./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2060189122
<...>
DUID 00:04:b0:cd:33:f9:4f:8a:55:45:4d:7b:3b:ee:3a:71:f0:8b
forked to background, child pid 4647
[ 42.248688][ T4648] 8021q: adding VLAN 0 to HW filter on device bond0
[ 42.285319][ T4648] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts.
execve("./syz-executor2060189122", ["./syz-executor2060189122"], 0x7ffca39ebd80 /* 10 vars */) = 0
brk(NULL) = 0x555555b79000
brk(0x555555b79c40) = 0x555555b79c40
arch_prctl(ARCH_SET_FS, 0x555555b79300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2060189122", 4096) = 28
brk(0x555555b9ac40) = 0x555555b9ac40
brk(0x555555b9b000) = 0x555555b9b000
mprotect(0x7fe9f1598000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5072
mkdir("./syzkaller.7JuIRI", 0700) = 0
chmod("./syzkaller.7JuIRI", 0777) = 0
chdir("./syzkaller.7JuIRI") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b795d0) = 5073
./strace-static-x86_64: Process 5073 attached
[pid 5073] chdir("./0") = 0
[pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5073] setpgid(0, 0) = 0
[pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5073] write(3, "1000", 4) = 4
[pid 5073] close(3) = 0
[pid 5073] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5073] memfd_create("syzkaller", 0) = 3
[pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe9e90bd000
[pid 5073] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5073] munmap(0x7fe9e90bd000, 2097152) = 0
[pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
syzkaller login: [ 68.615789][ T5073] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5073 'syz-executor206'
[pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5073] close(3) = 0
[pid 5073] mkdir("./file0", 0777) = 0
[pid 5073] mount("/dev/loop0", "./file0", "ntfs3", MS_REC|MS_RELATIME, "") = 0
[pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5073] chdir("./file0") = 0
[pid 5073] ioctl(4, LOOP_CLR_FD) = 0
[ 68.670793][ T5073] loop0: detected capacity change from 0 to 4096
[ 68.685357][ T5073] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
[pid 5073] close(4) = 0
[pid 5073] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5073] write(4, "17", 2) = 2
[pid 5073] openat(AT_FDCWD, ".pending_reads", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC, 000) = 5
[pid 5073] exit_group(0) = ?
[pid 5073] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b7a620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b82660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b82660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555555b7a620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b795d0) = 5075
./strace-static-x86_64: Process 5075 attached
[pid 5075] chdir("./1") = 0
[pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5075] setpgid(0, 0) = 0
[pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5075] write(3, "1000", 4) = 4
[pid 5075] close(3) = 0
[pid 5075] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5075] memfd_create("syzkaller", 0) = 3
[pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe9e90bd000
[pid 5075] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5075] munmap(0x7fe9e90bd000, 2097152) = 0
[pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5075] close(3) = 0
[pid 5075] mkdir("./file0", 0777) = 0
[pid 5075] mount("/dev/loop0", "./file0", "ntfs3", MS_REC|MS_RELATIME, "") = 0
[pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5075] chdir("./file0") = 0
[pid 5075] ioctl(4, LOOP_CLR_FD) = 0
[pid 5075] close(4) = 0
[pid 5075] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5075] write(4, "17", 2) = 2
[ 68.865155][ T5075] loop0: detected capacity change from 0 to 4096
[ 68.877029][ T5075] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
[ 68.923503][ T5075] FAULT_INJECTION: forcing a failure.
