", MS_NOEXEC, "nostrict,umask=00000000000000000000001,undelete,iocharset=cp775,") = 0
[pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5079] chdir("./file0") = 0
[pid 5079] ioctl(4, LOOP_CLR_FD) = 0
[pid 5079] close(4) = 0
[pid 5079] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5079] write(4, "14", 2) = 2
[ 57.681403][ T5079] loop0: detected capacity change from 0 to 2048
[ 57.696575][ T5079] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 57.731811][ T5079] FAULT_INJECTION: forcing a failure.
[ 57.731811][ T5079] name failslab, interval 1, probability 0, space 0, times 0
[ 57.745187][ T5079] CPU: 0 PID: 5079 Comm: syz-executor153 Not tainted 6.2.0-rc1-next-20221226-syzkaller #0
[ 57.755080][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 57.765121][ T5079] Call Trace:
[ 57.768395][ T5079]
[ 57.771323][ T5079] dump_stack_lvl+0xd1/0x138
[ 57.775925][ T5079] should_fail_ex.cold+0x5/0xa
[ 57.780698][ T5079] should_failslab+0x9/0x20
[ 57.785199][ T5079] __kmem_cache_alloc_node+0x5b/0x430
[ 57.790558][ T5079] ? udf_fiiter_init+0x16c/0x630
[ 57.795492][ T5079] kmalloc_trace+0x26/0x60
[ 57.799901][ T5079] udf_fiiter_init+0x16c/0x630
[ 57.804660][ T5079] ? kasan_set_track+0x25/0x30
[ 57.809415][ T5079] udf_fiiter_find_entry+0x104/0x6c0
[ 57.814695][ T5079] udf_lookup.part.0+0x98/0x1e0
[ 57.819539][ T5079] ? udf_get_parent+0x1d0/0x1d0
[ 57.824379][ T5079] ? hook_path_mknod+0x47a/0x680
[ 57.829308][ T5079] ? d_alloc_parallel+0x694/0x1410
[ 57.834416][ T5079] ? map_id_up+0x178/0x2f0
[ 57.838832][ T5079] ? apparmor_path_mknod+0x16a/0x720
[ 57.844112][ T5079] ? from_kgid+0x8b/0xd0
[ 57.848351][ T5079] ? from_kuid_munged+0x130/0x130
[ 57.853376][ T5079] ? generic_permission+0x28f/0x7a0
[ 57.858585][ T5079] ? bpf_lsm_inode_permission+0x9/0x10
[ 57.864053][ T5079] ? security_inode_permission+0xc9/0xf0
[ 57.869699][ T5079] udf_lookup+0x6d/0x90
[ 57.873863][ T5079] lookup_open.isra.0+0x74c/0x1270
[ 57.878993][ T5079] ? link_path_walk.part.0+0xdf0/0xdf0
[ 57.884466][ T5079] ? rcu_read_lock_sched_held+0x3e/0x70
[ 57.890034][ T5079] ? lock_acquire+0x32/0xc0
[ 57.894539][ T5079] ? path_openat+0x90f/0x2a50
[ 57.899245][ T5079] path_openat+0x975/0x2a50
[ 57.903768][ T5079] ? path_lookupat+0x840/0x840
[ 57.908549][ T5079] do_filp_open+0x1ba/0x410
[ 57.913064][ T5079] ? may_open_dev+0xf0/0xf0
[ 57.917578][ T5079] ? find_held_lock+0x2d/0x110
[ 57.922362][ T5079] ? do_raw_spin_lock+0x124/0x2b0
[ 57.927392][ T5079] ? rwlock_bug.part.0+0x90/0x90
[ 57.932339][ T5079] ? _raw_spin_unlock+0x28/0x40
[ 57.937197][ T5079] ? alloc_fd+0x2d8/0x6d0
[ 57.941537][ T5079] do_sys_openat2+0x16d/0x4c0
[ 57.946220][ T5079] ? build_open_flags+0x6f0/0x6f0
[ 57.951248][ T5079] ? ptrace_notify+0xfe/0x140
[ 57.955933][ T5079] ? lock_downgrade+0x6e0/0x6e0
[ 57.960806][ T5079] __x64_sys_open+0x11d/0x1c0
[ 57.965498][ T5079] ? do_sys_open+0x150/0x150
[ 57.970104][ T5079] ? _raw_spin_unlock_irq+0x2e/0x50
[ 57.975324][ T5079] ? ptrace_notify+0xfe/0x140
[pid 5079] open("./bus", O_ACCMODE|O_CREAT|O_SYNC|O_NOATIME, 000) = -1 ENOMEM (Cannot allocate memory)
[ 57.980019][ T5079] do_syscall_64+0x39/0xb0
[ 57.984457][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.990358][ T5079] RIP: 0033:0x7fcd6a74ea39
[ 57.994774][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.014477][ T5079] RSP: 002b:00007ffc262fb5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 58.022895][ T5079] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcd6a74ea39
[pid 5079] exit_group(0) = ?
[pid 5079] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d23620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555d2b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d2b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555555d23620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d225d0) = 5080
./strace-static-x86_64: Process 5080 attached
[pid 5080] chdir("./3") = 0
[pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5080] setpgid(0, 0) = 0
[pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5080] write(3, "1000", 4) = 4
[pid 5080] close(3) = 0
[pid 5080] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5080] memfd_create("syzkaller", 0) = 3
[pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd62301000
[pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 5080] munmap(0x7fcd62301000, 1048576) = 0
[pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5080] close(3) = 0
[pid 5080] mkdir("./file0", 0777) = 0
[ 58.030870][ T5079] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 00000000200000c0
[ 58.038843][ T5079] RBP: 00007ffc262fb620 R08: 0000000000000002 R09: 00007ffc262fb630
[ 58.046816][ T5079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 58.054787][ T5079] R13: 00007ffc262fb660 R14: 00007ffc262fb640 R15: 0000000000000002
[ 58.062781][ T5079]
[pid 5080] mount("/dev/loop0", "./file0", "udf", MS_NOEXEC, "nostrict,umask=00000000000000000000001,undelete,iocharset=cp775,") = 0
[pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5080] chdir("./file0") = 0
[pid 5080] ioctl(4, LOOP_CLR_FD) = 0
[pid 5080] close(4) = 0
[pid 5080] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5080] write(4, "14", 2) = 2
[ 58.133899][ T5080] loop0: detected capacity change from 0 to 2048
[ 58.145815][ T5080] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 58.170351][ T5080] FAULT_INJECTION: forcing a failure.
