./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4258850193
<...>
Warning: Permanently added '10.128.1.1' (ECDSA) to the list of known hosts.
execve("./syz-executor4258850193", ["./syz-executor4258850193"], 0x7ffc12af0500 /* 10 vars */) = 0
brk(NULL) = 0x555556486000
brk(0x555556486c40) = 0x555556486c40
arch_prctl(ARCH_SET_FS, 0x555556486300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor4258850193", 4096) = 28
brk(0x5555564a7c40) = 0x5555564a7c40
brk(0x5555564a8000) = 0x5555564a8000
mprotect(0x7f01bbba6000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 4999
mkdir("./syzkaller.G4125b", 0700) = 0
chmod("./syzkaller.G4125b", 0777) = 0
chdir("./syzkaller.G4125b") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5001
./strace-static-x86_64: Process 5001 attached
[pid 5001] chdir("./0") = 0
[pid 5001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5001] setpgid(0, 0) = 0
[pid 5001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5001] write(3, "1000", 4) = 4
[pid 5001] close(3) = 0
[pid 5001] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5001] memfd_create("syzkaller", 0) = 3
[pid 5001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5001] munmap(0x7f01b36ea000, 32768) = 0
[pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5001] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5001] close(3) = 0
[pid 5001] mkdir("./bus", 0777) = 0
[pid 5001] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5001] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5001] chdir("./bus") = 0
[pid 5001] ioctl(4, LOOP_CLR_FD) = 0
[pid 5001] close(4) = 0
[pid 5001] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5001] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5001] write(5, "9", 1) = 1
[pid 5001] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5001] exit_group(0) = ?
[pid 5001] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5001, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
[ 41.943767][ T5001] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5001 'syz-executor425'
[ 41.959068][ T5001] loop0: detected capacity change from 0 to 64
[ 41.969697][ T5001] hfs: unable to locate alternate MDB
[ 41.975173][ T5001] hfs: continuing without an alternate MDB
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/bus") = 0
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5002
./strace-static-x86_64: Process 5002 attached
[pid 5002] chdir("./1") = 0
[pid 5002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5002] setpgid(0, 0) = 0
[pid 5002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5002] write(3, "1000", 4) = 4
[pid 5002] close(3) = 0
[pid 5002] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5002] memfd_create("syzkaller", 0) = 3
[pid 5002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5002] munmap(0x7f01b36ea000, 32768) = 0
[pid 5002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5002] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5002] close(3) = 0
[pid 5002] mkdir("./bus", 0777) = 0
[pid 5002] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5002] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5002] chdir("./bus") = 0
[pid 5002] ioctl(4, LOOP_CLR_FD) = 0
[pid 5002] close(4) = 0
[pid 5002] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5002] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5002] write(5, "9", 1) = 1
[ 42.072886][ T5002] loop0: detected capacity change from 0 to 64
[ 42.085152][ T5002] hfs: unable to locate alternate MDB
[ 42.090745][ T5002] hfs: continuing without an alternate MDB
[ 42.113304][ T5002] FAULT_INJECTION: forcing a failure.
[ 42.113304][ T5002] name failslab, interval 1, probability 0, space 0, times 1
[ 42.126188][ T5002] CPU: 1 PID: 5002 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 42.136626][ T5002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 42.146696][ T5002] Call Trace:
[ 42.149981][ T5002]
[ 42.152953][ T5002] dump_stack_lvl+0x136/0x150
[ 42.157786][ T5002] should_fail_ex+0x4a3/0x5b0
[ 42.162504][ T5002] should_failslab+0x9/0x20
[ 42.167029][ T5002] __kmem_cache_alloc_node+0x5b/0x320
[ 42.172402][ T5002] ? hfs_find_init+0x95/0x240
[ 42.177093][ T5002] ? hfs_find_init+0x95/0x240
[ 42.181793][ T5002] __kmalloc+0x4e/0x190
[ 42.185945][ T5002] hfs_find_init+0x95/0x240
[ 42.190442][ T5002] hfs_ext_read_extent+0x18d/0xa20
[ 42.195551][ T5002] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 42.201096][ T5002] ? hfs_free_extents+0x2e0/0x2e0
[ 42.206113][ T5002] ? clean_bdev_aliases+0x4ff/0x600
[ 42.211310][ T5002] hfs_extend_file+0x4b5/0xae0
[ 42.216064][ T5002] ? spin_bug+0x1c0/0x1c0
[ 42.220390][ T5002] ? hfs_free_fork+0x920/0x920
[ 42.225152][ T5002] ? rcu_is_watching+0x12/0xb0
[ 42.229912][ T5002] ? __mark_inode_dirty+0x297/0xd60
[ 42.235110][ T5002] hfs_get_block+0x17f/0x820
[ 42.239708][ T5002] __block_write_begin_int+0x3bd/0x14b0
[ 42.245270][ T5002] ? hfs_extend_file+0xae0/0xae0
[ 42.250241][ T5002] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 42.255790][ T5002] ? folio_flags.constprop.0+0x53/0x150
[ 42.261344][ T5002] ? hfs_extend_file+0xae0/0xae0
[ 42.266271][ T5002] block_write_begin+0xb9/0x4d0
[ 42.271112][ T5002] cont_write_begin+0x534/0x740
[ 42.275960][ T5002] ? hfs_extend_file+0xae0/0xae0
[ 42.280901][ T5002] ? block_write_begin+0x4d0/0x4d0
[ 42.286008][ T5002] ? fault_in_readable+0x129/0x210
[ 42.291116][ T5002] ? fault_in_subpage_writeable+0x20/0x20
[ 42.296836][ T5002] hfs_write_begin+0x87/0x150
[ 42.301540][ T5002] ? hfs_extend_file+0xae0/0xae0
[ 42.306497][ T5002] generic_perform_write+0x256/0x570
[ 42.311801][ T5002] ? generic_file_readonly_mmap+0x180/0x180
[ 42.317689][ T5002] ? new_inode+0x280/0x280
[ 42.322097][ T5002] ? generic_write_checks+0x2c0/0x400
[ 42.327491][ T5002] __generic_file_write_iter+0x2ae/0x500
[ 42.333123][ T5002] generic_file_write_iter+0xe3/0x350
[ 42.338498][ T5002] vfs_write+0x945/0xd50
[ 42.342729][ T5002] ? kernel_write+0x670/0x670
[ 42.347407][ T5002] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 42.352872][ T5002] ? find_held_lock+0x2d/0x110
[ 42.357631][ T5002] ? lock_downgrade+0x690/0x690
[ 42.362482][ T5002] ? __fget_light+0x20a/0x270
[ 42.367162][ T5002] ksys_write+0x12b/0x250
[ 42.371614][ T5002] ? __ia32_sys_read+0xb0/0xb0
[ 42.376463][ T5002] ? lockdep_hardirqs_on+0x7d/0x100
[ 42.381696][ T5002] ? _raw_spin_unlock_irq+0x2e/0x50
[ 42.386934][ T5002] ? ptrace_notify+0xfe/0x140
[ 42.391619][ T5002] do_syscall_64+0x39/0xb0
[ 42.396038][ T5002] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 42.401937][ T5002] RIP: 0033:0x7f01bbb379f9
[ 42.406347][ T5002] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 42.426050][ T5002] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 42.434497][ T5002] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 42.442511][ T5002] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 42.450477][ T5002] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[pid 5002] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5002] exit_group(0) = ?
[pid 5002] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5002, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/bus") = 0
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5003
./strace-static-x86_64: Process 5003 attached
[pid 5003] chdir("./2") = 0
[ 42.458548][ T5002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 42.466570][ T5002] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000001
[ 42.474604][ T5002]
[pid 5003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5003] setpgid(0, 0) = 0
[pid 5003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5003] write(3, "1000", 4) = 4
[pid 5003] close(3) = 0
[pid 5003] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5003] memfd_create("syzkaller", 0) = 3
[pid 5003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5003] munmap(0x7f01b36ea000, 32768) = 0
[pid 5003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5003] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5003] close(3) = 0
[pid 5003] mkdir("./bus", 0777) = 0
[pid 5003] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5003] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5003] chdir("./bus") = 0
[pid 5003] ioctl(4, LOOP_CLR_FD) = 0
[pid 5003] close(4) = 0
[pid 5003] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5003] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5003] write(5, "9", 1) = 1
[ 42.540696][ T5003] loop0: detected capacity change from 0 to 64
[ 42.550526][ T5003] hfs: unable to locate alternate MDB
[ 42.556007][ T5003] hfs: continuing without an alternate MDB
[ 42.578891][ T5003] FAULT_INJECTION: forcing a failure.
[ 42.578891][ T5003] name failslab, interval 1, probability 0, space 0, times 0
[ 42.592188][ T5003] CPU: 1 PID: 5003 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 42.602990][ T5003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 42.613064][ T5003] Call Trace:
[ 42.616324][ T5003]
[ 42.619237][ T5003] dump_stack_lvl+0x136/0x150
[ 42.623900][ T5003] should_fail_ex+0x4a3/0x5b0
[ 42.628568][ T5003] should_failslab+0x9/0x20
[ 42.633054][ T5003] __kmem_cache_alloc_node+0x5b/0x320
[ 42.638410][ T5003] ? hfs_find_init+0x95/0x240
[ 42.643087][ T5003] ? hfs_find_init+0x95/0x240
[ 42.647921][ T5003] __kmalloc+0x4e/0x190
[ 42.652086][ T5003] hfs_find_init+0x95/0x240
[ 42.656569][ T5003] hfs_ext_read_extent+0x18d/0xa20
[ 42.661667][ T5003] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 42.667213][ T5003] ? hfs_free_extents+0x2e0/0x2e0
[ 42.672221][ T5003] ? clean_bdev_aliases+0x4ff/0x600
[ 42.677438][ T5003] hfs_extend_file+0x4b5/0xae0
[ 42.682339][ T5003] ? spin_bug+0x1c0/0x1c0
[ 42.686711][ T5003] ? hfs_free_fork+0x920/0x920
[ 42.691528][ T5003] ? rcu_is_watching+0x12/0xb0
[ 42.696338][ T5003] ? __mark_inode_dirty+0x297/0xd60
[ 42.701537][ T5003] hfs_get_block+0x17f/0x820
[ 42.706136][ T5003] __block_write_begin_int+0x3bd/0x14b0
[ 42.711764][ T5003] ? hfs_extend_file+0xae0/0xae0
[ 42.716727][ T5003] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 42.722280][ T5003] ? folio_flags.constprop.0+0x53/0x150
[ 42.727821][ T5003] ? hfs_extend_file+0xae0/0xae0
[ 42.732769][ T5003] block_write_begin+0xb9/0x4d0
[ 42.737667][ T5003] cont_write_begin+0x534/0x740
[ 42.742518][ T5003] ? hfs_extend_file+0xae0/0xae0
[ 42.747435][ T5003] ? block_write_begin+0x4d0/0x4d0
[ 42.752528][ T5003] ? fault_in_readable+0x129/0x210
[ 42.757627][ T5003] ? fault_in_subpage_writeable+0x20/0x20
[ 42.763328][ T5003] hfs_write_begin+0x87/0x150
[ 42.767985][ T5003] ? hfs_extend_file+0xae0/0xae0
[ 42.772905][ T5003] generic_perform_write+0x256/0x570
[ 42.778254][ T5003] ? generic_file_readonly_mmap+0x180/0x180
[ 42.784249][ T5003] ? new_inode+0x280/0x280
[ 42.788654][ T5003] ? generic_write_checks+0x2c0/0x400
[ 42.794009][ T5003] __generic_file_write_iter+0x2ae/0x500
[ 42.799698][ T5003] generic_file_write_iter+0xe3/0x350
[ 42.805124][ T5003] vfs_write+0x945/0xd50
[ 42.809360][ T5003] ? kernel_write+0x670/0x670
[ 42.814014][ T5003] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 42.819464][ T5003] ? find_held_lock+0x2d/0x110
[ 42.824285][ T5003] ? lock_downgrade+0x690/0x690
[ 42.829128][ T5003] ? __fget_light+0x20a/0x270
[ 42.833803][ T5003] ksys_write+0x12b/0x250
[ 42.838143][ T5003] ? __ia32_sys_read+0xb0/0xb0
[ 42.842892][ T5003] ? lockdep_hardirqs_on+0x7d/0x100
[ 42.848080][ T5003] ? _raw_spin_unlock_irq+0x2e/0x50
[ 42.853258][ T5003] ? ptrace_notify+0xfe/0x140
[ 42.857927][ T5003] do_syscall_64+0x39/0xb0
[ 42.862333][ T5003] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 42.868268][ T5003] RIP: 0033:0x7f01bbb379f9
[ 42.872665][ T5003] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 42.892322][ T5003] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 42.900841][ T5003] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 42.908815][ T5003] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 42.916768][ T5003] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 42.924903][ T5003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 42.932919][ T5003] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000002
[pid 5003] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5003] exit_group(0) = ?
[pid 5003] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5003, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/bus") = 0
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 42.940891][ T5003]
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5004
./strace-static-x86_64: Process 5004 attached
[pid 5004] chdir("./3") = 0
[pid 5004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5004] setpgid(0, 0) = 0
[pid 5004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5004] write(3, "1000", 4) = 4
[pid 5004] close(3) = 0
[pid 5004] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5004] memfd_create("syzkaller", 0) = 3
[pid 5004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5004] munmap(0x7f01b36ea000, 32768) = 0
[pid 5004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5004] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5004] close(3) = 0
[pid 5004] mkdir("./bus", 0777) = 0
[pid 5004] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5004] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5004] chdir("./bus") = 0
[pid 5004] ioctl(4, LOOP_CLR_FD) = 0
[pid 5004] close(4) = 0
[pid 5004] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5004] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5004] write(5, "9", 1) = 1
[ 42.985498][ T5004] loop0: detected capacity change from 0 to 64
[ 43.001364][ T5004] hfs: unable to locate alternate MDB
[ 43.006887][ T5004] hfs: continuing without an alternate MDB
[ 43.036566][ T5004] FAULT_INJECTION: forcing a failure.