[ 68.923503][ T5075] name failslab, interval 1, probability 0, space 0, times 0
[ 68.937994][ T5075] CPU: 1 PID: 5075 Comm: syz-executor206 Not tainted 6.3.0-rc1-syzkaller-00274-g134231664868 #0
[ 68.948467][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 68.958538][ T5075] Call Trace:
[ 68.961845][ T5075]
[ 68.964793][ T5075] dump_stack_lvl+0x1e7/0x2d0
[ 68.969501][ T5075] ? nf_tcp_handle_invalid+0x650/0x650
[ 68.974986][ T5075] ? panic+0x770/0x770
[ 68.979093][ T5075] ? __might_sleep+0xc0/0xc0
[ 68.983711][ T5075] should_fail_ex+0x3aa/0x4e0
[ 68.988408][ T5075] should_failslab+0x9/0x20
[ 68.992920][ T5075] slab_pre_alloc_hook+0x59/0x2b0
[ 68.997980][ T5075] ? indx_read+0x27b/0xc10
[ 69.002428][ T5075] __kmem_cache_alloc_node+0x4b/0x290
[ 69.007830][ T5075] ? indx_read+0x27b/0xc10
[ 69.012270][ T5075] __kmalloc+0xa2/0x1a0
[ 69.016456][ T5075] indx_read+0x27b/0xc10
[ 69.020724][ T5075] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 69.026738][ T5075] indx_find+0x49c/0xb00
[ 69.030997][ T5075] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.037108][ T5075] ? indx_read+0xc10/0xc10
[ 69.041557][ T5075] dir_search_u+0x1b7/0x3a0
[ 69.046106][ T5075] ? ntfs_nls_to_utf16+0xc50/0xc50
[ 69.051256][ T5075] ntfs_atomic_open+0x260/0x530
[ 69.056133][ T5075] path_openat+0x103c/0x3170
[ 69.060750][ T5075] ? ntfs_rename+0xd70/0xd70
[ 69.065379][ T5075] ? do_filp_open+0x490/0x490
[ 69.070075][ T5075] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 69.076085][ T5075] do_filp_open+0x234/0x490
[ 69.080606][ T5075] ? vfs_tmpfile+0x4a0/0x4a0
[ 69.085237][ T5075] ? _raw_spin_unlock+0x28/0x40
[ 69.090127][ T5075] ? alloc_fd+0x59c/0x640
[ 69.094501][ T5075] do_sys_openat2+0x13f/0x500
[ 69.099201][ T5075] ? print_irqtrace_events+0x220/0x220
[ 69.104708][ T5075] ? do_sys_open+0x230/0x230
[ 69.109351][ T5075] ? lockdep_hardirqs_on+0x98/0x140
[ 69.114754][ T5075] ? _raw_spin_unlock_irq+0x2e/0x50
[ 69.119972][ T5075] ? ptrace_notify+0x278/0x380
[ 69.124764][ T5075] __x64_sys_openat+0x247/0x290
[ 69.129661][ T5075] ? __ia32_sys_open+0x270/0x270
[ 69.134656][ T5075] ? syscall_enter_from_user_mode+0x32/0x2c0
[ 69.140695][ T5075] ? syscall_enter_from_user_mode+0x8c/0x2c0
[ 69.146700][ T5075] do_syscall_64+0x41/0xc0
[ 69.151144][ T5075] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.157058][ T5075] RIP: 0033:0x7fe9f150a9b9
[ 69.161487][ T5075] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 69.181128][ T5075] RSP: 002b:00007ffcbe7c5b68 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 69.189575][ T5075] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fe9f150a9b9
[ 69.197572][ T5075] RDX: 0000000000181341 RSI: 0000000020000000 RDI: 00000000ffffff9c
[ 69.205572][ T5075] RBP: 00007ffcbe7c5b90 R08: 0000000000000002 R09: 00007ffcbe7c5ba0
[ 69.213565][ T5075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[pid 5075] openat(AT_FDCWD, ".pending_reads", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5075] exit_group(0) = ?
[pid 5075] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b7a620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b82660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b82660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555555b7a620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b795d0) = 5076
./strace-static-x86_64: Process 5076 attached
[pid 5076] chdir("./2") = 0
[pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5076] setpgid(0, 0) = 0
[pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5076] write(3, "1000", 4) = 4
[pid 5076] close(3) = 0
[pid 5076] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5076] memfd_create("syzkaller", 0) = 3
[pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe9e90bd000
[ 69.221572][ T5075] R13: 00007ffcbe7c5bd0 R14: 00007ffcbe7c5bb0 R15: 0000000000000001
[ 69.229581][ T5075]
[pid 5076] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5076] munmap(0x7fe9e90bd000, 2097152) = 0
[pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5076] close(3) = 0
[pid 5076] mkdir("./file0", 0777) = 0
[pid 5076] mount("/dev/loop0", "./file0", "ntfs3", MS_REC|MS_RELATIME, "") = 0
[pid 5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5076] chdir("./file0") = 0
[pid 5076] ioctl(4, LOOP_CLR_FD) = 0
[pid 5076] close(4) = 0
[pid 5076] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5076] write(4, "17", 2) = 2
[pid 5076] openat(AT_FDCWD, ".pending_reads", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC, 000) = 5
[pid 5076] exit_group(0) = ?