[ 58.170351][ T5080] name failslab, interval 1, probability 0, space 0, times 0
[ 58.183381][ T5080] CPU: 0 PID: 5080 Comm: syz-executor153 Not tainted 6.2.0-rc1-next-20221226-syzkaller #0
[ 58.193270][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 58.203324][ T5080] Call Trace:
[ 58.206599][ T5080]
[ 58.209528][ T5080] dump_stack_lvl+0xd1/0x138
[ 58.214131][ T5080] should_fail_ex.cold+0x5/0xa
[ 58.218901][ T5080] ? security_inode_alloc+0x38/0x160
[ 58.224191][ T5080] should_failslab+0x9/0x20
[ 58.228703][ T5080] kmem_cache_alloc+0x5a/0x430
[ 58.233476][ T5080] security_inode_alloc+0x38/0x160
[ 58.238592][ T5080] inode_init_always+0xbfa/0xef0
[ 58.243541][ T5080] alloc_inode+0x82/0x230
[ 58.247884][ T5080] new_inode+0x2b/0x280
[ 58.252055][ T5080] udf_new_inode+0xfe/0x11f0
[ 58.256654][ T5080] ? udf_free_inode+0x320/0x320
[ 58.261504][ T5080] ? from_kuid_munged+0x130/0x130
[ 58.266539][ T5080] ? generic_permission+0x28f/0x7a0
[ 58.271743][ T5080] ? bpf_lsm_inode_permission+0x9/0x10
[ 58.277212][ T5080] ? security_inode_permission+0xc9/0xf0
[ 58.282850][ T5080] ? udf_mknod+0xd0/0xd0
[ 58.287096][ T5080] udf_create+0x21/0x180
[ 58.291345][ T5080] lookup_open.isra.0+0xee7/0x1270
[ 58.296472][ T5080] ? link_path_walk.part.0+0xdf0/0xdf0
[ 58.301945][ T5080] ? rcu_read_lock_sched_held+0x3e/0x70
[ 58.307520][ T5080] ? lock_acquire+0x32/0xc0
[ 58.312024][ T5080] ? path_openat+0x90f/0x2a50
[ 58.316731][ T5080] path_openat+0x975/0x2a50
[ 58.321260][ T5080] ? path_lookupat+0x840/0x840
[ 58.326049][ T5080] do_filp_open+0x1ba/0x410
[ 58.330566][ T5080] ? may_open_dev+0xf0/0xf0
[ 58.335079][ T5080] ? find_held_lock+0x2d/0x110
[ 58.339863][ T5080] ? do_raw_spin_lock+0x124/0x2b0
[ 58.344894][ T5080] ? rwlock_bug.part.0+0x90/0x90
[ 58.349844][ T5080] ? _raw_spin_unlock+0x28/0x40
[ 58.354705][ T5080] ? alloc_fd+0x2d8/0x6d0
[ 58.359048][ T5080] do_sys_openat2+0x16d/0x4c0
[ 58.363727][ T5080] ? build_open_flags+0x6f0/0x6f0
[ 58.368758][ T5080] ? ptrace_notify+0xfe/0x140
[ 58.373436][ T5080] ? lock_downgrade+0x6e0/0x6e0
[ 58.378293][ T5080] __x64_sys_open+0x11d/0x1c0
[ 58.382970][ T5080] ? do_sys_open+0x150/0x150
[ 58.387564][ T5080] ? _raw_spin_unlock_irq+0x2e/0x50
[ 58.392770][ T5080] ? ptrace_notify+0xfe/0x140
[ 58.397457][ T5080] do_syscall_64+0x39/0xb0
[ 58.401886][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.407782][ T5080] RIP: 0033:0x7fcd6a74ea39
[ 58.412199][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5080] open("./bus", O_ACCMODE|O_CREAT|O_SYNC|O_NOATIME, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5080] exit_group(0) = ?
[pid 5080] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d23620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555d2b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d2b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x555555d23620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d225d0) = 5081
./strace-static-x86_64: Process 5081 attached
[pid 5081] chdir("./4") = 0
[pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5081] setpgid(0, 0) = 0
[pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5081] write(3, "1000", 4) = 4
[pid 5081] close(3) = 0
[pid 5081] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5081] memfd_create("syzkaller", 0) = 3
[pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd62301000
[pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 5081] munmap(0x7fcd62301000, 1048576) = 0
[pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 58.431804][ T5080] RSP: 002b:00007ffc262fb5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 58.440221][ T5080] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcd6a74ea39
[ 58.448191][ T5080] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 00000000200000c0
[ 58.456162][ T5080] RBP: 00007ffc262fb620 R08: 0000000000000002 R09: 00007ffc262fb630
[ 58.464131][ T5080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 58.472098][ T5080] R13: 00007ffc262fb660 R14: 00007ffc262fb640 R15: 0000000000000003
[ 58.480083][ T5080]
[pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5081] close(3) = 0
[pid 5081] mkdir("./file0", 0777) = 0
[pid 5081] mount("/dev/loop0", "./file0", "udf", MS_NOEXEC, "nostrict,umask=00000000000000000000001,undelete,iocharset=cp775,") = 0
[pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5081] chdir("./file0") = 0
[pid 5081] ioctl(4, LOOP_CLR_FD) = 0
[pid 5081] close(4) = 0
[pid 5081] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5081] write(4, "14", 2) = 2
[ 58.550657][ T5081] loop0: detected capacity change from 0 to 2048
[ 58.564368][ T5081] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 58.589230][ T5081] FAULT_INJECTION: forcing a failure.