[ 43.036566][ T5004] name failslab, interval 1, probability 0, space 0, times 0
[ 43.049940][ T5004] CPU: 1 PID: 5004 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 43.060390][ T5004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 43.070488][ T5004] Call Trace:
[ 43.073766][ T5004]
[ 43.076703][ T5004] dump_stack_lvl+0x136/0x150
[ 43.081390][ T5004] should_fail_ex+0x4a3/0x5b0
[ 43.086087][ T5004] should_failslab+0x9/0x20
[ 43.090590][ T5004] __kmem_cache_alloc_node+0x5b/0x320
[ 43.095972][ T5004] ? hfs_find_init+0x95/0x240
[ 43.100664][ T5004] ? hfs_find_init+0x95/0x240
[ 43.105358][ T5004] __kmalloc+0x4e/0x190
[ 43.109504][ T5004] hfs_find_init+0x95/0x240
[ 43.114001][ T5004] hfs_ext_read_extent+0x18d/0xa20
[ 43.119968][ T5004] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 43.125667][ T5004] ? hfs_free_extents+0x2e0/0x2e0
[ 43.130914][ T5004] ? clean_bdev_aliases+0x4ff/0x600
[ 43.136329][ T5004] hfs_extend_file+0x4b5/0xae0
[ 43.141185][ T5004] ? spin_bug+0x1c0/0x1c0
[ 43.145513][ T5004] ? hfs_free_fork+0x920/0x920
[ 43.150277][ T5004] ? rcu_is_watching+0x12/0xb0
[ 43.155042][ T5004] ? __mark_inode_dirty+0x297/0xd60
[ 43.160310][ T5004] hfs_get_block+0x17f/0x820
[ 43.164947][ T5004] __block_write_begin_int+0x3bd/0x14b0
[ 43.170491][ T5004] ? hfs_extend_file+0xae0/0xae0
[ 43.175427][ T5004] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 43.181034][ T5004] ? folio_flags.constprop.0+0x53/0x150
[ 43.186803][ T5004] ? hfs_extend_file+0xae0/0xae0
[ 43.191841][ T5004] block_write_begin+0xb9/0x4d0
[ 43.196691][ T5004] cont_write_begin+0x534/0x740
[ 43.201547][ T5004] ? hfs_extend_file+0xae0/0xae0
[ 43.206539][ T5004] ? block_write_begin+0x4d0/0x4d0
[ 43.211695][ T5004] ? fault_in_readable+0x129/0x210
[ 43.216837][ T5004] ? fault_in_subpage_writeable+0x20/0x20
[ 43.222583][ T5004] hfs_write_begin+0x87/0x150
[ 43.227406][ T5004] ? hfs_extend_file+0xae0/0xae0
[ 43.232489][ T5004] generic_perform_write+0x256/0x570
[ 43.237876][ T5004] ? generic_file_readonly_mmap+0x180/0x180
[ 43.243805][ T5004] ? new_inode+0x280/0x280
[ 43.248245][ T5004] ? generic_write_checks+0x2c0/0x400
[ 43.253622][ T5004] __generic_file_write_iter+0x2ae/0x500
[ 43.259331][ T5004] generic_file_write_iter+0xe3/0x350
[ 43.264805][ T5004] vfs_write+0x945/0xd50
[ 43.269087][ T5004] ? kernel_write+0x670/0x670
[ 43.273773][ T5004] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 43.279224][ T5004] ? find_held_lock+0x2d/0x110
[ 43.283986][ T5004] ? lock_downgrade+0x690/0x690
[ 43.288827][ T5004] ? __fget_light+0x20a/0x270
[ 43.293497][ T5004] ksys_write+0x12b/0x250
[ 43.297813][ T5004] ? __ia32_sys_read+0xb0/0xb0
[ 43.302572][ T5004] ? lockdep_hardirqs_on+0x7d/0x100
[ 43.307822][ T5004] ? _raw_spin_unlock_irq+0x2e/0x50
[ 43.313043][ T5004] ? ptrace_notify+0xfe/0x140
[ 43.317724][ T5004] do_syscall_64+0x39/0xb0
[ 43.322166][ T5004] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 43.328075][ T5004] RIP: 0033:0x7f01bbb379f9
[ 43.332500][ T5004] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 43.352212][ T5004] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 43.360648][ T5004] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 43.368647][ T5004] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 43.376673][ T5004] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[pid 5004] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5004] exit_group(0) = ?
[pid 5004] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5004, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
[ 43.384704][ T5004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 43.392713][ T5004] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000003
[ 43.400673][ T5004]
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/bus") = 0
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5005
./strace-static-x86_64: Process 5005 attached
[pid 5005] chdir("./4") = 0
[pid 5005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5005] setpgid(0, 0) = 0
[pid 5005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5005] write(3, "1000", 4) = 4
[pid 5005] close(3) = 0
[pid 5005] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5005] memfd_create("syzkaller", 0) = 3
[pid 5005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5005] munmap(0x7f01b36ea000, 32768) = 0
[pid 5005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5005] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5005] close(3) = 0
[pid 5005] mkdir("./bus", 0777) = 0
[pid 5005] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5005] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5005] chdir("./bus") = 0
[pid 5005] ioctl(4, LOOP_CLR_FD) = 0
[pid 5005] close(4) = 0
[pid 5005] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5005] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5005] write(5, "9", 1) = 1
[pid 5005] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5005] exit_group(0) = ?
[pid 5005] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5005, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 43.470875][ T5005] loop0: detected capacity change from 0 to 64
[ 43.480936][ T5005] hfs: unable to locate alternate MDB
[ 43.486533][ T5005] hfs: continuing without an alternate MDB
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/bus") = 0
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5006 attached
, child_tidptr=0x5555564865d0) = 5006
[pid 5006] chdir("./5") = 0
[pid 5006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5006] setpgid(0, 0) = 0
[pid 5006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5006] write(3, "1000", 4) = 4
[pid 5006] close(3) = 0
[pid 5006] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5006] memfd_create("syzkaller", 0) = 3
[pid 5006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5006] munmap(0x7f01b36ea000, 32768) = 0
[pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5006] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5006] close(3) = 0
[pid 5006] mkdir("./bus", 0777) = 0
[pid 5006] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5006] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5006] chdir("./bus") = 0
[pid 5006] ioctl(4, LOOP_CLR_FD) = 0
[pid 5006] close(4) = 0
[pid 5006] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5006] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5006] write(5, "9", 1) = 1
[ 43.552123][ T5006] loop0: detected capacity change from 0 to 64
[ 43.560679][ T5006] hfs: unable to locate alternate MDB
[ 43.566052][ T5006] hfs: continuing without an alternate MDB
[ 43.586625][ T5006] FAULT_INJECTION: forcing a failure.
[ 43.586625][ T5006] name failslab, interval 1, probability 0, space 0, times 0
[ 43.599831][ T5006] CPU: 0 PID: 5006 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 43.610342][ T5006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 43.620397][ T5006] Call Trace:
[ 43.623716][ T5006]
[ 43.626684][ T5006] dump_stack_lvl+0x136/0x150
[ 43.631353][ T5006] should_fail_ex+0x4a3/0x5b0
[ 43.636033][ T5006] should_failslab+0x9/0x20
[ 43.640543][ T5006] __kmem_cache_alloc_node+0x5b/0x320
[ 43.646003][ T5006] ? hfs_find_init+0x95/0x240
[ 43.650773][ T5006] ? hfs_find_init+0x95/0x240
[ 43.655485][ T5006] __kmalloc+0x4e/0x190
[ 43.659639][ T5006] hfs_find_init+0x95/0x240
[ 43.664132][ T5006] hfs_ext_read_extent+0x18d/0xa20
[ 43.669256][ T5006] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 43.674820][ T5006] ? rcu_is_watching+0x12/0xb0
[ 43.679628][ T5006] ? hfs_free_extents+0x2e0/0x2e0
[ 43.684654][ T5006] ? clean_bdev_aliases+0x4ff/0x600
[ 43.689860][ T5006] ? find_held_lock+0x2d/0x110
[ 43.694726][ T5006] hfs_extend_file+0x4b5/0xae0
[ 43.699651][ T5006] ? spin_bug+0x1c0/0x1c0
[ 43.704281][ T5006] ? hfs_free_fork+0x920/0x920
[ 43.709052][ T5006] ? rcu_is_watching+0x12/0xb0
[ 43.713816][ T5006] ? __mark_inode_dirty+0x297/0xd60
[ 43.719095][ T5006] hfs_get_block+0x17f/0x820
[ 43.723879][ T5006] __block_write_begin_int+0x3bd/0x14b0
[ 43.729593][ T5006] ? hfs_extend_file+0xae0/0xae0
[ 43.734614][ T5006] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 43.740168][ T5006] ? folio_flags.constprop.0+0x53/0x150
[ 43.745723][ T5006] ? hfs_extend_file+0xae0/0xae0
[ 43.750666][ T5006] block_write_begin+0xb9/0x4d0
[ 43.755517][ T5006] cont_write_begin+0x534/0x740
[ 43.760385][ T5006] ? hfs_extend_file+0xae0/0xae0
[ 43.765327][ T5006] ? block_write_begin+0x4d0/0x4d0
[ 43.770472][ T5006] ? fault_in_readable+0x129/0x210
[ 43.775589][ T5006] ? fault_in_subpage_writeable+0x20/0x20
[ 43.781322][ T5006] hfs_write_begin+0x87/0x150
[ 43.786004][ T5006] ? hfs_extend_file+0xae0/0xae0
[ 43.790953][ T5006] generic_perform_write+0x256/0x570
[ 43.796246][ T5006] ? generic_file_readonly_mmap+0x180/0x180
[ 43.802148][ T5006] ? new_inode+0x280/0x280
[ 43.806581][ T5006] ? generic_write_checks+0x2c0/0x400
[ 43.812158][ T5006] __generic_file_write_iter+0x2ae/0x500
[ 43.817998][ T5006] generic_file_write_iter+0xe3/0x350
[ 43.823656][ T5006] vfs_write+0x945/0xd50
[ 43.828017][ T5006] ? kernel_write+0x670/0x670
[ 43.832715][ T5006] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 43.838169][ T5006] ? find_held_lock+0x2d/0x110
[ 43.842949][ T5006] ? lock_downgrade+0x690/0x690
[ 43.847803][ T5006] ? __fget_light+0x20a/0x270
[ 43.852540][ T5006] ksys_write+0x12b/0x250
[ 43.856912][ T5006] ? __ia32_sys_read+0xb0/0xb0
[ 43.861731][ T5006] ? lockdep_hardirqs_on+0x7d/0x100
[ 43.866938][ T5006] ? _raw_spin_unlock_irq+0x2e/0x50
[ 43.872202][ T5006] ? ptrace_notify+0xfe/0x140
[ 43.876987][ T5006] do_syscall_64+0x39/0xb0
[ 43.881556][ T5006] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 43.887454][ T5006] RIP: 0033:0x7f01bbb379f9
[ 43.891876][ T5006] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 43.911475][ T5006] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 43.920109][ T5006] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 43.928095][ T5006] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 43.936064][ T5006] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 43.944089][ T5006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5006] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5006] exit_group(0) = ?
[pid 5006] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5006, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/bus") = 0
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5007
./strace-static-x86_64: Process 5007 attached
[pid 5007] chdir("./6") = 0
[pid 5007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5007] setpgid(0, 0) = 0
[pid 5007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5007] write(3, "1000", 4) = 4
[pid 5007] close(3) = 0
[pid 5007] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5007] memfd_create("syzkaller", 0) = 3
[pid 5007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5007] munmap(0x7f01b36ea000, 32768) = 0
[pid 5007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 43.952133][ T5006] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000005
[ 43.960106][ T5006]
[pid 5007] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5007] close(3) = 0
[pid 5007] mkdir("./bus", 0777) = 0
[pid 5007] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5007] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5007] chdir("./bus") = 0
[pid 5007] ioctl(4, LOOP_CLR_FD) = 0
[pid 5007] close(4) = 0
[pid 5007] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5007] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5007] write(5, "9", 1) = 1
[pid 5007] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5007] exit_group(0) = ?
[pid 5007] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5007, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 43.998624][ T5007] loop0: detected capacity change from 0 to 64
[ 44.006929][ T5007] hfs: unable to locate alternate MDB
[ 44.012468][ T5007] hfs: continuing without an alternate MDB
openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/bus") = 0
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5008
./strace-static-x86_64: Process 5008 attached
[pid 5008] chdir("./7") = 0
[pid 5008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5008] setpgid(0, 0) = 0
[pid 5008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5008] write(3, "1000", 4) = 4
[pid 5008] close(3) = 0
[pid 5008] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5008] memfd_create("syzkaller", 0) = 3
[pid 5008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5008] munmap(0x7f01b36ea000, 32768) = 0
[pid 5008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5008] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5008] close(3) = 0
[pid 5008] mkdir("./bus", 0777) = 0
[pid 5008] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5008] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5008] chdir("./bus") = 0
[pid 5008] ioctl(4, LOOP_CLR_FD) = 0
[pid 5008] close(4) = 0
[pid 5008] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5008] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5008] write(5, "9", 1) = 1
[ 44.076167][ T5008] loop0: detected capacity change from 0 to 64
[ 44.087357][ T5008] hfs: unable to locate alternate MDB
[ 44.092862][ T5008] hfs: continuing without an alternate MDB
[ 44.121055][ T5008] FAULT_INJECTION: forcing a failure.