[pid 5076] +++ exited with 0 +++
[ 69.324832][ T5076] loop0: detected capacity change from 0 to 4096
[ 69.336166][ T5076] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b7a620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b82660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b82660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555555b7a620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b795d0) = 5077
./strace-static-x86_64: Process 5077 attached
[pid 5077] chdir("./3") = 0
[pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5077] setpgid(0, 0) = 0
[pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5077] write(3, "1000", 4) = 4
[pid 5077] close(3) = 0
[pid 5077] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5077] memfd_create("syzkaller", 0) = 3
[pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe9e90bd000
[pid 5077] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5077] munmap(0x7fe9e90bd000, 2097152) = 0
[pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5077] close(3) = 0
[pid 5077] mkdir("./file0", 0777) = 0
[pid 5077] mount("/dev/loop0", "./file0", "ntfs3", MS_REC|MS_RELATIME, "") = 0
[pid 5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5077] chdir("./file0") = 0
[pid 5077] ioctl(4, LOOP_CLR_FD) = 0
[pid 5077] close(4) = 0
[pid 5077] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5077] write(4, "17", 2) = 2
[pid 5077] openat(AT_FDCWD, ".pending_reads", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC, 000) = 5
[pid 5077] exit_group(0) = ?
[pid 5077] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
[ 69.494406][ T5077] loop0: detected capacity change from 0 to 4096
[ 69.505335][ T5077] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555b7a620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555555b82660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555555b82660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x555555b7a620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b795d0) = 5078
./strace-static-x86_64: Process 5078 attached
[pid 5078] chdir("./4") = 0
[pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5078] setpgid(0, 0) = 0
[pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "1000", 4) = 4
[pid 5078] close(3) = 0
[pid 5078] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5078] memfd_create("syzkaller", 0) = 3
[pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe9e90bd000
[pid 5078] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x08\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x03\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\xff\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\xbb\x02\x87\x1c\xc7\xbb\xb3\x5e\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152
[pid 5078] munmap(0x7fe9e90bd000, 2097152) = 0
[pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5078] close(3) = 0
[pid 5078] mkdir("./file0", 0777) = 0
[pid 5078] mount("/dev/loop0", "./file0", "ntfs3", MS_REC|MS_RELATIME, "") = 0
[pid 5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5078] chdir("./file0") = 0
[pid 5078] ioctl(4, LOOP_CLR_FD) = 0
[pid 5078] close(4) = 0
[pid 5078] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5078] write(4, "17", 2) = 2
[ 69.666782][ T5078] loop0: detected capacity change from 0 to 4096
[ 69.678566][ T5078] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512)
[ 69.719492][ T5078] FAULT_INJECTION: forcing a failure.
[ 69.719492][ T5078] name failslab, interval 1, probability 0, space 0, times 0
[ 69.732568][ T5078] CPU: 0 PID: 5078 Comm: syz-executor206 Not tainted 6.3.0-rc1-syzkaller-00274-g134231664868 #0
[ 69.743037][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 69.753135][ T5078] Call Trace:
[ 69.756449][ T5078]
[ 69.759425][ T5078] dump_stack_lvl+0x1e7/0x2d0
[ 69.764164][ T5078] ? nf_tcp_handle_invalid+0x650/0x650
[ 69.769689][ T5078] ? panic+0x770/0x770
[ 69.773803][ T5078] should_fail_ex+0x3aa/0x4e0
[ 69.778553][ T5078] should_failslab+0x9/0x20
[ 69.783099][ T5078] slab_pre_alloc_hook+0x59/0x2b0