[ 58.589230][ T5081] name failslab, interval 1, probability 0, space 0, times 0
[ 58.601944][ T5081] CPU: 0 PID: 5081 Comm: syz-executor153 Not tainted 6.2.0-rc1-next-20221226-syzkaller #0
[ 58.611848][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 58.621902][ T5081] Call Trace:
[ 58.625178][ T5081]
[ 58.628112][ T5081] dump_stack_lvl+0xd1/0x138
[ 58.632718][ T5081] should_fail_ex.cold+0x5/0xa
[ 58.637497][ T5081] should_failslab+0x9/0x20
[ 58.642010][ T5081] __kmem_cache_alloc_node+0x5b/0x430
[ 58.647383][ T5081] ? udf_new_inode+0xcdc/0x11f0
[ 58.652243][ T5081] ? udf_new_inode+0xcdc/0x11f0
[ 58.657092][ T5081] __kmalloc+0x4a/0xd0
[ 58.661174][ T5081] udf_new_inode+0xcdc/0x11f0
[ 58.665858][ T5081] ? udf_free_inode+0x320/0x320
[ 58.670709][ T5081] ? from_kuid_munged+0x130/0x130
[ 58.675743][ T5081] ? generic_permission+0x28f/0x7a0
[ 58.680948][ T5081] ? bpf_lsm_inode_permission+0x9/0x10
[ 58.686417][ T5081] ? security_inode_permission+0xc9/0xf0
[ 58.692057][ T5081] ? udf_mknod+0xd0/0xd0
[ 58.696304][ T5081] udf_create+0x21/0x180
[ 58.700551][ T5081] lookup_open.isra.0+0xee7/0x1270
[ 58.705685][ T5081] ? link_path_walk.part.0+0xdf0/0xdf0
[ 58.711151][ T5081] ? rcu_read_lock_sched_held+0x3e/0x70
[ 58.716720][ T5081] ? lock_acquire+0x32/0xc0
[ 58.721224][ T5081] ? path_openat+0x90f/0x2a50
[ 58.725926][ T5081] path_openat+0x975/0x2a50
[ 58.730441][ T5081] ? get_cpu_entry_area+0x41/0x60
[ 58.735473][ T5081] ? path_lookupat+0x840/0x840
[ 58.740264][ T5081] do_filp_open+0x1ba/0x410
[ 58.744776][ T5081] ? may_open_dev+0xf0/0xf0
[ 58.749286][ T5081] ? find_held_lock+0x2d/0x110
[ 58.754071][ T5081] ? do_raw_spin_lock+0x124/0x2b0
[ 58.759100][ T5081] ? rwlock_bug.part.0+0x90/0x90
[ 58.764050][ T5081] ? _raw_spin_unlock+0x28/0x40
[ 58.768905][ T5081] ? alloc_fd+0x2d8/0x6d0
[ 58.773248][ T5081] do_sys_openat2+0x16d/0x4c0
[ 58.777928][ T5081] ? build_open_flags+0x6f0/0x6f0
[ 58.783220][ T5081] ? ptrace_notify+0xfe/0x140
[ 58.787903][ T5081] ? lock_downgrade+0x6e0/0x6e0
[ 58.792773][ T5081] __x64_sys_open+0x11d/0x1c0
[ 58.797466][ T5081] ? do_sys_open+0x150/0x150
[ 58.802079][ T5081] ? _raw_spin_unlock_irq+0x2e/0x50
[ 58.807293][ T5081] ? ptrace_notify+0xfe/0x140
[ 58.811978][ T5081] do_syscall_64+0x39/0xb0
[ 58.816417][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.822323][ T5081] RIP: 0033:0x7fcd6a74ea39
[ 58.826745][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5081] open("./bus", O_ACCMODE|O_CREAT|O_SYNC|O_NOATIME, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5081] exit_group(0) = ?
[pid 5081] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d23620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555d2b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d2b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x555555d23620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d225d0) = 5082
./strace-static-x86_64: Process 5082 attached
[pid 5082] chdir("./5") = 0
[pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5082] setpgid(0, 0) = 0
[pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5082] write(3, "1000", 4) = 4
[pid 5082] close(3) = 0
[pid 5082] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5082] memfd_create("syzkaller", 0) = 3
[pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd62301000
[pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 5082] munmap(0x7fcd62301000, 1048576) = 0
[pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 58.846369][ T5081] RSP: 002b:00007ffc262fb5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 58.854788][ T5081] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcd6a74ea39
[ 58.862767][ T5081] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 00000000200000c0
[ 58.870743][ T5081] RBP: 00007ffc262fb620 R08: 0000000000000002 R09: 00007ffc262fb630
[ 58.878721][ T5081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 58.886696][ T5081] R13: 00007ffc262fb660 R14: 00007ffc262fb640 R15: 0000000000000004
[ 58.894688][ T5081]
[pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5082] close(3) = 0
[pid 5082] mkdir("./file0", 0777) = 0
[pid 5082] mount("/dev/loop0", "./file0", "udf", MS_NOEXEC, "nostrict,umask=00000000000000000000001,undelete,iocharset=cp775,") = 0
[pid 5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5082] chdir("./file0") = 0
[pid 5082] ioctl(4, LOOP_CLR_FD) = 0
[pid 5082] close(4) = 0
[pid 5082] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5082] write(4, "14", 2) = 2
[ 58.969025][ T5082] loop0: detected capacity change from 0 to 2048
[ 58.982653][ T5082] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 58.999986][ T5082] FAULT_INJECTION: forcing a failure.