[ 44.121055][ T5008] name failslab, interval 1, probability 0, space 0, times 0
[ 44.133872][ T5008] CPU: 0 PID: 5008 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 44.144554][ T5008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 44.154594][ T5008] Call Trace:
[ 44.157867][ T5008]
[ 44.160799][ T5008] dump_stack_lvl+0x136/0x150
[ 44.165469][ T5008] should_fail_ex+0x4a3/0x5b0
[ 44.170162][ T5008] should_failslab+0x9/0x20
[ 44.174782][ T5008] __kmem_cache_alloc_node+0x5b/0x320
[ 44.180151][ T5008] ? hfs_find_init+0x95/0x240
[ 44.184823][ T5008] ? hfs_find_init+0x95/0x240
[ 44.189486][ T5008] __kmalloc+0x4e/0x190
[ 44.193633][ T5008] hfs_find_init+0x95/0x240
[ 44.198150][ T5008] hfs_ext_read_extent+0x18d/0xa20
[ 44.203342][ T5008] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 44.208899][ T5008] ? hfs_free_extents+0x2e0/0x2e0
[ 44.213919][ T5008] ? clean_bdev_aliases+0x4ff/0x600
[ 44.219206][ T5008] hfs_extend_file+0x4b5/0xae0
[ 44.223997][ T5008] ? spin_bug+0x1c0/0x1c0
[ 44.228343][ T5008] ? hfs_free_fork+0x920/0x920
[ 44.233107][ T5008] ? rcu_is_watching+0x12/0xb0
[ 44.237910][ T5008] ? __mark_inode_dirty+0x297/0xd60
[ 44.243119][ T5008] hfs_get_block+0x17f/0x820
[ 44.247714][ T5008] __block_write_begin_int+0x3bd/0x14b0
[ 44.253255][ T5008] ? hfs_extend_file+0xae0/0xae0
[ 44.258189][ T5008] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 44.263732][ T5008] ? folio_flags.constprop.0+0x53/0x150
[ 44.269281][ T5008] ? hfs_extend_file+0xae0/0xae0
[ 44.274212][ T5008] block_write_begin+0xb9/0x4d0
[ 44.279058][ T5008] cont_write_begin+0x534/0x740
[ 44.283905][ T5008] ? hfs_extend_file+0xae0/0xae0
[ 44.288867][ T5008] ? block_write_begin+0x4d0/0x4d0
[ 44.293982][ T5008] ? fault_in_readable+0x129/0x210
[ 44.299096][ T5008] ? fault_in_subpage_writeable+0x20/0x20
[ 44.304834][ T5008] hfs_write_begin+0x87/0x150
[ 44.309527][ T5008] ? hfs_extend_file+0xae0/0xae0
[ 44.314468][ T5008] generic_perform_write+0x256/0x570
[ 44.319759][ T5008] ? generic_file_readonly_mmap+0x180/0x180
[ 44.325667][ T5008] ? new_inode+0x280/0x280
[ 44.330130][ T5008] ? generic_write_checks+0x2c0/0x400
[ 44.335517][ T5008] __generic_file_write_iter+0x2ae/0x500
[ 44.341151][ T5008] generic_file_write_iter+0xe3/0x350
[ 44.346525][ T5008] vfs_write+0x945/0xd50
[ 44.350798][ T5008] ? kernel_write+0x670/0x670
[ 44.355464][ T5008] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 44.360920][ T5008] ? find_held_lock+0x2d/0x110
[ 44.365685][ T5008] ? lock_downgrade+0x690/0x690
[ 44.370576][ T5008] ? __fget_light+0x20a/0x270
[ 44.375297][ T5008] ksys_write+0x12b/0x250
[ 44.379629][ T5008] ? __ia32_sys_read+0xb0/0xb0
[ 44.384383][ T5008] ? lockdep_hardirqs_on+0x7d/0x100
[ 44.389583][ T5008] ? _raw_spin_unlock_irq+0x2e/0x50
[ 44.394793][ T5008] ? ptrace_notify+0xfe/0x140
[ 44.399515][ T5008] do_syscall_64+0x39/0xb0
[ 44.404103][ T5008] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 44.410034][ T5008] RIP: 0033:0x7f01bbb379f9
[ 44.414438][ T5008] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 44.434057][ T5008] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 44.442481][ T5008] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 44.450462][ T5008] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 44.458444][ T5008] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[pid 5008] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5008] exit_group(0) = ?
[pid 5008] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5008, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/bus") = 0
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5009
./strace-static-x86_64: Process 5009 attached
[pid 5009] chdir("./8") = 0
[pid 5009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5009] setpgid(0, 0) = 0
[pid 5009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5009] write(3, "1000", 4) = 4
[pid 5009] close(3) = 0
[ 44.466414][ T5008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 44.474410][ T5008] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000007
[ 44.482442][ T5008]
[pid 5009] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5009] memfd_create("syzkaller", 0) = 3
[pid 5009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5009] munmap(0x7f01b36ea000, 32768) = 0
[pid 5009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5009] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5009] close(3) = 0
[pid 5009] mkdir("./bus", 0777) = 0
[pid 5009] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5009] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5009] chdir("./bus") = 0
[pid 5009] ioctl(4, LOOP_CLR_FD) = 0
[pid 5009] close(4) = 0
[pid 5009] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5009] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5009] write(5, "9", 1) = 1
[ 44.544101][ T5009] loop0: detected capacity change from 0 to 64
[ 44.553897][ T5009] hfs: unable to locate alternate MDB
[ 44.559872][ T5009] hfs: continuing without an alternate MDB
[ 44.581664][ T5009] FAULT_INJECTION: forcing a failure.
[ 44.581664][ T5009] name failslab, interval 1, probability 0, space 0, times 0
[ 44.594559][ T5009] CPU: 0 PID: 5009 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 44.604986][ T5009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 44.615413][ T5009] Call Trace:
[ 44.618824][ T5009]
[ 44.621761][ T5009] dump_stack_lvl+0x136/0x150
[ 44.626438][ T5009] should_fail_ex+0x4a3/0x5b0
[ 44.631141][ T5009] should_failslab+0x9/0x20
[ 44.635668][ T5009] __kmem_cache_alloc_node+0x5b/0x320
[ 44.641049][ T5009] ? hfs_find_init+0x95/0x240
[ 44.645725][ T5009] ? hfs_find_init+0x95/0x240
[ 44.650398][ T5009] __kmalloc+0x4e/0x190
[ 44.654552][ T5009] hfs_find_init+0x95/0x240
[ 44.659052][ T5009] hfs_ext_read_extent+0x18d/0xa20
[ 44.664166][ T5009] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 44.669713][ T5009] ? hfs_free_extents+0x2e0/0x2e0
[ 44.674749][ T5009] ? clean_bdev_aliases+0x4ff/0x600
[ 44.679970][ T5009] hfs_extend_file+0x4b5/0xae0
[ 44.684733][ T5009] ? spin_bug+0x1c0/0x1c0
[ 44.689064][ T5009] ? hfs_free_fork+0x920/0x920
[ 44.693842][ T5009] ? rcu_is_watching+0x12/0xb0
[ 44.698624][ T5009] ? __mark_inode_dirty+0x297/0xd60
[ 44.703879][ T5009] hfs_get_block+0x17f/0x820
[ 44.708543][ T5009] __block_write_begin_int+0x3bd/0x14b0
[ 44.714147][ T5009] ? hfs_extend_file+0xae0/0xae0
[ 44.719115][ T5009] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 44.724665][ T5009] ? folio_flags.constprop.0+0x53/0x150
[ 44.730220][ T5009] ? hfs_extend_file+0xae0/0xae0
[ 44.735414][ T5009] block_write_begin+0xb9/0x4d0
[ 44.740259][ T5009] cont_write_begin+0x534/0x740
[ 44.745104][ T5009] ? hfs_extend_file+0xae0/0xae0
[ 44.750033][ T5009] ? block_write_begin+0x4d0/0x4d0
[ 44.755130][ T5009] ? fault_in_readable+0x129/0x210
[ 44.760239][ T5009] ? fault_in_subpage_writeable+0x20/0x20
[ 44.765954][ T5009] hfs_write_begin+0x87/0x150
[ 44.770625][ T5009] ? hfs_extend_file+0xae0/0xae0
[ 44.775555][ T5009] generic_perform_write+0x256/0x570
[ 44.780877][ T5009] ? generic_file_readonly_mmap+0x180/0x180
[ 44.786797][ T5009] ? new_inode+0x280/0x280
[ 44.791301][ T5009] ? generic_write_checks+0x2c0/0x400
[ 44.796672][ T5009] __generic_file_write_iter+0x2ae/0x500
[ 44.802384][ T5009] generic_file_write_iter+0xe3/0x350
[ 44.807860][ T5009] vfs_write+0x945/0xd50
[ 44.812117][ T5009] ? kernel_write+0x670/0x670
[ 44.816781][ T5009] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 44.822234][ T5009] ? find_held_lock+0x2d/0x110
[ 44.827033][ T5009] ? lock_downgrade+0x690/0x690
[ 44.831885][ T5009] ? __fget_light+0x20a/0x270
[ 44.836561][ T5009] ksys_write+0x12b/0x250
[ 44.840891][ T5009] ? __ia32_sys_read+0xb0/0xb0
[ 44.845664][ T5009] ? lockdep_hardirqs_on+0x7d/0x100
[ 44.850914][ T5009] ? _raw_spin_unlock_irq+0x2e/0x50
[ 44.856140][ T5009] ? ptrace_notify+0xfe/0x140
[ 44.860817][ T5009] do_syscall_64+0x39/0xb0
[ 44.865237][ T5009] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 44.871176][ T5009] RIP: 0033:0x7f01bbb379f9
[ 44.875618][ T5009] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 44.895235][ T5009] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 44.903657][ T5009] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 44.911627][ T5009] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 44.919593][ T5009] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 44.927556][ T5009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 44.935519][ T5009] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000008
[ 44.943504][ T5009]
[pid 5009] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5009] exit_group(0) = ?
[pid 5009] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5009, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/bus") = 0
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./8/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5010
./strace-static-x86_64: Process 5010 attached
[pid 5010] chdir("./9") = 0
[pid 5010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5010] setpgid(0, 0) = 0
[pid 5010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5010] write(3, "1000", 4) = 4
[pid 5010] close(3) = 0
[pid 5010] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5010] memfd_create("syzkaller", 0) = 3
[pid 5010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5010] munmap(0x7f01b36ea000, 32768) = 0
[pid 5010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5010] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5010] close(3) = 0
[pid 5010] mkdir("./bus", 0777) = 0
[pid 5010] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5010] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5010] chdir("./bus") = 0
[pid 5010] ioctl(4, LOOP_CLR_FD) = 0
[pid 5010] close(4) = 0
[pid 5010] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5010] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5010] write(5, "9", 1) = 1
[ 44.991176][ T5010] loop0: detected capacity change from 0 to 64
[ 45.003951][ T5010] hfs: unable to locate alternate MDB
[ 45.009704][ T5010] hfs: continuing without an alternate MDB
[ 45.034879][ T5010] FAULT_INJECTION: forcing a failure.
[ 45.034879][ T5010] name failslab, interval 1, probability 0, space 0, times 0
[ 45.047760][ T5010] CPU: 0 PID: 5010 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 45.058264][ T5010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 45.068363][ T5010] Call Trace:
[ 45.071651][ T5010]
[ 45.074572][ T5010] dump_stack_lvl+0x136/0x150
[ 45.079239][ T5010] should_fail_ex+0x4a3/0x5b0
[ 45.084009][ T5010] should_failslab+0x9/0x20
[ 45.088569][ T5010] __kmem_cache_alloc_node+0x5b/0x320
[ 45.093959][ T5010] ? hfs_find_init+0x95/0x240
[ 45.098628][ T5010] ? hfs_find_init+0x95/0x240
[ 45.103310][ T5010] __kmalloc+0x4e/0x190
[ 45.107475][ T5010] hfs_find_init+0x95/0x240
[ 45.111982][ T5010] hfs_ext_read_extent+0x18d/0xa20
[ 45.117142][ T5010] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 45.122708][ T5010] ? hfs_free_extents+0x2e0/0x2e0
[ 45.127755][ T5010] ? clean_bdev_aliases+0x4ff/0x600
[ 45.132955][ T5010] hfs_extend_file+0x4b5/0xae0
[ 45.137717][ T5010] ? spin_bug+0x1c0/0x1c0
[ 45.142042][ T5010] ? hfs_free_fork+0x920/0x920
[ 45.146820][ T5010] ? rcu_is_watching+0x12/0xb0
[ 45.151588][ T5010] ? __mark_inode_dirty+0x297/0xd60
[ 45.156841][ T5010] hfs_get_block+0x17f/0x820
[ 45.161430][ T5010] __block_write_begin_int+0x3bd/0x14b0
[ 45.166969][ T5010] ? hfs_extend_file+0xae0/0xae0
[ 45.171988][ T5010] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 45.177615][ T5010] ? folio_flags.constprop.0+0x53/0x150
[ 45.183195][ T5010] ? hfs_extend_file+0xae0/0xae0
[ 45.188124][ T5010] block_write_begin+0xb9/0x4d0
[ 45.192974][ T5010] cont_write_begin+0x534/0x740
[ 45.197812][ T5010] ? hfs_extend_file+0xae0/0xae0
[ 45.202744][ T5010] ? block_write_begin+0x4d0/0x4d0
[ 45.207865][ T5010] ? fault_in_readable+0x129/0x210
[ 45.213010][ T5010] ? fault_in_subpage_writeable+0x20/0x20
[ 45.218726][ T5010] hfs_write_begin+0x87/0x150
[ 45.223395][ T5010] ? hfs_extend_file+0xae0/0xae0
[ 45.228330][ T5010] generic_perform_write+0x256/0x570
[ 45.233639][ T5010] ? generic_file_readonly_mmap+0x180/0x180
[ 45.239545][ T5010] ? new_inode+0x280/0x280
[ 45.243980][ T5010] ? generic_write_checks+0x2c0/0x400
[ 45.249338][ T5010] __generic_file_write_iter+0x2ae/0x500
[ 45.254982][ T5010] generic_file_write_iter+0xe3/0x350
[ 45.260378][ T5010] vfs_write+0x945/0xd50
[ 45.264616][ T5010] ? kernel_write+0x670/0x670
[ 45.269280][ T5010] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 45.274730][ T5010] ? find_held_lock+0x2d/0x110
[ 45.279560][ T5010] ? lock_downgrade+0x690/0x690
[ 45.284462][ T5010] ? __fget_light+0x20a/0x270
[ 45.289167][ T5010] ksys_write+0x12b/0x250
[ 45.293494][ T5010] ? __ia32_sys_read+0xb0/0xb0
[ 45.298263][ T5010] ? lockdep_hardirqs_on+0x7d/0x100
[ 45.303528][ T5010] ? _raw_spin_unlock_irq+0x2e/0x50
[ 45.308821][ T5010] ? ptrace_notify+0xfe/0x140
[ 45.313564][ T5010] do_syscall_64+0x39/0xb0
[ 45.317986][ T5010] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 45.323893][ T5010] RIP: 0033:0x7f01bbb379f9
[ 45.328303][ T5010] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 45.347926][ T5010] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 45.356507][ T5010] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 45.364516][ T5010] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 45.372487][ T5010] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[pid 5010] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5010] exit_group(0) = ?