[ 69.788170][ T5078] ? __lock_acquire+0x1f80/0x1f80
[ 69.793245][ T5078] ? mi_format_new+0xf7/0x5d0
[ 69.797979][ T5078] __kmem_cache_alloc_node+0x4b/0x290
[ 69.803377][ T5078] ? mi_format_new+0xf7/0x5d0
[ 69.808103][ T5078] __kmalloc+0xa2/0x1a0
[ 69.812299][ T5078] mi_format_new+0xf7/0x5d0
[ 69.816839][ T5078] ntfs_new_inode+0x6b/0x100
[ 69.821449][ T5078] ntfs_create_inode+0x569/0x3830
[ 69.826546][ T5078] ? preempt_schedule+0xdd/0xf0
[ 69.831450][ T5078] ? preempt_schedule_common+0x83/0xc0
[ 69.836958][ T5078] ? schedule_preempt_disabled+0x20/0x20
[ 69.842644][ T5078] ? preempt_schedule_thunk+0x1a/0x20
[ 69.848060][ T5078] ? inode_write_data+0xc70/0xc70
[ 69.853112][ T5078] ? _raw_spin_unlock+0x3a/0x40
[ 69.858098][ T5078] ? __d_add+0x503/0x800
[ 69.862389][ T5078] ntfs_atomic_open+0x3db/0x530
[ 69.867299][ T5078] ? ntfs_atomic_open+0x241/0x530
[ 69.872360][ T5078] path_openat+0x103c/0x3170
[ 69.876974][ T5078] ? ntfs_rename+0xd70/0xd70
[ 69.881604][ T5078] ? do_filp_open+0x490/0x490
[ 69.886305][ T5078] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 69.892339][ T5078] do_filp_open+0x234/0x490
[ 69.896859][ T5078] ? vfs_tmpfile+0x4a0/0x4a0
[ 69.901488][ T5078] ? _raw_spin_unlock+0x28/0x40
[ 69.906364][ T5078] ? alloc_fd+0x59c/0x640
[ 69.910725][ T5078] do_sys_openat2+0x13f/0x500
[ 69.915419][ T5078] ? print_irqtrace_events+0x220/0x220
[ 69.920915][ T5078] ? do_sys_open+0x230/0x230
[ 69.925551][ T5078] ? lockdep_hardirqs_on+0x98/0x140
[ 69.930801][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50
[ 69.936029][ T5078] ? ptrace_notify+0x278/0x380
[ 69.940855][ T5078] __x64_sys_openat+0x247/0x290
[ 69.945746][ T5078] ? __ia32_sys_open+0x270/0x270
[ 69.950700][ T5078] ? syscall_enter_from_user_mode+0x32/0x2c0
[ 69.956691][ T5078] ? syscall_enter_from_user_mode+0x8c/0x2c0
[ 69.962685][ T5078] do_syscall_64+0x41/0xc0
[ 69.967122][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.973062][ T5078] RIP: 0033:0x7fe9f150a9b9
[ 69.977483][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 69.997110][ T5078] RSP: 002b:00007ffcbe7c5b68 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 70.005569][ T5078] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fe9f150a9b9
[ 70.013569][ T5078] RDX: 0000000000181341 RSI: 0000000020000000 RDI: 00000000ffffff9c
[ 70.021572][ T5078] RBP: 00007ffcbe7c5b90 R08: 0000000000000002 R09: 00007ffcbe7c5ba0
[ 70.029560][ T5078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 70.037554][ T5078] R13: 00007ffcbe7c5bd0 R14: 00007ffcbe7c5bb0 R15: 0000000000000004
[ 70.045593][ T5078]
[ 70.049248][ T5078] general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN
[ 70.060990][ T5078] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
[ 70.069403][ T5078] CPU: 1 PID: 5078 Comm: syz-executor206 Not tainted 6.3.0-rc1-syzkaller-00274-g134231664868 #0
[ 70.079842][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 70.090094][ T5078] RIP: 0010:ni_write_inode+0x19e/0x1250
[ 70.095655][ T5078] Code: c1 e8 03 49 bf 00 00 00 00 00 fc ff df 42 80 3c 38 00 74 08 48 89 df e8 20 1e 15 ff 48 8b 1b 48 83 c3 16 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 2f 0e 00 00 48 8b 44 24 08 48 05 b0 fd
[ 70.115279][ T5078] RSP: 0018:ffffc90003bcf4c0 EFLAGS: 00010203
[ 70.121356][ T5078] RAX: 0000000000000002 RBX: 0000000000000016 RCX: 1ffff92000779e14
[ 70.129420][ T5078] RDX: ffff88801f1e8000 RSI: 0000000000000001 RDI: 0000000000000000
[ 70.137394][ T5078] RBP: ffffc90003bcf5e8 R08: ffffffff82cc1c54 R09: fffffbfff205b852
[ 70.145373][ T5078] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1102931800a
[ 70.153346][ T5078] R13: ffff8881498c0050 R14: 0000000000000000 R15: dffffc0000000000
[ 70.161337][ T5078] FS: 0000555555b79300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 70.170270][ T5078] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 70.176876][ T5078] CR2: 00007fe9f14e2400 CR3: 000000001c597000 CR4: 00000000003506e0
[ 70.184869][ T5078] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 70.192842][ T5078] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 70.200820][ T5078] Call Trace:
[ 70.204107][ T5078]
[ 70.207041][ T5078] ? ni_is_dirty+0x190/0x190
[ 70.211637][ T5078] ? bit_waitqueue+0x30/0x30
[ 70.216232][ T5078] ntfs_evict_inode+0x67/0xb0
[ 70.220916][ T5078] ? ntfs_unlink_inode+0x790/0x790
[ 70.226032][ T5078] evict+0x2a4/0x620
[ 70.229950][ T5078] ntfs_new_inode+0x87/0x100
[ 70.234543][ T5078] ntfs_create_inode+0x569/0x3830
[ 70.239592][ T5078] ? preempt_schedule+0xdd/0xf0
[ 70.244451][ T5078] ? preempt_schedule_common+0x83/0xc0
[ 70.249915][ T5078] ? schedule_preempt_disabled+0x20/0x20
[ 70.255588][ T5078] ? preempt_schedule_thunk+0x1a/0x20
[ 70.260972][ T5078] ? inode_write_data+0xc70/0xc70
[ 70.266018][ T5078] ? _raw_spin_unlock+0x3a/0x40
[ 70.270882][ T5078] ? __d_add+0x503/0x800
[ 70.275131][ T5078] ntfs_atomic_open+0x3db/0x530
[ 70.279991][ T5078] ? ntfs_atomic_open+0x241/0x530
[ 70.285034][ T5078] path_openat+0x103c/0x3170
[ 70.289631][ T5078] ? ntfs_rename+0xd70/0xd70
[ 70.294251][ T5078] ? do_filp_open+0x490/0x490
[ 70.298940][ T5078] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 70.304938][ T5078] do_filp_open+0x234/0x490
[ 70.309456][ T5078] ? vfs_tmpfile+0x4a0/0x4a0
[ 70.314061][ T5078] ? _raw_spin_unlock+0x28/0x40
[ 70.318925][ T5078] ? alloc_fd+0x59c/0x640
[ 70.323275][ T5078] do_sys_openat2+0x13f/0x500
[ 70.327959][ T5078] ? print_irqtrace_events+0x220/0x220
[ 70.333422][ T5078] ? do_sys_open+0x230/0x230
[ 70.338019][ T5078] ? lockdep_hardirqs_on+0x98/0x140
[ 70.343225][ T5078] ? _raw_spin_unlock_irq+0x2e/0x50
[ 70.348455][ T5078] ? ptrace_notify+0x278/0x380
[ 70.353236][ T5078] __x64_sys_openat+0x247/0x290
[ 70.358096][ T5078] ? __ia32_sys_open+0x270/0x270
[ 70.363049][ T5078] ? syscall_enter_from_user_mode+0x32/0x2c0
[ 70.369037][ T5078] ? syscall_enter_from_user_mode+0x8c/0x2c0
[ 70.375111][ T5078] do_syscall_64+0x41/0xc0
[ 70.379542][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.385460][ T5078] RIP: 0033:0x7fe9f150a9b9
[ 70.389889][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 70.409584][ T5078] RSP: 002b:00007ffcbe7c5b68 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 70.418000][ T5078] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fe9f150a9b9
[ 70.425981][ T5078] RDX: 0000000000181341 RSI: 0000000020000000 RDI: 00000000ffffff9c
[ 70.433955][ T5078] RBP: 00007ffcbe7c5b90 R08: 0000000000000002 R09: 00007ffcbe7c5ba0
[ 70.441927][ T5078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 70.449900][ T5078] R13: 00007ffcbe7c5bd0 R14: 00007ffcbe7c5bb0 R15: 0000000000000004
[ 70.457908][ T5078]
[ 70.461019][ T5078] Modules linked in:
[ 70.465692][ T5078] ---[ end trace 0000000000000000 ]---
[ 70.471189][ T5078] RIP: 0010:ni_write_inode+0x19e/0x1250
[ 70.477001][ T5078] Code: c1 e8 03 49 bf 00 00 00 00 00 fc ff df 42 80 3c 38 00 74 08 48 89 df e8 20 1e 15 ff 48 8b 1b 48 83 c3 16 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 2f 0e 00 00 48 8b 44 24 08 48 05 b0 fd
[ 70.497232][ T5078] RSP: 0018:ffffc90003bcf4c0 EFLAGS: 00010203
[ 70.503346][ T5078] RAX: 0000000000000002 RBX: 0000000000000016 RCX: 1ffff92000779e14
[ 70.511446][ T5078] RDX: ffff88801f1e8000 RSI: 0000000000000001 RDI: 0000000000000000
[ 70.519474][ T5078] RBP: ffffc90003bcf5e8 R08: ffffffff82cc1c54 R09: fffffbfff205b852
[ 70.527533][ T5078] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1102931800a
[ 70.535540][ T5078] R13: ffff8881498c0050 R14: 0000000000000000 R15: dffffc0000000000
[ 70.543540][ T5078] FS: 0000555555b79300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 70.552520][ T5078] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 70.559188][ T5078] CR2: 00007fe9e9154001 CR3: 000000001c597000 CR4: 00000000003506f0
[ 70.567328][ T5078] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 70.575349][ T5078] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 70.583345][ T5078] Kernel panic - not syncing: Fatal exception
[ 70.589615][ T5078] Kernel Offset: disabled
[ 70.594128][ T5078] Rebooting in 86400 seconds..