[ 58.999986][ T5082] name failslab, interval 1, probability 0, space 0, times 0
[ 59.012873][ T5082] CPU: 1 PID: 5082 Comm: syz-executor153 Not tainted 6.2.0-rc1-next-20221226-syzkaller #0
[ 59.022785][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 59.032837][ T5082] Call Trace:
[ 59.036116][ T5082]
[ 59.039048][ T5082] dump_stack_lvl+0xd1/0x138
[ 59.043652][ T5082] should_fail_ex.cold+0x5/0xa
[ 59.049168][ T5082] ? security_inode_alloc+0x38/0x160
[ 59.054578][ T5082] should_failslab+0x9/0x20
[ 59.059094][ T5082] kmem_cache_alloc+0x5a/0x430
[ 59.063874][ T5082] security_inode_alloc+0x38/0x160
[ 59.068994][ T5082] inode_init_always+0xbfa/0xef0
[ 59.073948][ T5082] alloc_inode+0x82/0x230
[ 59.078290][ T5082] new_inode+0x2b/0x280
[ 59.082464][ T5082] udf_new_inode+0xfe/0x11f0
[ 59.087064][ T5082] ? udf_free_inode+0x320/0x320
[ 59.091926][ T5082] ? from_kuid_munged+0x130/0x130
[ 59.096972][ T5082] ? generic_permission+0x28f/0x7a0
[ 59.102179][ T5082] ? bpf_lsm_inode_permission+0x9/0x10
[ 59.107643][ T5082] ? security_inode_permission+0xc9/0xf0
[ 59.113284][ T5082] ? udf_mknod+0xd0/0xd0
[ 59.117538][ T5082] udf_create+0x21/0x180
[ 59.121790][ T5082] lookup_open.isra.0+0xee7/0x1270
[ 59.126922][ T5082] ? link_path_walk.part.0+0xdf0/0xdf0
[ 59.132390][ T5082] ? rcu_read_lock_sched_held+0x3e/0x70
[ 59.137966][ T5082] ? lock_acquire+0x32/0xc0
[ 59.142470][ T5082] ? path_openat+0x90f/0x2a50
[ 59.147174][ T5082] path_openat+0x975/0x2a50
[ 59.151697][ T5082] ? path_lookupat+0x840/0x840
[ 59.156486][ T5082] do_filp_open+0x1ba/0x410
[ 59.161000][ T5082] ? may_open_dev+0xf0/0xf0
[ 59.165511][ T5082] ? find_held_lock+0x2d/0x110
[ 59.170294][ T5082] ? do_raw_spin_lock+0x124/0x2b0
[ 59.175329][ T5082] ? rwlock_bug.part.0+0x90/0x90
[ 59.180278][ T5082] ? _raw_spin_unlock+0x28/0x40
[ 59.185136][ T5082] ? alloc_fd+0x2d8/0x6d0
[ 59.189480][ T5082] do_sys_openat2+0x16d/0x4c0
[ 59.194161][ T5082] ? build_open_flags+0x6f0/0x6f0
[ 59.199192][ T5082] ? ptrace_notify+0xfe/0x140
[ 59.203872][ T5082] ? lock_downgrade+0x6e0/0x6e0
[ 59.208731][ T5082] __x64_sys_open+0x11d/0x1c0
[ 59.213409][ T5082] ? do_sys_open+0x150/0x150
[pid 5082] open("./bus", O_ACCMODE|O_CREAT|O_SYNC|O_NOATIME, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5082] exit_group(0) = ?
[pid 5082] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d23620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555d2b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d2b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x555555d23620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d225d0) = 5083
./strace-static-x86_64: Process 5083 attached
[pid 5083] chdir("./6") = 0
[pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5083] setpgid(0, 0) = 0
[pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "1000", 4) = 4
[pid 5083] close(3) = 0
[pid 5083] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5083] memfd_create("syzkaller", 0) = 3
[pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd62301000
[ 59.218005][ T5082] ? _raw_spin_unlock_irq+0x2e/0x50
[ 59.223222][ T5082] ? ptrace_notify+0xfe/0x140
[ 59.227908][ T5082] do_syscall_64+0x39/0xb0
[ 59.232333][ T5082] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.238229][ T5082] RIP: 0033:0x7fcd6a74ea39
[ 59.242645][ T5082] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 5083] munmap(0x7fcd62301000, 1048576) = 0
[pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5083] close(3) = 0
[pid 5083] mkdir("./file0", 0777) = 0
[ 59.262336][ T5082] RSP: 002b:00007ffc262fb5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 59.270754][ T5082] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcd6a74ea39
[ 59.278722][ T5082] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 00000000200000c0
[ 59.286693][ T5082] RBP: 00007ffc262fb620 R08: 0000000000000002 R09: 00007ffc262fb630
[ 59.294664][ T5082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 59.302633][ T5082] R13: 00007ffc262fb660 R14: 00007ffc262fb640 R15: 0000000000000005
[ 59.310619][ T5082]
[pid 5083] mount("/dev/loop0", "./file0", "udf", MS_NOEXEC, "nostrict,umask=00000000000000000000001,undelete,iocharset=cp775,") = 0
[pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5083] chdir("./file0") = 0
[pid 5083] ioctl(4, LOOP_CLR_FD) = 0
[pid 5083] close(4) = 0
[pid 5083] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5083] write(4, "14", 2) = 2
[ 59.374015][ T5083] loop0: detected capacity change from 0 to 2048
[ 59.386280][ T5083] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 59.411795][ T5083] FAULT_INJECTION: forcing a failure.