[pid 5010] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5010, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/bus") = 0
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5011 attached
[pid 5011] chdir("./10") = 0
[pid 5011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5011] setpgid(0, 0) = 0
[pid 4999] <... clone resumed>, child_tidptr=0x5555564865d0) = 5011
[pid 5011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5011] write(3, "1000", 4) = 4
[pid 5011] close(3) = 0
[pid 5011] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5011] memfd_create("syzkaller", 0) = 3
[pid 5011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5011] munmap(0x7f01b36ea000, 32768) = 0
[pid 5011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 45.380543][ T5010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 45.388550][ T5010] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000009
[ 45.396578][ T5010]
[pid 5011] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5011] close(3) = 0
[pid 5011] mkdir("./bus", 0777) = 0
[pid 5011] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5011] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5011] chdir("./bus") = 0
[pid 5011] ioctl(4, LOOP_CLR_FD) = 0
[pid 5011] close(4) = 0
[pid 5011] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5011] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5011] write(5, "9", 1) = 1
[ 45.442133][ T5011] loop0: detected capacity change from 0 to 64
[ 45.455535][ T5011] hfs: unable to locate alternate MDB
[ 45.461224][ T5011] hfs: continuing without an alternate MDB
[ 45.484257][ T5011] FAULT_INJECTION: forcing a failure.
[ 45.484257][ T5011] name failslab, interval 1, probability 0, space 0, times 0
[ 45.497646][ T5011] CPU: 1 PID: 5011 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 45.508111][ T5011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 45.518235][ T5011] Call Trace:
[ 45.521613][ T5011]
[ 45.524601][ T5011] dump_stack_lvl+0x136/0x150
[ 45.529329][ T5011] should_fail_ex+0x4a3/0x5b0
[ 45.534025][ T5011] should_failslab+0x9/0x20
[ 45.538514][ T5011] __kmem_cache_alloc_node+0x5b/0x320
[ 45.543914][ T5011] ? hfs_find_init+0x95/0x240
[ 45.548608][ T5011] ? hfs_find_init+0x95/0x240
[ 45.553298][ T5011] __kmalloc+0x4e/0x190
[ 45.557443][ T5011] hfs_find_init+0x95/0x240
[ 45.561974][ T5011] hfs_ext_read_extent+0x18d/0xa20
[ 45.567083][ T5011] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 45.572623][ T5011] ? hfs_free_extents+0x2e0/0x2e0
[ 45.577646][ T5011] ? clean_bdev_aliases+0x4ff/0x600
[ 45.582949][ T5011] hfs_extend_file+0x4b5/0xae0
[ 45.587725][ T5011] ? spin_bug+0x1c0/0x1c0
[ 45.592059][ T5011] ? hfs_free_fork+0x920/0x920
[ 45.596824][ T5011] ? rcu_is_watching+0x12/0xb0
[ 45.601584][ T5011] ? __mark_inode_dirty+0x297/0xd60
[ 45.606777][ T5011] hfs_get_block+0x17f/0x820
[ 45.611429][ T5011] __block_write_begin_int+0x3bd/0x14b0
[ 45.617174][ T5011] ? hfs_extend_file+0xae0/0xae0
[ 45.622260][ T5011] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 45.627892][ T5011] ? folio_flags.constprop.0+0x53/0x150
[ 45.633504][ T5011] ? hfs_extend_file+0xae0/0xae0
[ 45.638446][ T5011] block_write_begin+0xb9/0x4d0
[ 45.643318][ T5011] cont_write_begin+0x534/0x740
[ 45.648246][ T5011] ? hfs_extend_file+0xae0/0xae0
[ 45.653232][ T5011] ? block_write_begin+0x4d0/0x4d0
[ 45.658383][ T5011] ? fault_in_readable+0x129/0x210
[ 45.663541][ T5011] ? fault_in_subpage_writeable+0x20/0x20
[ 45.669406][ T5011] hfs_write_begin+0x87/0x150
[ 45.674249][ T5011] ? hfs_extend_file+0xae0/0xae0
[ 45.679217][ T5011] generic_perform_write+0x256/0x570
[ 45.684499][ T5011] ? generic_file_readonly_mmap+0x180/0x180
[ 45.690386][ T5011] ? new_inode+0x280/0x280
[ 45.694798][ T5011] ? generic_write_checks+0x2c0/0x400
[ 45.700161][ T5011] __generic_file_write_iter+0x2ae/0x500
[ 45.705797][ T5011] generic_file_write_iter+0xe3/0x350
[ 45.711167][ T5011] vfs_write+0x945/0xd50
[ 45.715487][ T5011] ? kernel_write+0x670/0x670
[ 45.720191][ T5011] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 45.725654][ T5011] ? find_held_lock+0x2d/0x110
[ 45.730442][ T5011] ? lock_downgrade+0x690/0x690
[ 45.735334][ T5011] ? __fget_light+0x20a/0x270
[ 45.740409][ T5011] ksys_write+0x12b/0x250
[ 45.744813][ T5011] ? __ia32_sys_read+0xb0/0xb0
[ 45.749593][ T5011] ? lockdep_hardirqs_on+0x7d/0x100
[ 45.754786][ T5011] ? _raw_spin_unlock_irq+0x2e/0x50
[ 45.759981][ T5011] ? ptrace_notify+0xfe/0x140
[ 45.764654][ T5011] do_syscall_64+0x39/0xb0
[ 45.769066][ T5011] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 45.774979][ T5011] RIP: 0033:0x7f01bbb379f9
[ 45.779386][ T5011] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 45.799451][ T5011] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 45.807876][ T5011] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 45.815855][ T5011] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 45.823876][ T5011] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[pid 5011] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5011] exit_group(0) = ?
[pid 5011] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5011, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/bus") = 0
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./10/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5012
./strace-static-x86_64: Process 5012 attached
[pid 5012] chdir("./11") = 0
[pid 5012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5012] setpgid(0, 0) = 0
[pid 5012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5012] write(3, "1000", 4) = 4
[pid 5012] close(3) = 0
[pid 5012] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5012] memfd_create("syzkaller", 0) = 3
[pid 5012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5012] munmap(0x7f01b36ea000, 32768) = 0
[pid 5012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 45.831963][ T5011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 45.840059][ T5011] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 000000000000000a
[ 45.848071][ T5011]
[pid 5012] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5012] close(3) = 0
[pid 5012] mkdir("./bus", 0777) = 0
[pid 5012] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5012] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5012] chdir("./bus") = 0
[pid 5012] ioctl(4, LOOP_CLR_FD) = 0
[pid 5012] close(4) = 0
[pid 5012] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5012] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5012] write(5, "9", 1) = 1
[pid 5012] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5012] exit_group(0) = ?
[pid 5012] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5012, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/bus") = 0
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./11/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 45.879640][ T5012] loop0: detected capacity change from 0 to 64
[ 45.891188][ T5012] hfs: unable to locate alternate MDB
[ 45.896609][ T5012] hfs: continuing without an alternate MDB
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5013
./strace-static-x86_64: Process 5013 attached
[pid 5013] chdir("./12") = 0
[pid 5013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5013] setpgid(0, 0) = 0
[pid 5013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5013] write(3, "1000", 4) = 4
[pid 5013] close(3) = 0
[pid 5013] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5013] memfd_create("syzkaller", 0) = 3
[pid 5013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5013] munmap(0x7f01b36ea000, 32768) = 0
[pid 5013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5013] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5013] close(3) = 0
[pid 5013] mkdir("./bus", 0777) = 0
[pid 5013] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5013] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5013] chdir("./bus") = 0
[pid 5013] ioctl(4, LOOP_CLR_FD) = 0
[pid 5013] close(4) = 0
[pid 5013] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5013] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5013] write(5, "9", 1) = 1
[pid 5013] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5013] exit_group(0) = ?
[pid 5013] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5013, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
[ 45.950722][ T5013] loop0: detected capacity change from 0 to 64
[ 45.959341][ T5013] hfs: unable to locate alternate MDB
[ 45.964783][ T5013] hfs: continuing without an alternate MDB
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/bus") = 0
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./12/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5014
./strace-static-x86_64: Process 5014 attached
[pid 5014] chdir("./13") = 0
[pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5014] setpgid(0, 0) = 0
[pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5014] write(3, "1000", 4) = 4
[pid 5014] close(3) = 0
[pid 5014] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5014] memfd_create("syzkaller", 0) = 3
[pid 5014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5014] munmap(0x7f01b36ea000, 32768) = 0
[pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5014] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5014] close(3) = 0
[pid 5014] mkdir("./bus", 0777) = 0
[pid 5014] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5014] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5014] chdir("./bus") = 0
[pid 5014] ioctl(4, LOOP_CLR_FD) = 0
[pid 5014] close(4) = 0
[pid 5014] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5014] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5014] write(5, "9", 1) = 1
[ 46.041735][ T5014] loop0: detected capacity change from 0 to 64
[ 46.050436][ T5014] hfs: unable to locate alternate MDB
[ 46.055912][ T5014] hfs: continuing without an alternate MDB
[ 46.078804][ T5014] FAULT_INJECTION: forcing a failure.
[ 46.078804][ T5014] name failslab, interval 1, probability 0, space 0, times 0
[ 46.091722][ T5014] CPU: 0 PID: 5014 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 46.102157][ T5014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 46.112206][ T5014] Call Trace:
[ 46.115503][ T5014]
[ 46.118447][ T5014] dump_stack_lvl+0x136/0x150
[ 46.123139][ T5014] should_fail_ex+0x4a3/0x5b0
[ 46.127818][ T5014] should_failslab+0x9/0x20
[ 46.132320][ T5014] __kmem_cache_alloc_node+0x5b/0x320
[ 46.137680][ T5014] ? hfs_find_init+0x95/0x240
[ 46.142346][ T5014] ? hfs_find_init+0x95/0x240
[ 46.147011][ T5014] __kmalloc+0x4e/0x190
[ 46.151171][ T5014] hfs_find_init+0x95/0x240
[ 46.155657][ T5014] hfs_ext_read_extent+0x18d/0xa20
[ 46.160754][ T5014] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 46.166298][ T5014] ? hfs_free_extents+0x2e0/0x2e0
[ 46.171328][ T5014] ? clean_bdev_aliases+0x4ff/0x600
[ 46.176521][ T5014] hfs_extend_file+0x4b5/0xae0
[ 46.181283][ T5014] ? spin_bug+0x1c0/0x1c0
[ 46.185625][ T5014] ? hfs_free_fork+0x920/0x920
[ 46.190374][ T5014] ? rcu_is_watching+0x12/0xb0
[ 46.195137][ T5014] ? __mark_inode_dirty+0x297/0xd60
[ 46.200364][ T5014] hfs_get_block+0x17f/0x820
[ 46.204961][ T5014] __block_write_begin_int+0x3bd/0x14b0
[ 46.210501][ T5014] ? hfs_extend_file+0xae0/0xae0
[ 46.215443][ T5014] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 46.220973][ T5014] ? folio_flags.constprop.0+0x53/0x150
[ 46.226511][ T5014] ? hfs_extend_file+0xae0/0xae0
[ 46.231433][ T5014] block_write_begin+0xb9/0x4d0
[ 46.236273][ T5014] cont_write_begin+0x534/0x740
[ 46.241124][ T5014] ? hfs_extend_file+0xae0/0xae0
[ 46.246079][ T5014] ? block_write_begin+0x4d0/0x4d0
[ 46.251203][ T5014] ? fault_in_readable+0x129/0x210
[ 46.256341][ T5014] ? fault_in_subpage_writeable+0x20/0x20
[ 46.262181][ T5014] hfs_write_begin+0x87/0x150
[ 46.266867][ T5014] ? hfs_extend_file+0xae0/0xae0
[ 46.271809][ T5014] generic_perform_write+0x256/0x570
[ 46.277116][ T5014] ? generic_file_readonly_mmap+0x180/0x180
[ 46.283082][ T5014] ? new_inode+0x280/0x280
[ 46.287549][ T5014] ? generic_write_checks+0x2c0/0x400
[ 46.292934][ T5014] __generic_file_write_iter+0x2ae/0x500
[ 46.298626][ T5014] generic_file_write_iter+0xe3/0x350
[ 46.304032][ T5014] vfs_write+0x945/0xd50
[ 46.308264][ T5014] ? kernel_write+0x670/0x670
[ 46.312922][ T5014] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 46.318383][ T5014] ? find_held_lock+0x2d/0x110
[ 46.323160][ T5014] ? lock_downgrade+0x690/0x690
[ 46.328034][ T5014] ? __fget_light+0x20a/0x270
[ 46.332747][ T5014] ksys_write+0x12b/0x250
[ 46.337098][ T5014] ? __ia32_sys_read+0xb0/0xb0
[ 46.341850][ T5014] ? lockdep_hardirqs_on+0x7d/0x100
[ 46.347043][ T5014] ? _raw_spin_unlock_irq+0x2e/0x50
[ 46.352249][ T5014] ? ptrace_notify+0xfe/0x140
[ 46.356972][ T5014] do_syscall_64+0x39/0xb0
[ 46.361433][ T5014] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 46.367325][ T5014] RIP: 0033:0x7f01bbb379f9
[ 46.371746][ T5014] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5014] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5014] exit_group(0) = ?
[pid 5014] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/bus") = 0
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./13/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 46.391361][ T5014] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 46.399783][ T5014] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 46.407767][ T5014] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 46.415738][ T5014] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 46.423697][ T5014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 46.431658][ T5014] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 000000000000000d
[ 46.439631][ T5014]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5015
./strace-static-x86_64: Process 5015 attached
[pid 5015] chdir("./14") = 0
[pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5015] setpgid(0, 0) = 0
[pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5015] write(3, "1000", 4) = 4
[pid 5015] close(3) = 0
[pid 5015] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5015] memfd_create("syzkaller", 0) = 3
[pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5015] munmap(0x7f01b36ea000, 32768) = 0
[pid 5015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5015] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5015] close(3) = 0
[pid 5015] mkdir("./bus", 0777) = 0
[pid 5015] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5015] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5015] chdir("./bus") = 0
[pid 5015] ioctl(4, LOOP_CLR_FD) = 0
[pid 5015] close(4) = 0
[pid 5015] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5015] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5015] write(5, "9", 1) = 1
[pid 5015] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5015] exit_group(0) = ?
[pid 5015] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5015, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/bus") = 0
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./14/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 46.482360][ T5015] loop0: detected capacity change from 0 to 64
[ 46.491818][ T5015] hfs: unable to locate alternate MDB
[ 46.497303][ T5015] hfs: continuing without an alternate MDB
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5016 attached
, child_tidptr=0x5555564865d0) = 5016
[pid 5016] chdir("./15") = 0
[pid 5016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5016] setpgid(0, 0) = 0
[pid 5016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5016] write(3, "1000", 4) = 4
[pid 5016] close(3) = 0
[pid 5016] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5016] memfd_create("syzkaller", 0) = 3
[pid 5016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5016] munmap(0x7f01b36ea000, 32768) = 0
[pid 5016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5016] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5016] close(3) = 0
[pid 5016] mkdir("./bus", 0777) = 0
[pid 5016] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5016] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5016] chdir("./bus") = 0
[pid 5016] ioctl(4, LOOP_CLR_FD) = 0
[pid 5016] close(4) = 0
[pid 5016] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5016] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5016] write(5, "9", 1) = 1
[pid 5016] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5016] exit_group(0) = ?
[pid 5016] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5016, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/bus") = 0
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./15/binderfs") = 0
[ 46.558722][ T5016] loop0: detected capacity change from 0 to 64
[ 46.568421][ T5016] hfs: unable to locate alternate MDB
[ 46.573882][ T5016] hfs: continuing without an alternate MDB
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5017 attached
, child_tidptr=0x5555564865d0) = 5017
[pid 5017] chdir("./16") = 0
[pid 5017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5017] setpgid(0, 0) = 0
[pid 5017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5017] write(3, "1000", 4) = 4
[pid 5017] close(3) = 0
[pid 5017] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5017] memfd_create("syzkaller", 0) = 3
[pid 5017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5017] munmap(0x7f01b36ea000, 32768) = 0
[pid 5017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5017] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5017] close(3) = 0
[pid 5017] mkdir("./bus", 0777) = 0
[pid 5017] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5017] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5017] chdir("./bus") = 0
[pid 5017] ioctl(4, LOOP_CLR_FD) = 0
[pid 5017] close(4) = 0
[pid 5017] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5017] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5017] write(5, "9", 1) = 1
[ 46.637729][ T5017] loop0: detected capacity change from 0 to 64
[ 46.645939][ T5017] hfs: unable to locate alternate MDB
[ 46.651439][ T5017] hfs: continuing without an alternate MDB
[ 46.667053][ T5017] FAULT_INJECTION: forcing a failure.
[ 46.667053][ T5017] name failslab, interval 1, probability 0, space 0, times 0
[ 46.680132][ T5017] CPU: 1 PID: 5017 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 46.690945][ T5017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 46.701026][ T5017] Call Trace:
[ 46.704291][ T5017]
[ 46.707211][ T5017] dump_stack_lvl+0x136/0x150
[ 46.711886][ T5017] should_fail_ex+0x4a3/0x5b0
[ 46.716565][ T5017] should_failslab+0x9/0x20
[ 46.721062][ T5017] __kmem_cache_alloc_node+0x5b/0x320
[ 46.726433][ T5017] ? hfs_find_init+0x95/0x240
[ 46.731106][ T5017] ? hfs_find_init+0x95/0x240
[ 46.735769][ T5017] __kmalloc+0x4e/0x190
[ 46.739919][ T5017] hfs_find_init+0x95/0x240
[ 46.744411][ T5017] hfs_ext_read_extent+0x18d/0xa20
[ 46.749511][ T5017] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 46.755053][ T5017] ? hfs_free_extents+0x2e0/0x2e0
[ 46.760085][ T5017] ? clean_bdev_aliases+0x4ff/0x600
[ 46.765280][ T5017] ? find_held_lock+0x2d/0x110
[ 46.770038][ T5017] hfs_extend_file+0x4b5/0xae0
[ 46.774794][ T5017] ? spin_bug+0x1c0/0x1c0
[ 46.779117][ T5017] ? hfs_free_fork+0x920/0x920
[ 46.783876][ T5017] ? rcu_is_watching+0x12/0xb0
[ 46.788635][ T5017] ? __mark_inode_dirty+0x297/0xd60
[ 46.793832][ T5017] hfs_get_block+0x17f/0x820
[ 46.798414][ T5017] __block_write_begin_int+0x3bd/0x14b0
[ 46.803955][ T5017] ? hfs_extend_file+0xae0/0xae0
[ 46.808887][ T5017] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 46.814427][ T5017] ? folio_flags.constprop.0+0x53/0x150
[ 46.819986][ T5017] ? hfs_extend_file+0xae0/0xae0
[ 46.824916][ T5017] block_write_begin+0xb9/0x4d0
[ 46.829758][ T5017] cont_write_begin+0x534/0x740
[ 46.834605][ T5017] ? hfs_extend_file+0xae0/0xae0
[ 46.839540][ T5017] ? block_write_begin+0x4d0/0x4d0
[ 46.844646][ T5017] ? fault_in_readable+0x129/0x210
[ 46.849851][ T5017] ? fault_in_subpage_writeable+0x20/0x20
[ 46.855649][ T5017] hfs_write_begin+0x87/0x150
[ 46.860422][ T5017] ? hfs_extend_file+0xae0/0xae0
[ 46.865397][ T5017] generic_perform_write+0x256/0x570
[ 46.870739][ T5017] ? generic_file_readonly_mmap+0x180/0x180
[ 46.876725][ T5017] ? new_inode+0x280/0x280
[ 46.881194][ T5017] ? generic_write_checks+0x2c0/0x400
[ 46.886594][ T5017] __generic_file_write_iter+0x2ae/0x500
[ 46.892235][ T5017] generic_file_write_iter+0xe3/0x350
[ 46.897612][ T5017] vfs_write+0x945/0xd50
[ 46.901849][ T5017] ? kernel_write+0x670/0x670
[ 46.906510][ T5017] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 46.911995][ T5017] ? find_held_lock+0x2d/0x110
[ 46.916777][ T5017] ? lock_downgrade+0x690/0x690
[ 46.921632][ T5017] ? __fget_light+0x20a/0x270
[ 46.926312][ T5017] ksys_write+0x12b/0x250
[ 46.930673][ T5017] ? __ia32_sys_read+0xb0/0xb0
[ 46.935465][ T5017] ? lockdep_hardirqs_on+0x7d/0x100
[ 46.940760][ T5017] ? _raw_spin_unlock_irq+0x2e/0x50
[ 46.945956][ T5017] ? ptrace_notify+0xfe/0x140
[ 46.950640][ T5017] do_syscall_64+0x39/0xb0
[ 46.955056][ T5017] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 46.960971][ T5017] RIP: 0033:0x7f01bbb379f9
[ 46.965412][ T5017] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5017] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5017] exit_group(0) = ?
[pid 5017] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5017, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 46.985045][ T5017] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 46.993473][ T5017] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 47.001451][ T5017] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 47.009413][ T5017] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 47.017374][ T5017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 47.025338][ T5017] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000010
[ 47.033315][ T5017]
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/bus") = 0
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./16/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5018
./strace-static-x86_64: Process 5018 attached
[pid 5018] chdir("./17") = 0
[pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5018] setpgid(0, 0) = 0
[pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5018] write(3, "1000", 4) = 4
[pid 5018] close(3) = 0
[pid 5018] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5018] memfd_create("syzkaller", 0) = 3
[pid 5018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5018] munmap(0x7f01b36ea000, 32768) = 0
[pid 5018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5018] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5018] close(3) = 0
[pid 5018] mkdir("./bus", 0777) = 0
[pid 5018] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5018] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5018] chdir("./bus") = 0
[pid 5018] ioctl(4, LOOP_CLR_FD) = 0
[pid 5018] close(4) = 0
[pid 5018] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5018] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5018] write(5, "9", 1) = 1
[ 47.100418][ T5018] loop0: detected capacity change from 0 to 64
[ 47.110531][ T5018] hfs: unable to locate alternate MDB
[ 47.115918][ T5018] hfs: continuing without an alternate MDB
[ 47.131771][ T5018] FAULT_INJECTION: forcing a failure.
[ 47.131771][ T5018] name failslab, interval 1, probability 0, space 0, times 0
[ 47.146864][ T5018] CPU: 1 PID: 5018 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 47.157410][ T5018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 47.167460][ T5018] Call Trace:
[ 47.170722][ T5018]
[ 47.173633][ T5018] dump_stack_lvl+0x136/0x150
[ 47.178368][ T5018] should_fail_ex+0x4a3/0x5b0
[ 47.183280][ T5018] should_failslab+0x9/0x20
[ 47.187768][ T5018] __kmem_cache_alloc_node+0x5b/0x320
[ 47.193185][ T5018] ? hfs_find_init+0x95/0x240
[ 47.197858][ T5018] ? hfs_find_init+0x95/0x240
[ 47.203008][ T5018] __kmalloc+0x4e/0x190
[ 47.207236][ T5018] hfs_find_init+0x95/0x240
[ 47.211865][ T5018] hfs_ext_read_extent+0x18d/0xa20
[ 47.217077][ T5018] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 47.222623][ T5018] ? rcu_is_watching+0x12/0xb0
[ 47.227386][ T5018] ? hfs_free_extents+0x2e0/0x2e0
[ 47.232447][ T5018] ? clean_bdev_aliases+0x4ff/0x600
[ 47.237664][ T5018] ? find_held_lock+0x2d/0x110
[ 47.242449][ T5018] hfs_extend_file+0x4b5/0xae0
[ 47.247211][ T5018] ? spin_bug+0x1c0/0x1c0
[ 47.251541][ T5018] ? hfs_free_fork+0x920/0x920
[ 47.256301][ T5018] ? rcu_is_watching+0x12/0xb0
[ 47.261065][ T5018] ? __mark_inode_dirty+0x297/0xd60
[ 47.266263][ T5018] hfs_get_block+0x17f/0x820
[ 47.270852][ T5018] __block_write_begin_int+0x3bd/0x14b0
[ 47.276392][ T5018] ? hfs_extend_file+0xae0/0xae0
[ 47.281330][ T5018] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 47.286864][ T5018] ? folio_flags.constprop.0+0x53/0x150
[ 47.292417][ T5018] ? hfs_extend_file+0xae0/0xae0
[ 47.297364][ T5018] block_write_begin+0xb9/0x4d0
[ 47.302218][ T5018] cont_write_begin+0x534/0x740
[ 47.307066][ T5018] ? hfs_extend_file+0xae0/0xae0
[ 47.312022][ T5018] ? block_write_begin+0x4d0/0x4d0
[ 47.317148][ T5018] ? fault_in_readable+0x129/0x210
[ 47.322288][ T5018] ? fault_in_subpage_writeable+0x20/0x20
[ 47.328095][ T5018] hfs_write_begin+0x87/0x150
[ 47.332768][ T5018] ? hfs_extend_file+0xae0/0xae0
[ 47.337722][ T5018] generic_perform_write+0x256/0x570
[ 47.343026][ T5018] ? generic_file_readonly_mmap+0x180/0x180
[ 47.348916][ T5018] ? new_inode+0x280/0x280
[ 47.353332][ T5018] ? generic_write_checks+0x2c0/0x400
[ 47.358731][ T5018] __generic_file_write_iter+0x2ae/0x500
[ 47.364368][ T5018] generic_file_write_iter+0xe3/0x350
[ 47.369834][ T5018] vfs_write+0x945/0xd50
[ 47.374070][ T5018] ? kernel_write+0x670/0x670
[ 47.378749][ T5018] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 47.384200][ T5018] ? find_held_lock+0x2d/0x110
[ 47.388961][ T5018] ? lock_downgrade+0x690/0x690
[ 47.393809][ T5018] ? __fget_light+0x20a/0x270
[ 47.398493][ T5018] ksys_write+0x12b/0x250
[ 47.402813][ T5018] ? __ia32_sys_read+0xb0/0xb0
[ 47.407565][ T5018] ? lockdep_hardirqs_on+0x7d/0x100
[ 47.412760][ T5018] ? _raw_spin_unlock_irq+0x2e/0x50
[ 47.417952][ T5018] ? ptrace_notify+0xfe/0x140
[ 47.422628][ T5018] do_syscall_64+0x39/0xb0
[ 47.427046][ T5018] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 47.432945][ T5018] RIP: 0033:0x7f01bbb379f9
[ 47.437352][ T5018] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 47.457058][ T5018] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 47.465499][ T5018] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 47.473477][ T5018] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 47.481476][ T5018] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 47.489473][ T5018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5018] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5018] exit_group(0) = ?