[ 59.411795][ T5083] name failslab, interval 1, probability 0, space 0, times 0
[ 59.424748][ T5083] CPU: 0 PID: 5083 Comm: syz-executor153 Not tainted 6.2.0-rc1-next-20221226-syzkaller #0
[ 59.434631][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 59.444674][ T5083] Call Trace:
[ 59.447941][ T5083]
[ 59.450862][ T5083] dump_stack_lvl+0xd1/0x138
[ 59.455448][ T5083] should_fail_ex.cold+0x5/0xa
[ 59.460205][ T5083] should_failslab+0x9/0x20
[ 59.464699][ T5083] __kmem_cache_alloc_node+0x5b/0x430
[ 59.470057][ T5083] ? udf_new_inode+0xcdc/0x11f0
[ 59.474897][ T5083] ? udf_new_inode+0xcdc/0x11f0
[ 59.479820][ T5083] __kmalloc+0x4a/0xd0
[ 59.483882][ T5083] udf_new_inode+0xcdc/0x11f0
[ 59.488548][ T5083] ? udf_free_inode+0x320/0x320
[ 59.493385][ T5083] ? from_kuid_munged+0x130/0x130
[ 59.498402][ T5083] ? generic_permission+0x28f/0x7a0
[ 59.503591][ T5083] ? bpf_lsm_inode_permission+0x9/0x10
[ 59.509039][ T5083] ? security_inode_permission+0xc9/0xf0
[ 59.514664][ T5083] ? udf_mknod+0xd0/0xd0
[ 59.518898][ T5083] udf_create+0x21/0x180
[ 59.523127][ T5083] lookup_open.isra.0+0xee7/0x1270
[ 59.528235][ T5083] ? link_path_walk.part.0+0xdf0/0xdf0
[ 59.533685][ T5083] ? rcu_read_lock_sched_held+0x3e/0x70
[ 59.539230][ T5083] ? lock_acquire+0x32/0xc0
[ 59.543719][ T5083] ? path_openat+0x90f/0x2a50
[ 59.548399][ T5083] path_openat+0x975/0x2a50
[ 59.552901][ T5083] ? path_lookupat+0x840/0x840
[ 59.557664][ T5083] do_filp_open+0x1ba/0x410
[ 59.562162][ T5083] ? may_open_dev+0xf0/0xf0
[ 59.566655][ T5083] ? find_held_lock+0x2d/0x110
[ 59.571418][ T5083] ? do_raw_spin_lock+0x124/0x2b0
[ 59.576436][ T5083] ? rwlock_bug.part.0+0x90/0x90
[ 59.581367][ T5083] ? _raw_spin_unlock+0x28/0x40
[ 59.586208][ T5083] ? alloc_fd+0x2d8/0x6d0
[ 59.590531][ T5083] do_sys_openat2+0x16d/0x4c0
[ 59.595198][ T5083] ? build_open_flags+0x6f0/0x6f0
[ 59.600210][ T5083] ? ptrace_notify+0xfe/0x140
[ 59.604872][ T5083] ? lock_downgrade+0x6e0/0x6e0
[ 59.609713][ T5083] __x64_sys_open+0x11d/0x1c0
[ 59.614378][ T5083] ? do_sys_open+0x150/0x150
[ 59.618956][ T5083] ? _raw_spin_unlock_irq+0x2e/0x50
[ 59.624143][ T5083] ? ptrace_notify+0xfe/0x140
[ 59.628811][ T5083] do_syscall_64+0x39/0xb0
[ 59.633219][ T5083] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.639101][ T5083] RIP: 0033:0x7fcd6a74ea39
[ 59.643511][ T5083] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.663103][ T5083] RSP: 002b:00007ffc262fb5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[pid 5083] open("./bus", O_ACCMODE|O_CREAT|O_SYNC|O_NOATIME, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5083] exit_group(0) = ?
[pid 5083] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d23620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs") = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555d2b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d2b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x555555d23620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d225d0) = 5084
./strace-static-x86_64: Process 5084 attached
[pid 5084] chdir("./7") = 0
[pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5084] setpgid(0, 0) = 0
[pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5084] write(3, "1000", 4) = 4
[pid 5084] close(3) = 0
[pid 5084] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5084] memfd_create("syzkaller", 0) = 3
[pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd62301000
[pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 5084] munmap(0x7fcd62301000, 1048576) = 0
[pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5084] close(3) = 0
[pid 5084] mkdir("./file0", 0777) = 0
[ 59.671502][ T5083] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcd6a74ea39
[ 59.679459][ T5083] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 00000000200000c0
[ 59.687417][ T5083] RBP: 00007ffc262fb620 R08: 0000000000000002 R09: 00007ffc262fb630
[ 59.695374][ T5083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 59.703329][ T5083] R13: 00007ffc262fb660 R14: 00007ffc262fb640 R15: 0000000000000006
[ 59.711295][ T5083]
[pid 5084] mount("/dev/loop0", "./file0", "udf", MS_NOEXEC, "nostrict,umask=00000000000000000000001,undelete,iocharset=cp775,") = 0
[pid 5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5084] chdir("./file0") = 0
[pid 5084] ioctl(4, LOOP_CLR_FD) = 0
[pid 5084] close(4) = 0
[pid 5084] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5084] write(4, "14", 2) = 2
[ 59.779449][ T5084] loop0: detected capacity change from 0 to 2048
[ 59.793661][ T5084] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 59.818194][ T5084] FAULT_INJECTION: forcing a failure.
[ 59.818194][ T5084] name failslab, interval 1, probability 0, space 0, times 0
[ 59.831148][ T5084] CPU: 0 PID: 5084 Comm: syz-executor153 Not tainted 6.2.0-rc1-next-20221226-syzkaller #0
[ 59.841034][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 59.851080][ T5084] Call Trace:
[ 59.854346][ T5084]
[ 59.857271][ T5084] dump_stack_lvl+0xd1/0x138
[ 59.861857][ T5084] should_fail_ex.cold+0x5/0xa
[ 59.866616][ T5084] should_failslab+0x9/0x20
[ 59.871114][ T5084] __kmem_cache_alloc_node+0x5b/0x430
[ 59.876475][ T5084] ? udf_new_inode+0xcdc/0x11f0
[ 59.881330][ T5084] ? udf_new_inode+0xcdc/0x11f0
[ 59.886171][ T5084] __kmalloc+0x4a/0xd0
[ 59.890239][ T5084] udf_new_inode+0xcdc/0x11f0
[ 59.894910][ T5084] ? udf_free_inode+0x320/0x320
[ 59.899754][ T5084] ? from_kuid_munged+0x130/0x130
[ 59.904774][ T5084] ? generic_permission+0x28f/0x7a0
[ 59.909965][ T5084] ? bpf_lsm_inode_permission+0x9/0x10
[ 59.915421][ T5084] ? security_inode_permission+0xc9/0xf0
[ 59.921045][ T5084] ? udf_mknod+0xd0/0xd0
[ 59.925276][ T5084] udf_create+0x21/0x180
[ 59.929506][ T5084] lookup_open.isra.0+0xee7/0x1270
[ 59.934621][ T5084] ? link_path_walk.part.0+0xdf0/0xdf0
[ 59.940070][ T5084] ? rcu_read_lock_sched_held+0x3e/0x70
[ 59.945618][ T5084] ? lock_acquire+0x32/0xc0
[ 59.950112][ T5084] ? path_openat+0x90f/0x2a50
[ 59.954796][ T5084] path_openat+0x975/0x2a50
[ 59.959300][ T5084] ? path_lookupat+0x840/0x840
[ 59.964062][ T5084] do_filp_open+0x1ba/0x410
[ 59.968561][ T5084] ? may_open_dev+0xf0/0xf0
[ 59.973059][ T5084] ? find_held_lock+0x2d/0x110
[ 59.977825][ T5084] ? do_raw_spin_lock+0x124/0x2b0
[ 59.982851][ T5084] ? rwlock_bug.part.0+0x90/0x90
[ 59.987797][ T5084] ? _raw_spin_unlock+0x28/0x40
[ 59.992647][ T5084] ? alloc_fd+0x2d8/0x6d0
[ 59.996973][ T5084] do_sys_openat2+0x16d/0x4c0
[ 60.001642][ T5084] ? build_open_flags+0x6f0/0x6f0
[ 60.006659][ T5084] ? ptrace_notify+0xfe/0x140
[ 60.011322][ T5084] ? lock_downgrade+0x6e0/0x6e0
[ 60.016164][ T5084] __x64_sys_open+0x11d/0x1c0
[ 60.020829][ T5084] ? do_sys_open+0x150/0x150
[ 60.025409][ T5084] ? _raw_spin_unlock_irq+0x2e/0x50
[ 60.030597][ T5084] ? ptrace_notify+0xfe/0x140
[ 60.035270][ T5084] do_syscall_64+0x39/0xb0
[ 60.039681][ T5084] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.045563][ T5084] RIP: 0033:0x7fcd6a74ea39
[ 60.049965][ T5084] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.069559][ T5084] RSP: 002b:00007ffc262fb5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[pid 5084] open("./bus", O_ACCMODE|O_CREAT|O_SYNC|O_NOATIME, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5084] exit_group(0) = ?
[pid 5084] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555d23620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555d2b660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555d2b660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x555555d23620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555d225d0) = 5085
./strace-static-x86_64: Process 5085 attached
[pid 5085] chdir("./8") = 0
[pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5085] setpgid(0, 0) = 0
[pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5085] write(3, "1000", 4) = 4
[pid 5085] close(3) = 0
[pid 5085] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5085] memfd_create("syzkaller", 0) = 3
[pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd62301000
[pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid 5085] munmap(0x7fcd62301000, 1048576) = 0
[pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5085] close(3) = 0
[pid 5085] mkdir("./file0", 0777) = 0
[ 60.077969][ T5084] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcd6a74ea39
[ 60.085933][ T5084] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 00000000200000c0
[ 60.093897][ T5084] RBP: 00007ffc262fb620 R08: 0000000000000002 R09: 00007ffc262fb630
[ 60.101857][ T5084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 60.109817][ T5084] R13: 00007ffc262fb660 R14: 00007ffc262fb640 R15: 0000000000000007
[ 60.117792][ T5084]
[pid 5085] mount("/dev/loop0", "./file0", "udf", MS_NOEXEC, "nostrict,umask=00000000000000000000001,undelete,iocharset=cp775,") = 0
[pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5085] chdir("./file0") = 0
[pid 5085] ioctl(4, LOOP_CLR_FD) = 0
[pid 5085] close(4) = 0
[pid 5085] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5085] write(4, "14", 2) = 2
[ 60.182009][ T5085] loop0: detected capacity change from 0 to 2048
[ 60.195143][ T5085] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 60.214218][ T5085] FAULT_INJECTION: forcing a failure.
[ 60.214218][ T5085] name failslab, interval 1, probability 0, space 0, times 0
[ 60.227414][ T5085] CPU: 0 PID: 5085 Comm: syz-executor153 Not tainted 6.2.0-rc1-next-20221226-syzkaller #0
[ 60.237330][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 60.247390][ T5085] Call Trace:
[ 60.250673][ T5085]
[ 60.253692][ T5085] dump_stack_lvl+0xd1/0x138
[ 60.258300][ T5085] should_fail_ex.cold+0x5/0xa
[ 60.263076][ T5085] should_failslab+0x9/0x20
[ 60.267597][ T5085] __kmem_cache_alloc_node+0x5b/0x430