[pid 5018] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/bus") = 0
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./17/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5019
./strace-static-x86_64: Process 5019 attached
[pid 5019] chdir("./18") = 0
[pid 5019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5019] setpgid(0, 0) = 0
[pid 5019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5019] write(3, "1000", 4) = 4
[pid 5019] close(3) = 0
[pid 5019] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5019] memfd_create("syzkaller", 0) = 3
[pid 5019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5019] munmap(0x7f01b36ea000, 32768) = 0
[pid 5019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 47.497440][ T5018] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000011
[ 47.505414][ T5018]
[pid 5019] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5019] close(3) = 0
[pid 5019] mkdir("./bus", 0777) = 0
[pid 5019] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5019] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5019] chdir("./bus") = 0
[pid 5019] ioctl(4, LOOP_CLR_FD) = 0
[pid 5019] close(4) = 0
[pid 5019] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5019] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5019] write(5, "9", 1) = 1
[pid 5019] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5019] exit_group(0) = ?
[pid 5019] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5019, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/bus") = 0
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./18/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
[ 47.543668][ T5019] loop0: detected capacity change from 0 to 64
[ 47.552227][ T5019] hfs: unable to locate alternate MDB
[ 47.558227][ T5019] hfs: continuing without an alternate MDB
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5020
./strace-static-x86_64: Process 5020 attached
[pid 5020] chdir("./19") = 0
[pid 5020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5020] setpgid(0, 0) = 0
[pid 5020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5020] write(3, "1000", 4) = 4
[pid 5020] close(3) = 0
[pid 5020] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5020] memfd_create("syzkaller", 0) = 3
[pid 5020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5020] munmap(0x7f01b36ea000, 32768) = 0
[pid 5020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5020] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5020] close(3) = 0
[pid 5020] mkdir("./bus", 0777) = 0
[pid 5020] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5020] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5020] chdir("./bus") = 0
[pid 5020] ioctl(4, LOOP_CLR_FD) = 0
[pid 5020] close(4) = 0
[pid 5020] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5020] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5020] write(5, "9", 1) = 1
[ 47.631720][ T5020] loop0: detected capacity change from 0 to 64
[ 47.640421][ T5020] hfs: unable to locate alternate MDB
[ 47.645918][ T5020] hfs: continuing without an alternate MDB
[ 47.673274][ T5020] FAULT_INJECTION: forcing a failure.
[ 47.673274][ T5020] name failslab, interval 1, probability 0, space 0, times 0
[ 47.686859][ T5020] CPU: 1 PID: 5020 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 47.697384][ T5020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 47.707489][ T5020] Call Trace:
[ 47.710762][ T5020]
[ 47.713680][ T5020] dump_stack_lvl+0x136/0x150
[ 47.718347][ T5020] should_fail_ex+0x4a3/0x5b0
[ 47.723027][ T5020] should_failslab+0x9/0x20
[ 47.727538][ T5020] __kmem_cache_alloc_node+0x5b/0x320
[ 47.732896][ T5020] ? hfs_find_init+0x95/0x240
[ 47.737567][ T5020] ? hfs_find_init+0x95/0x240
[ 47.742236][ T5020] __kmalloc+0x4e/0x190
[ 47.746394][ T5020] hfs_find_init+0x95/0x240
[ 47.750881][ T5020] hfs_ext_read_extent+0x18d/0xa20
[ 47.756091][ T5020] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 47.761644][ T5020] ? hfs_free_extents+0x2e0/0x2e0
[ 47.766653][ T5020] ? clean_bdev_aliases+0x4ff/0x600
[ 47.771868][ T5020] hfs_extend_file+0x4b5/0xae0
[ 47.776624][ T5020] ? spin_bug+0x1c0/0x1c0
[ 47.780949][ T5020] ? hfs_free_fork+0x920/0x920
[ 47.785703][ T5020] ? rcu_is_watching+0x12/0xb0
[ 47.790468][ T5020] ? __mark_inode_dirty+0x297/0xd60
[ 47.795669][ T5020] hfs_get_block+0x17f/0x820
[ 47.800264][ T5020] __block_write_begin_int+0x3bd/0x14b0
[ 47.805793][ T5020] ? hfs_extend_file+0xae0/0xae0
[ 47.810748][ T5020] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 47.816327][ T5020] ? folio_flags.constprop.0+0x53/0x150
[ 47.821888][ T5020] ? hfs_extend_file+0xae0/0xae0
[ 47.826878][ T5020] block_write_begin+0xb9/0x4d0
[ 47.831784][ T5020] cont_write_begin+0x534/0x740
[ 47.836658][ T5020] ? hfs_extend_file+0xae0/0xae0
[ 47.841602][ T5020] ? block_write_begin+0x4d0/0x4d0
[ 47.846808][ T5020] ? fault_in_readable+0x129/0x210
[ 47.852103][ T5020] ? fault_in_subpage_writeable+0x20/0x20
[ 47.858004][ T5020] hfs_write_begin+0x87/0x150
[ 47.862783][ T5020] ? hfs_extend_file+0xae0/0xae0
[ 47.867743][ T5020] generic_perform_write+0x256/0x570
[ 47.873045][ T5020] ? generic_file_readonly_mmap+0x180/0x180
[ 47.878956][ T5020] ? new_inode+0x280/0x280
[ 47.883392][ T5020] ? generic_write_checks+0x2c0/0x400
[ 47.888763][ T5020] __generic_file_write_iter+0x2ae/0x500
[ 47.894407][ T5020] generic_file_write_iter+0xe3/0x350
[ 47.899862][ T5020] vfs_write+0x945/0xd50
[ 47.904212][ T5020] ? kernel_write+0x670/0x670
[ 47.908931][ T5020] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 47.914391][ T5020] ? find_held_lock+0x2d/0x110
[ 47.919165][ T5020] ? lock_downgrade+0x690/0x690
[ 47.924120][ T5020] ? __fget_light+0x20a/0x270
[ 47.928952][ T5020] ksys_write+0x12b/0x250
[ 47.933415][ T5020] ? __ia32_sys_read+0xb0/0xb0
[ 47.938275][ T5020] ? lockdep_hardirqs_on+0x7d/0x100
[ 47.943590][ T5020] ? _raw_spin_unlock_irq+0x2e/0x50
[ 47.948798][ T5020] ? ptrace_notify+0xfe/0x140
[ 47.953484][ T5020] do_syscall_64+0x39/0xb0
[ 47.957931][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 47.963837][ T5020] RIP: 0033:0x7f01bbb379f9
[ 47.968267][ T5020] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 47.987895][ T5020] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 47.996340][ T5020] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 48.004314][ T5020] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 48.012373][ T5020] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[pid 5020] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5020] exit_group(0) = ?
[pid 5020] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5020, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/bus") = 0
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./19/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5021
./strace-static-x86_64: Process 5021 attached
[pid 5021] chdir("./20") = 0
[pid 5021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5021] setpgid(0, 0) = 0
[pid 5021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5021] write(3, "1000", 4) = 4
[pid 5021] close(3) = 0
[pid 5021] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5021] memfd_create("syzkaller", 0) = 3
[pid 5021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5021] munmap(0x7f01b36ea000, 32768) = 0
[pid 5021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 48.020537][ T5020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 48.028668][ T5020] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000013
[ 48.036669][ T5020]
[pid 5021] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5021] close(3) = 0
[pid 5021] mkdir("./bus", 0777) = 0
[pid 5021] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5021] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5021] chdir("./bus") = 0
[pid 5021] ioctl(4, LOOP_CLR_FD) = 0
[pid 5021] close(4) = 0
[pid 5021] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5021] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5021] write(5, "9", 1) = 1
[ 48.067966][ T5021] loop0: detected capacity change from 0 to 64
[ 48.087341][ T5021] hfs: unable to locate alternate MDB
[ 48.092838][ T5021] hfs: continuing without an alternate MDB
[ 48.111234][ T5021] FAULT_INJECTION: forcing a failure.
[ 48.111234][ T5021] name failslab, interval 1, probability 0, space 0, times 0
[ 48.124306][ T5021] CPU: 0 PID: 5021 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 48.134773][ T5021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 48.144851][ T5021] Call Trace:
[ 48.148125][ T5021]
[ 48.151475][ T5021] dump_stack_lvl+0x136/0x150
[ 48.156208][ T5021] should_fail_ex+0x4a3/0x5b0
[ 48.161002][ T5021] should_failslab+0x9/0x20
[ 48.165677][ T5021] __kmem_cache_alloc_node+0x5b/0x320
[ 48.171089][ T5021] ? hfs_find_init+0x95/0x240
[ 48.175759][ T5021] ? hfs_find_init+0x95/0x240
[ 48.180444][ T5021] __kmalloc+0x4e/0x190
[ 48.184605][ T5021] hfs_find_init+0x95/0x240
[ 48.189280][ T5021] hfs_ext_read_extent+0x18d/0xa20
[ 48.194727][ T5021] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 48.200273][ T5021] ? rcu_is_watching+0x12/0xb0
[ 48.205031][ T5021] ? hfs_free_extents+0x2e0/0x2e0
[ 48.210045][ T5021] ? clean_bdev_aliases+0x4ff/0x600
[ 48.215231][ T5021] ? find_held_lock+0x2d/0x110
[ 48.220005][ T5021] hfs_extend_file+0x4b5/0xae0
[ 48.224766][ T5021] ? spin_bug+0x1c0/0x1c0
[ 48.229102][ T5021] ? hfs_free_fork+0x920/0x920
[ 48.233853][ T5021] ? rcu_is_watching+0x12/0xb0
[ 48.238604][ T5021] ? __mark_inode_dirty+0x297/0xd60
[ 48.243788][ T5021] hfs_get_block+0x17f/0x820
[ 48.248393][ T5021] __block_write_begin_int+0x3bd/0x14b0
[ 48.253976][ T5021] ? hfs_extend_file+0xae0/0xae0
[ 48.258943][ T5021] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 48.264494][ T5021] ? folio_flags.constprop.0+0x53/0x150
[ 48.270033][ T5021] ? hfs_extend_file+0xae0/0xae0
[ 48.274964][ T5021] block_write_begin+0xb9/0x4d0
[ 48.279817][ T5021] cont_write_begin+0x534/0x740
[ 48.284652][ T5021] ? hfs_extend_file+0xae0/0xae0
[ 48.289573][ T5021] ? block_write_begin+0x4d0/0x4d0
[ 48.294665][ T5021] ? fault_in_readable+0x129/0x210
[ 48.299761][ T5021] ? fault_in_subpage_writeable+0x20/0x20
[ 48.305476][ T5021] hfs_write_begin+0x87/0x150
[ 48.310168][ T5021] ? hfs_extend_file+0xae0/0xae0
[ 48.315112][ T5021] generic_perform_write+0x256/0x570
[ 48.320386][ T5021] ? generic_file_readonly_mmap+0x180/0x180
[ 48.326262][ T5021] ? new_inode+0x280/0x280
[ 48.330663][ T5021] ? generic_write_checks+0x2c0/0x400
[ 48.336018][ T5021] __generic_file_write_iter+0x2ae/0x500
[ 48.341643][ T5021] generic_file_write_iter+0xe3/0x350
[ 48.347037][ T5021] vfs_write+0x945/0xd50
[ 48.351316][ T5021] ? kernel_write+0x670/0x670
[ 48.356016][ T5021] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 48.361473][ T5021] ? find_held_lock+0x2d/0x110
[ 48.366221][ T5021] ? lock_downgrade+0x690/0x690
[ 48.371055][ T5021] ? __fget_light+0x20a/0x270
[ 48.375743][ T5021] ksys_write+0x12b/0x250
[ 48.380090][ T5021] ? __ia32_sys_read+0xb0/0xb0
[ 48.384845][ T5021] ? lockdep_hardirqs_on+0x7d/0x100
[ 48.390028][ T5021] ? _raw_spin_unlock_irq+0x2e/0x50
[ 48.395206][ T5021] ? ptrace_notify+0xfe/0x140
[ 48.399882][ T5021] do_syscall_64+0x39/0xb0
[ 48.404285][ T5021] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.410165][ T5021] RIP: 0033:0x7f01bbb379f9
[ 48.414559][ T5021] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 48.434187][ T5021] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 48.442599][ T5021] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 48.450561][ T5021] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 48.458526][ T5021] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[pid 5021] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5021] exit_group(0) = ?