[ 60.272975][ T5085] ? udf_fiiter_init+0x16c/0x630
[ 60.277927][ T5085] kmalloc_trace+0x26/0x60
[ 60.282357][ T5085] udf_fiiter_init+0x16c/0x630
[ 60.287133][ T5085] udf_fiiter_add_entry+0x1c9/0x10d0
[ 60.292428][ T5085] ? udf_expand_dir_adinicb+0xd40/0xd40
[ 60.298003][ T5085] ? __mark_inode_dirty+0x5dd/0x11e0
[ 60.303290][ T5085] ? lock_downgrade+0x6e0/0x6e0
[ 60.308144][ T5085] ? do_raw_spin_lock+0x124/0x2b0
[ 60.313180][ T5085] udf_add_nondir+0xda/0x360
[ 60.317779][ T5085] ? udf_fiiter_add_entry+0x10d0/0x10d0
[ 60.323325][ T5085] ? rcu_read_lock_sched_held+0x3e/0x70
[ 60.328884][ T5085] ? __mark_inode_dirty+0x67a/0x11e0
[ 60.334175][ T5085] ? udf_new_inode+0xc07/0x11f0
[ 60.339035][ T5085] ? rcu_read_lock_sched_held+0x3e/0x70
[ 60.344594][ T5085] ? __mark_inode_dirty+0x32c/0x11e0
[ 60.349880][ T5085] ? udf_mknod+0xd0/0xd0
[ 60.354125][ T5085] udf_create+0x12c/0x180
[ 60.358459][ T5085] lookup_open.isra.0+0xee7/0x1270
[ 60.363588][ T5085] ? link_path_walk.part.0+0xdf0/0xdf0
[ 60.369055][ T5085] ? rcu_read_lock_sched_held+0x3e/0x70
[ 60.374620][ T5085] ? lock_acquire+0x32/0xc0
[ 60.379121][ T5085] ? path_openat+0x90f/0x2a50
[ 60.383825][ T5085] path_openat+0x975/0x2a50
[ 60.388349][ T5085] ? path_lookupat+0x840/0x840
[ 60.393132][ T5085] do_filp_open+0x1ba/0x410
[ 60.397649][ T5085] ? may_open_dev+0xf0/0xf0
[ 60.402161][ T5085] ? find_held_lock+0x2d/0x110
[ 60.406943][ T5085] ? do_raw_spin_lock+0x124/0x2b0
[ 60.411969][ T5085] ? rwlock_bug.part.0+0x90/0x90
[ 60.416915][ T5085] ? _raw_spin_unlock+0x28/0x40
[ 60.421777][ T5085] ? alloc_fd+0x2d8/0x6d0
[ 60.426119][ T5085] do_sys_openat2+0x16d/0x4c0
[ 60.430801][ T5085] ? build_open_flags+0x6f0/0x6f0
[ 60.435829][ T5085] ? ptrace_notify+0xfe/0x140
[ 60.440509][ T5085] ? lock_downgrade+0x6e0/0x6e0
[ 60.445363][ T5085] __x64_sys_open+0x11d/0x1c0
[ 60.450039][ T5085] ? do_sys_open+0x150/0x150
[ 60.454634][ T5085] ? _raw_spin_unlock_irq+0x2e/0x50
[ 60.459837][ T5085] ? ptrace_notify+0xfe/0x140
[ 60.464520][ T5085] do_syscall_64+0x39/0xb0
[ 60.468947][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.474842][ T5085] RIP: 0033:0x7fcd6a74ea39
[ 60.479257][ T5085] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.498864][ T5085] RSP: 002b:00007ffc262fb5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 60.507279][ T5085] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcd6a74ea39
[ 60.515250][ T5085] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 00000000200000c0
[ 60.523221][ T5085] RBP: 00007ffc262fb620 R08: 0000000000000002 R09: 00007ffc262fb630
[ 60.531193][ T5085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 60.539162][ T5085] R13: 00007ffc262fb660 R14: 00007ffc262fb640 R15: 0000000000000008
[ 60.547149][ T5085]
[ 60.551646][ T5085] ==================================================================
[ 60.559721][ T5085] BUG: KASAN: null-ptr-deref in udf_fiiter_add_entry+0x75b/0x10d0
[ 60.567541][ T5085] Write of size 4 at addr 0000000000000000 by task syz-executor153/5085
[ 60.575870][ T5085]
[ 60.578178][ T5085] CPU: 0 PID: 5085 Comm: syz-executor153 Not tainted 6.2.0-rc1-next-20221226-syzkaller #0
[ 60.588044][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 60.598079][ T5085] Call Trace:
[ 60.601339][ T5085]
[ 60.604261][ T5085] dump_stack_lvl+0xd1/0x138
[ 60.608853][ T5085] ? udf_fiiter_add_entry+0x75b/0x10d0
[ 60.614309][ T5085] kasan_report+0xc0/0xf0
[ 60.618641][ T5085] ? udf_fiiter_add_entry+0x75b/0x10d0
[ 60.624097][ T5085] kasan_check_range+0x141/0x190
[ 60.629033][ T5085] memcpy+0x3d/0x60
[ 60.632854][ T5085] udf_fiiter_add_entry+0x75b/0x10d0
[ 60.638138][ T5085] ? udf_expand_dir_adinicb+0xd40/0xd40
[ 60.643693][ T5085] ? __mark_inode_dirty+0x5dd/0x11e0
[ 60.648973][ T5085] ? lock_downgrade+0x6e0/0x6e0
[ 60.653819][ T5085] ? do_raw_spin_lock+0x124/0x2b0
[ 60.658843][ T5085] udf_add_nondir+0xda/0x360
[ 60.663516][ T5085] ? udf_fiiter_add_entry+0x10d0/0x10d0
[ 60.669055][ T5085] ? rcu_read_lock_sched_held+0x3e/0x70
[ 60.674609][ T5085] ? __mark_inode_dirty+0x67a/0x11e0
[ 60.679893][ T5085] ? rcu_read_lock_sched_held+0x3e/0x70
[ 60.685450][ T5085] ? __mark_inode_dirty+0x32c/0x11e0
[ 60.690726][ T5085] ? udf_mknod+0xd0/0xd0
[ 60.694975][ T5085] udf_create+0x12c/0x180
[ 60.699299][ T5085] lookup_open.isra.0+0xee7/0x1270
[ 60.704416][ T5085] ? link_path_walk.part.0+0xdf0/0xdf0
[ 60.709877][ T5085] ? rcu_read_lock_sched_held+0x3e/0x70
[ 60.715430][ T5085] ? lock_acquire+0x32/0xc0
[ 60.719925][ T5085] ? path_openat+0x90f/0x2a50
[ 60.724614][ T5085] path_openat+0x975/0x2a50
[ 60.729123][ T5085] ? path_lookupat+0x840/0x840
[ 60.733894][ T5085] do_filp_open+0x1ba/0x410
[ 60.738400][ T5085] ? may_open_dev+0xf0/0xf0
[ 60.742905][ T5085] ? find_held_lock+0x2d/0x110
[ 60.747679][ T5085] ? do_raw_spin_lock+0x124/0x2b0
[ 60.752702][ T5085] ? rwlock_bug.part.0+0x90/0x90
[ 60.757644][ T5085] ? _raw_spin_unlock+0x28/0x40
[ 60.762493][ T5085] ? alloc_fd+0x2d8/0x6d0
[ 60.766818][ T5085] do_sys_openat2+0x16d/0x4c0
[ 60.771491][ T5085] ? build_open_flags+0x6f0/0x6f0
[ 60.776520][ T5085] ? ptrace_notify+0xfe/0x140
[ 60.781236][ T5085] ? lock_downgrade+0x6e0/0x6e0
[ 60.786104][ T5085] __x64_sys_open+0x11d/0x1c0
[ 60.790779][ T5085] ? do_sys_open+0x150/0x150
[ 60.795364][ T5085] ? _raw_spin_unlock_irq+0x2e/0x50
[ 60.800561][ T5085] ? ptrace_notify+0xfe/0x140
[ 60.805240][ T5085] do_syscall_64+0x39/0xb0
[ 60.809662][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.815554][ T5085] RIP: 0033:0x7fcd6a74ea39
[ 60.819963][ T5085] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.839571][ T5085] RSP: 002b:00007ffc262fb5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 60.847980][ T5085] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcd6a74ea39
[ 60.855948][ T5085] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 00000000200000c0
[ 60.863911][ T5085] RBP: 00007ffc262fb620 R08: 0000000000000002 R09: 00007ffc262fb630
[ 60.871876][ T5085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 60.879843][ T5085] R13: 00007ffc262fb660 R14: 00007ffc262fb640 R15: 0000000000000008
[ 60.887815][ T5085]
[ 60.890832][ T5085] ==================================================================
[ 60.899693][ T5085] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 60.906903][ T5085] CPU: 0 PID: 5085 Comm: syz-executor153 Not tainted 6.2.0-rc1-next-20221226-syzkaller #0
[ 60.916788][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 60.926834][ T5085] Call Trace:
[ 60.930102][ T5085]
[ 60.933029][ T5085] dump_stack_lvl+0xd1/0x138
[ 60.937621][ T5085] panic+0x2cc/0x626
[ 60.941519][ T5085] ? panic_print_sys_info.part.0+0x110/0x110
[ 60.947505][ T5085] ? preempt_schedule_thunk+0x1a/0x20
[ 60.952888][ T5085] ? preempt_schedule_common+0x59/0xc0
[ 60.958356][ T5085] check_panic_on_warn.cold+0x19/0x35
[ 60.963732][ T5085] end_report.part.0+0x36/0x73
[ 60.968522][ T5085] ? udf_fiiter_add_entry+0x75b/0x10d0
[ 60.973987][ T5085] kasan_report.cold+0xa/0xf
[ 60.978588][ T5085] ? udf_fiiter_add_entry+0x75b/0x10d0
[ 60.984046][ T5085] kasan_check_range+0x141/0x190
[ 60.988986][ T5085] memcpy+0x3d/0x60
[ 60.992805][ T5085] udf_fiiter_add_entry+0x75b/0x10d0
[ 60.998108][ T5085] ? udf_expand_dir_adinicb+0xd40/0xd40
[ 61.003676][ T5085] ? __mark_inode_dirty+0x5dd/0x11e0
[ 61.008964][ T5085] ? lock_downgrade+0x6e0/0x6e0
[ 61.013812][ T5085] ? do_raw_spin_lock+0x124/0x2b0
[ 61.018846][ T5085] udf_add_nondir+0xda/0x360
[ 61.023453][ T5085] ? udf_fiiter_add_entry+0x10d0/0x10d0
[ 61.029000][ T5085] ? rcu_read_lock_sched_held+0x3e/0x70
[ 61.034555][ T5085] ? __mark_inode_dirty+0x67a/0x11e0
[ 61.039844][ T5085] ? rcu_read_lock_sched_held+0x3e/0x70
[ 61.045396][ T5085] ? __mark_inode_dirty+0x32c/0x11e0
[ 61.050686][ T5085] ? udf_mknod+0xd0/0xd0
[ 61.054930][ T5085] udf_create+0x12c/0x180
[ 61.059257][ T5085] lookup_open.isra.0+0xee7/0x1270
[ 61.064376][ T5085] ? link_path_walk.part.0+0xdf0/0xdf0
[ 61.069840][ T5085] ? rcu_read_lock_sched_held+0x3e/0x70
[ 61.075397][ T5085] ? lock_acquire+0x32/0xc0
[ 61.079893][ T5085] ? path_openat+0x90f/0x2a50
[ 61.084585][ T5085] path_openat+0x975/0x2a50
[ 61.089095][ T5085] ? path_lookupat+0x840/0x840
[ 61.093865][ T5085] do_filp_open+0x1ba/0x410
[ 61.098715][ T5085] ? may_open_dev+0xf0/0xf0
[ 61.103228][ T5085] ? find_held_lock+0x2d/0x110
[ 61.108009][ T5085] ? do_raw_spin_lock+0x124/0x2b0
[ 61.113035][ T5085] ? rwlock_bug.part.0+0x90/0x90
[ 61.117976][ T5085] ? _raw_spin_unlock+0x28/0x40
[ 61.122828][ T5085] ? alloc_fd+0x2d8/0x6d0
[ 61.127158][ T5085] do_sys_openat2+0x16d/0x4c0
[ 61.131837][ T5085] ? build_open_flags+0x6f0/0x6f0
[ 61.136857][ T5085] ? ptrace_notify+0xfe/0x140
[ 61.141528][ T5085] ? lock_downgrade+0x6e0/0x6e0
[ 61.146374][ T5085] __x64_sys_open+0x11d/0x1c0
[ 61.151044][ T5085] ? do_sys_open+0x150/0x150
[ 61.155634][ T5085] ? _raw_spin_unlock_irq+0x2e/0x50
[ 61.160832][ T5085] ? ptrace_notify+0xfe/0x140
[ 61.165504][ T5085] do_syscall_64+0x39/0xb0
[ 61.169924][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.175820][ T5085] RIP: 0033:0x7fcd6a74ea39
[ 61.180227][ T5085] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.199826][ T5085] RSP: 002b:00007ffc262fb5f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 61.208232][ T5085] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcd6a74ea39
[ 61.216202][ T5085] RDX: 0000000000000000 RSI: 0000000000141043 RDI: 00000000200000c0
[ 61.224163][ T5085] RBP: 00007ffc262fb620 R08: 0000000000000002 R09: 00007ffc262fb630
[ 61.232127][ T5085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 61.240088][ T5085] R13: 00007ffc262fb660 R14: 00007ffc262fb640 R15: 0000000000000008
[ 61.248058][ T5085]
[ 61.251205][ T5085] Kernel Offset: disabled
[ 61.255521][ T5085] Rebooting in 86400 seconds..