[pid 5021] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5021, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/bus") = 0
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./20/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5022
./strace-static-x86_64: Process 5022 attached
[pid 5022] chdir("./21") = 0
[pid 5022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5022] setpgid(0, 0) = 0
[pid 5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5022] write(3, "1000", 4) = 4
[pid 5022] close(3) = 0
[pid 5022] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5022] memfd_create("syzkaller", 0) = 3
[pid 5022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5022] munmap(0x7f01b36ea000, 32768) = 0
[pid 5022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 48.466517][ T5021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 48.474562][ T5021] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000014
[ 48.482534][ T5021]
[pid 5022] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5022] close(3) = 0
[pid 5022] mkdir("./bus", 0777) = 0
[pid 5022] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5022] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5022] chdir("./bus") = 0
[pid 5022] ioctl(4, LOOP_CLR_FD) = 0
[pid 5022] close(4) = 0
[pid 5022] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5022] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5022] write(5, "9", 1) = 1
[ 48.513000][ T5022] loop0: detected capacity change from 0 to 64
[ 48.522226][ T5022] hfs: unable to locate alternate MDB
[ 48.528008][ T5022] hfs: continuing without an alternate MDB
[ 48.546442][ T5022] FAULT_INJECTION: forcing a failure.
[ 48.546442][ T5022] name failslab, interval 1, probability 0, space 0, times 0
[ 48.560664][ T5022] CPU: 0 PID: 5022 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 48.571099][ T5022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 48.581147][ T5022] Call Trace:
[ 48.584425][ T5022]
[ 48.587366][ T5022] dump_stack_lvl+0x136/0x150
[ 48.592071][ T5022] should_fail_ex+0x4a3/0x5b0
[ 48.596750][ T5022] should_failslab+0x9/0x20
[ 48.601275][ T5022] __kmem_cache_alloc_node+0x5b/0x320
[ 48.606684][ T5022] ? hfs_find_init+0x95/0x240
[ 48.611374][ T5022] ? hfs_find_init+0x95/0x240
[ 48.616038][ T5022] __kmalloc+0x4e/0x190
[ 48.620184][ T5022] hfs_find_init+0x95/0x240
[ 48.624673][ T5022] hfs_ext_read_extent+0x18d/0xa20
[ 48.629775][ T5022] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 48.635327][ T5022] ? rcu_is_watching+0x12/0xb0
[ 48.640109][ T5022] ? hfs_free_extents+0x2e0/0x2e0
[ 48.645133][ T5022] ? clean_bdev_aliases+0x4ff/0x600
[ 48.650325][ T5022] ? find_held_lock+0x2d/0x110
[ 48.655088][ T5022] hfs_extend_file+0x4b5/0xae0
[ 48.659847][ T5022] ? spin_bug+0x1c0/0x1c0
[ 48.664174][ T5022] ? hfs_free_fork+0x920/0x920
[ 48.669024][ T5022] ? rcu_is_watching+0x12/0xb0
[ 48.673957][ T5022] ? __mark_inode_dirty+0x297/0xd60
[ 48.679153][ T5022] hfs_get_block+0x17f/0x820
[ 48.683741][ T5022] __block_write_begin_int+0x3bd/0x14b0
[ 48.689275][ T5022] ? hfs_extend_file+0xae0/0xae0
[ 48.694211][ T5022] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 48.699750][ T5022] ? folio_flags.constprop.0+0x53/0x150
[ 48.705312][ T5022] ? hfs_extend_file+0xae0/0xae0
[ 48.710240][ T5022] block_write_begin+0xb9/0x4d0
[ 48.715084][ T5022] cont_write_begin+0x534/0x740
[ 48.719933][ T5022] ? hfs_extend_file+0xae0/0xae0
[ 48.724864][ T5022] ? block_write_begin+0x4d0/0x4d0
[ 48.729970][ T5022] ? fault_in_readable+0x129/0x210
[ 48.735079][ T5022] ? fault_in_subpage_writeable+0x20/0x20
[ 48.740797][ T5022] hfs_write_begin+0x87/0x150
[ 48.745484][ T5022] ? hfs_extend_file+0xae0/0xae0
[ 48.750415][ T5022] generic_perform_write+0x256/0x570
[ 48.755694][ T5022] ? generic_file_readonly_mmap+0x180/0x180
[ 48.761583][ T5022] ? new_inode+0x280/0x280
[ 48.765993][ T5022] ? generic_write_checks+0x2c0/0x400
[ 48.771364][ T5022] __generic_file_write_iter+0x2ae/0x500
[ 48.777019][ T5022] generic_file_write_iter+0xe3/0x350
[ 48.782390][ T5022] vfs_write+0x945/0xd50
[ 48.786623][ T5022] ? kernel_write+0x670/0x670
[ 48.791316][ T5022] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 48.796782][ T5022] ? find_held_lock+0x2d/0x110
[ 48.801555][ T5022] ? lock_downgrade+0x690/0x690
[ 48.806400][ T5022] ? __fget_light+0x20a/0x270
[ 48.811076][ T5022] ksys_write+0x12b/0x250
[ 48.815396][ T5022] ? __ia32_sys_read+0xb0/0xb0
[ 48.820147][ T5022] ? lockdep_hardirqs_on+0x7d/0x100
[ 48.825359][ T5022] ? _raw_spin_unlock_irq+0x2e/0x50
[ 48.830555][ T5022] ? ptrace_notify+0xfe/0x140
[ 48.835261][ T5022] do_syscall_64+0x39/0xb0
[ 48.839759][ T5022] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 48.845718][ T5022] RIP: 0033:0x7f01bbb379f9
[ 48.850144][ T5022] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 48.869765][ T5022] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 48.878172][ T5022] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 48.886132][ T5022] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 48.894088][ T5022] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 48.902045][ T5022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5022] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5022] exit_group(0) = ?
[pid 5022] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5022, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/bus") = 0
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./21/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5023
./strace-static-x86_64: Process 5023 attached
[pid 5023] chdir("./22") = 0
[pid 5023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5023] setpgid(0, 0) = 0
[pid 5023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5023] write(3, "1000", 4) = 4
[pid 5023] close(3) = 0
[pid 5023] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5023] memfd_create("syzkaller", 0) = 3
[pid 5023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5023] munmap(0x7f01b36ea000, 32768) = 0
[pid 5023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5023] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5023] close(3) = 0
[pid 5023] mkdir("./bus", 0777) = 0
[pid 5023] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5023] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5023] chdir("./bus") = 0
[pid 5023] ioctl(4, LOOP_CLR_FD) = 0
[pid 5023] close(4) = 0
[pid 5023] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5023] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5023] write(5, "9", 1) = 1
[pid 5023] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5023] exit_group(0) = ?
[pid 5023] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5023, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/bus") = 0
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./22/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5024
[ 48.910016][ T5022] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000015
[ 48.917988][ T5022]
[ 48.942901][ T5023] loop0: detected capacity change from 0 to 64
[ 48.951776][ T5023] hfs: unable to locate alternate MDB
[ 48.957774][ T5023] hfs: continuing without an alternate MDB
./strace-static-x86_64: Process 5024 attached
[pid 5024] chdir("./23") = 0
[pid 5024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5024] setpgid(0, 0) = 0
[pid 5024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5024] write(3, "1000", 4) = 4
[pid 5024] close(3) = 0
[pid 5024] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5024] memfd_create("syzkaller", 0) = 3
[pid 5024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5024] munmap(0x7f01b36ea000, 32768) = 0
[pid 5024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5024] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5024] close(3) = 0
[pid 5024] mkdir("./bus", 0777) = 0
[pid 5024] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5024] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5024] chdir("./bus") = 0
[pid 5024] ioctl(4, LOOP_CLR_FD) = 0
[pid 5024] close(4) = 0
[pid 5024] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5024] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5024] write(5, "9", 1) = 1
[ 49.004075][ T5024] loop0: detected capacity change from 0 to 64
[ 49.013310][ T5024] hfs: unable to locate alternate MDB
[ 49.019179][ T5024] hfs: continuing without an alternate MDB
[ 49.039940][ T5024] FAULT_INJECTION: forcing a failure.
[ 49.039940][ T5024] name failslab, interval 1, probability 0, space 0, times 0
[ 49.052722][ T5024] CPU: 0 PID: 5024 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 49.063148][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 49.073337][ T5024] Call Trace:
[ 49.076613][ T5024]
[ 49.079536][ T5024] dump_stack_lvl+0x136/0x150
[ 49.084219][ T5024] should_fail_ex+0x4a3/0x5b0
[ 49.088887][ T5024] should_failslab+0x9/0x20
[ 49.093372][ T5024] __kmem_cache_alloc_node+0x5b/0x320
[ 49.098740][ T5024] ? hfs_find_init+0x95/0x240
[ 49.103446][ T5024] ? hfs_find_init+0x95/0x240
[ 49.108122][ T5024] __kmalloc+0x4e/0x190
[ 49.112265][ T5024] hfs_find_init+0x95/0x240
[ 49.116754][ T5024] hfs_ext_read_extent+0x18d/0xa20
[ 49.121867][ T5024] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 49.127403][ T5024] ? hfs_free_extents+0x2e0/0x2e0
[ 49.132418][ T5024] ? clean_bdev_aliases+0x4ff/0x600
[ 49.137608][ T5024] hfs_extend_file+0x4b5/0xae0
[ 49.142364][ T5024] ? spin_bug+0x1c0/0x1c0
[ 49.146702][ T5024] ? hfs_free_fork+0x920/0x920
[ 49.151475][ T5024] ? rcu_is_watching+0x12/0xb0
[ 49.156248][ T5024] ? __mark_inode_dirty+0x297/0xd60
[ 49.161450][ T5024] hfs_get_block+0x17f/0x820
[ 49.166054][ T5024] __block_write_begin_int+0x3bd/0x14b0
[ 49.171602][ T5024] ? hfs_extend_file+0xae0/0xae0
[ 49.176557][ T5024] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 49.182100][ T5024] ? folio_flags.constprop.0+0x53/0x150
[ 49.187652][ T5024] ? hfs_extend_file+0xae0/0xae0
[ 49.192593][ T5024] block_write_begin+0xb9/0x4d0
[ 49.197651][ T5024] cont_write_begin+0x534/0x740
[ 49.202539][ T5024] ? hfs_extend_file+0xae0/0xae0
[ 49.207485][ T5024] ? block_write_begin+0x4d0/0x4d0
[ 49.212586][ T5024] ? fault_in_readable+0x129/0x210
[ 49.217699][ T5024] ? fault_in_subpage_writeable+0x20/0x20
[ 49.223417][ T5024] hfs_write_begin+0x87/0x150
[ 49.228086][ T5024] ? hfs_extend_file+0xae0/0xae0
[ 49.233049][ T5024] generic_perform_write+0x256/0x570
[ 49.238350][ T5024] ? generic_file_readonly_mmap+0x180/0x180
[ 49.244254][ T5024] ? new_inode+0x280/0x280
[ 49.248702][ T5024] ? generic_write_checks+0x2c0/0x400
[ 49.254074][ T5024] __generic_file_write_iter+0x2ae/0x500
[ 49.259711][ T5024] generic_file_write_iter+0xe3/0x350
[ 49.265107][ T5024] vfs_write+0x945/0xd50
[ 49.269342][ T5024] ? kernel_write+0x670/0x670
[ 49.274009][ T5024] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 49.279468][ T5024] ? find_held_lock+0x2d/0x110
[ 49.284237][ T5024] ? lock_downgrade+0x690/0x690
[ 49.289082][ T5024] ? __fget_light+0x20a/0x270
[ 49.293763][ T5024] ksys_write+0x12b/0x250
[ 49.298107][ T5024] ? __ia32_sys_read+0xb0/0xb0
[ 49.302904][ T5024] ? lockdep_hardirqs_on+0x7d/0x100
[ 49.308192][ T5024] ? _raw_spin_unlock_irq+0x2e/0x50
[ 49.313413][ T5024] ? ptrace_notify+0xfe/0x140
[ 49.318129][ T5024] do_syscall_64+0x39/0xb0
[ 49.322588][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.328669][ T5024] RIP: 0033:0x7f01bbb379f9
[ 49.333075][ T5024] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5024] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5024] exit_group(0) = ?
[pid 5024] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5024, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/bus") = 0
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./23/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5025
./strace-static-x86_64: Process 5025 attached
[pid 5025] chdir("./24") = 0
[pid 5025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5025] setpgid(0, 0) = 0
[pid 5025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5025] write(3, "1000", 4) = 4
[pid 5025] close(3) = 0
[pid 5025] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5025] memfd_create("syzkaller", 0) = 3
[pid 5025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5025] munmap(0x7f01b36ea000, 32768) = 0
[pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 49.352776][ T5024] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 49.361182][ T5024] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 49.369165][ T5024] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 49.377126][ T5024] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 49.385087][ T5024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 49.393045][ T5024] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000017
[ 49.401017][ T5024]
[pid 5025] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5025] close(3) = 0
[pid 5025] mkdir("./bus", 0777) = 0
[pid 5025] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5025] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5025] chdir("./bus") = 0
[pid 5025] ioctl(4, LOOP_CLR_FD) = 0
[pid 5025] close(4) = 0
[pid 5025] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5025] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5025] write(5, "9", 1) = 1
[pid 5025] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5025] exit_group(0) = ?
[pid 5025] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5025, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/bus") = 0
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./24/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 49.425552][ T5025] loop0: detected capacity change from 0 to 64
[ 49.434102][ T5025] hfs: unable to locate alternate MDB
[ 49.439657][ T5025] hfs: continuing without an alternate MDB
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5026
./strace-static-x86_64: Process 5026 attached
[pid 5026] chdir("./25") = 0
[pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5026] setpgid(0, 0) = 0
[pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5026] write(3, "1000", 4) = 4
[pid 5026] close(3) = 0
[pid 5026] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5026] memfd_create("syzkaller", 0) = 3
[pid 5026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5026] munmap(0x7f01b36ea000, 32768) = 0
[pid 5026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5026] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5026] close(3) = 0
[pid 5026] mkdir("./bus", 0777) = 0
[pid 5026] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5026] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5026] chdir("./bus") = 0
[pid 5026] ioctl(4, LOOP_CLR_FD) = 0
[pid 5026] close(4) = 0
[pid 5026] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5026] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5026] write(5, "9", 1) = 1
[ 49.502885][ T5026] loop0: detected capacity change from 0 to 64
[ 49.512738][ T5026] hfs: unable to locate alternate MDB
[ 49.518218][ T5026] hfs: continuing without an alternate MDB
[ 49.542160][ T5026] FAULT_INJECTION: forcing a failure.
[ 49.542160][ T5026] name failslab, interval 1, probability 0, space 0, times 0
[ 49.554930][ T5026] CPU: 1 PID: 5026 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 49.565445][ T5026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 49.575506][ T5026] Call Trace:
[ 49.578778][ T5026]
[ 49.581697][ T5026] dump_stack_lvl+0x136/0x150
[ 49.586367][ T5026] should_fail_ex+0x4a3/0x5b0
[ 49.591052][ T5026] should_failslab+0x9/0x20
[ 49.595541][ T5026] __kmem_cache_alloc_node+0x5b/0x320
[ 49.600903][ T5026] ? hfs_find_init+0x95/0x240
[ 49.605569][ T5026] ? hfs_find_init+0x95/0x240
[ 49.610228][ T5026] __kmalloc+0x4e/0x190
[ 49.614380][ T5026] hfs_find_init+0x95/0x240
[ 49.618895][ T5026] hfs_ext_read_extent+0x18d/0xa20
[ 49.623997][ T5026] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 49.629529][ T5026] ? hfs_free_extents+0x2e0/0x2e0
[ 49.634712][ T5026] ? clean_bdev_aliases+0x4ff/0x600
[ 49.639938][ T5026] hfs_extend_file+0x4b5/0xae0
[ 49.644738][ T5026] ? spin_bug+0x1c0/0x1c0
[ 49.649103][ T5026] ? hfs_free_fork+0x920/0x920
[ 49.653870][ T5026] ? rcu_is_watching+0x12/0xb0
[ 49.658630][ T5026] ? __mark_inode_dirty+0x297/0xd60
[ 49.663836][ T5026] hfs_get_block+0x17f/0x820
[ 49.668421][ T5026] __block_write_begin_int+0x3bd/0x14b0
[ 49.673968][ T5026] ? hfs_extend_file+0xae0/0xae0
[ 49.678906][ T5026] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 49.684450][ T5026] ? folio_flags.constprop.0+0x53/0x150
[ 49.690172][ T5026] ? hfs_extend_file+0xae0/0xae0
[ 49.695114][ T5026] block_write_begin+0xb9/0x4d0
[ 49.699979][ T5026] cont_write_begin+0x534/0x740
[ 49.704831][ T5026] ? hfs_extend_file+0xae0/0xae0
[ 49.709763][ T5026] ? block_write_begin+0x4d0/0x4d0
[ 49.714863][ T5026] ? fault_in_readable+0x129/0x210
[ 49.719973][ T5026] ? fault_in_subpage_writeable+0x20/0x20
[ 49.725692][ T5026] hfs_write_begin+0x87/0x150
[ 49.730361][ T5026] ? hfs_extend_file+0xae0/0xae0
[ 49.735292][ T5026] generic_perform_write+0x256/0x570
[ 49.740573][ T5026] ? generic_file_readonly_mmap+0x180/0x180
[ 49.746518][ T5026] ? new_inode+0x280/0x280
[ 49.750952][ T5026] ? generic_write_checks+0x2c0/0x400
[ 49.756327][ T5026] __generic_file_write_iter+0x2ae/0x500
[ 49.761957][ T5026] generic_file_write_iter+0xe3/0x350
[ 49.767331][ T5026] vfs_write+0x945/0xd50
[ 49.771570][ T5026] ? kernel_write+0x670/0x670
[ 49.776233][ T5026] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 49.781686][ T5026] ? find_held_lock+0x2d/0x110
[ 49.786446][ T5026] ? lock_downgrade+0x690/0x690
[ 49.791303][ T5026] ? __fget_light+0x20a/0x270
[ 49.795980][ T5026] ksys_write+0x12b/0x250
[ 49.800297][ T5026] ? __ia32_sys_read+0xb0/0xb0
[ 49.805048][ T5026] ? lockdep_hardirqs_on+0x7d/0x100
[ 49.810243][ T5026] ? _raw_spin_unlock_irq+0x2e/0x50
[ 49.815438][ T5026] ? ptrace_notify+0xfe/0x140
[ 49.820113][ T5026] do_syscall_64+0x39/0xb0
[ 49.824526][ T5026] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 49.830430][ T5026] RIP: 0033:0x7f01bbb379f9
[ 49.834848][ T5026] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 49.854480][ T5026] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 49.863352][ T5026] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 49.871389][ T5026] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 49.879376][ T5026] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 49.887346][ T5026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 49.895382][ T5026] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000019
[pid 5026] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5026] exit_group(0) = ?
[pid 5026] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/bus") = 0
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./25/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5027
./strace-static-x86_64: Process 5027 attached
[pid 5027] chdir("./26") = 0
[pid 5027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5027] setpgid(0, 0) = 0
[pid 5027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5027] write(3, "1000", 4) = 4
[pid 5027] close(3) = 0
[pid 5027] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5027] memfd_create("syzkaller", 0) = 3
[pid 5027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5027] munmap(0x7f01b36ea000, 32768) = 0
[pid 5027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 49.903386][ T5026]
[pid 5027] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5027] close(3) = 0
[pid 5027] mkdir("./bus", 0777) = 0
[pid 5027] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5027] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5027] chdir("./bus") = 0
[pid 5027] ioctl(4, LOOP_CLR_FD) = 0
[pid 5027] close(4) = 0
[pid 5027] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5027] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5027] write(5, "9", 1) = 1
[pid 5027] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5027] exit_group(0) = ?
[pid 5027] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5027, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
[ 49.938606][ T5027] loop0: detected capacity change from 0 to 64
[ 49.948957][ T5027] hfs: unable to locate alternate MDB
[ 49.954343][ T5027] hfs: continuing without an alternate MDB
umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/bus") = 0
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./26/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5028
./strace-static-x86_64: Process 5028 attached
[pid 5028] chdir("./27") = 0
[pid 5028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5028] setpgid(0, 0) = 0
[pid 5028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5028] write(3, "1000", 4) = 4
[pid 5028] close(3) = 0
[pid 5028] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5028] memfd_create("syzkaller", 0) = 3
[pid 5028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5028] munmap(0x7f01b36ea000, 32768) = 0
[pid 5028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5028] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5028] close(3) = 0
[pid 5028] mkdir("./bus", 0777) = 0
[pid 5028] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5028] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5028] chdir("./bus") = 0
[pid 5028] ioctl(4, LOOP_CLR_FD) = 0
[pid 5028] close(4) = 0
[pid 5028] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5028] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5028] write(5, "9", 1) = 1
[pid 5028] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5028] exit_group(0) = ?
[pid 5028] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5028, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/bus") = 0
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./27/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
[ 50.032610][ T5028] loop0: detected capacity change from 0 to 64
[ 50.043411][ T5028] hfs: unable to locate alternate MDB
[ 50.049218][ T5028] hfs: continuing without an alternate MDB
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5029 attached
, child_tidptr=0x5555564865d0) = 5029
[pid 5029] chdir("./28") = 0
[pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5029] setpgid(0, 0) = 0
[pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5029] write(3, "1000", 4) = 4
[pid 5029] close(3) = 0
[pid 5029] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5029] memfd_create("syzkaller", 0) = 3
[pid 5029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5029] munmap(0x7f01b36ea000, 32768) = 0
[pid 5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5029] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5029] close(3) = 0
[pid 5029] mkdir("./bus", 0777) = 0
[pid 5029] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5029] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5029] chdir("./bus") = 0
[pid 5029] ioctl(4, LOOP_CLR_FD) = 0
[pid 5029] close(4) = 0
[pid 5029] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5029] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5029] write(5, "9", 1) = 1
[pid 5029] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5029] exit_group(0) = ?
[pid 5029] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5029, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 50.120113][ T5029] loop0: detected capacity change from 0 to 64
[ 50.128929][ T5029] hfs: unable to locate alternate MDB
[ 50.134382][ T5029] hfs: continuing without an alternate MDB
lstat("./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/bus") = 0
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./28/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5030
./strace-static-x86_64: Process 5030 attached
[pid 5030] chdir("./29") = 0
[pid 5030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5030] setpgid(0, 0) = 0
[pid 5030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5030] write(3, "1000", 4) = 4
[pid 5030] close(3) = 0
[pid 5030] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5030] memfd_create("syzkaller", 0) = 3
[pid 5030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5030] munmap(0x7f01b36ea000, 32768) = 0
[pid 5030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5030] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5030] close(3) = 0
[pid 5030] mkdir("./bus", 0777) = 0
[pid 5030] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5030] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5030] chdir("./bus") = 0
[pid 5030] ioctl(4, LOOP_CLR_FD) = 0
[pid 5030] close(4) = 0
[pid 5030] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5030] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5030] write(5, "9", 1) = 1
[ 50.210789][ T5030] loop0: detected capacity change from 0 to 64
[ 50.220077][ T5030] hfs: unable to locate alternate MDB
[ 50.225895][ T5030] hfs: continuing without an alternate MDB
[ 50.249702][ T5030] FAULT_INJECTION: forcing a failure.
[ 50.249702][ T5030] name failslab, interval 1, probability 0, space 0, times 0
[ 50.262414][ T5030] CPU: 0 PID: 5030 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 50.272845][ T5030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 50.282999][ T5030] Call Trace:
[ 50.286301][ T5030]
[ 50.289224][ T5030] dump_stack_lvl+0x136/0x150
[ 50.293906][ T5030] should_fail_ex+0x4a3/0x5b0
[ 50.298625][ T5030] should_failslab+0x9/0x20
[ 50.303151][ T5030] __kmem_cache_alloc_node+0x5b/0x320
[ 50.308554][ T5030] ? hfs_find_init+0x95/0x240
[ 50.313231][ T5030] ? hfs_find_init+0x95/0x240
[ 50.317911][ T5030] __kmalloc+0x4e/0x190
[ 50.322102][ T5030] hfs_find_init+0x95/0x240
[ 50.326666][ T5030] hfs_ext_read_extent+0x18d/0xa20
[ 50.331801][ T5030] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 50.337358][ T5030] ? hfs_free_extents+0x2e0/0x2e0
[ 50.342370][ T5030] ? clean_bdev_aliases+0x4ff/0x600
[ 50.347558][ T5030] hfs_extend_file+0x4b5/0xae0
[ 50.352323][ T5030] ? spin_bug+0x1c0/0x1c0
[ 50.356743][ T5030] ? hfs_free_fork+0x920/0x920
[ 50.361488][ T5030] ? rcu_is_watching+0x12/0xb0
[ 50.366304][ T5030] ? __mark_inode_dirty+0x297/0xd60
[ 50.371506][ T5030] hfs_get_block+0x17f/0x820
[ 50.376083][ T5030] __block_write_begin_int+0x3bd/0x14b0
[ 50.381617][ T5030] ? hfs_extend_file+0xae0/0xae0
[ 50.386577][ T5030] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 50.392167][ T5030] ? folio_flags.constprop.0+0x53/0x150
[ 50.397721][ T5030] ? hfs_extend_file+0xae0/0xae0
[ 50.402641][ T5030] block_write_begin+0xb9/0x4d0
[ 50.407478][ T5030] cont_write_begin+0x534/0x740
[ 50.412314][ T5030] ? hfs_extend_file+0xae0/0xae0
[ 50.417233][ T5030] ? block_write_begin+0x4d0/0x4d0
[ 50.422326][ T5030] ? fault_in_readable+0x129/0x210
[ 50.427444][ T5030] ? fault_in_subpage_writeable+0x20/0x20
[ 50.433147][ T5030] hfs_write_begin+0x87/0x150
[ 50.437839][ T5030] ? hfs_extend_file+0xae0/0xae0
[ 50.442792][ T5030] generic_perform_write+0x256/0x570
[ 50.448072][ T5030] ? generic_file_readonly_mmap+0x180/0x180
[ 50.453957][ T5030] ? new_inode+0x280/0x280
[ 50.458372][ T5030] ? generic_write_checks+0x2c0/0x400
[ 50.463745][ T5030] __generic_file_write_iter+0x2ae/0x500
[ 50.469423][ T5030] generic_file_write_iter+0xe3/0x350
[ 50.474836][ T5030] vfs_write+0x945/0xd50
[ 50.479082][ T5030] ? kernel_write+0x670/0x670
[ 50.483737][ T5030] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 50.489200][ T5030] ? find_held_lock+0x2d/0x110
[ 50.493952][ T5030] ? lock_downgrade+0x690/0x690
[ 50.498793][ T5030] ? __fget_light+0x20a/0x270
[ 50.503477][ T5030] ksys_write+0x12b/0x250
[ 50.507837][ T5030] ? __ia32_sys_read+0xb0/0xb0
[ 50.512592][ T5030] ? lockdep_hardirqs_on+0x7d/0x100
[ 50.517811][ T5030] ? _raw_spin_unlock_irq+0x2e/0x50
[ 50.523023][ T5030] ? ptrace_notify+0xfe/0x140
[ 50.527689][ T5030] do_syscall_64+0x39/0xb0
[ 50.532132][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 50.538031][ T5030] RIP: 0033:0x7f01bbb379f9
[ 50.542446][ T5030] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 50.562038][ T5030] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 50.570450][ T5030] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 50.578409][ T5030] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 50.586384][ T5030] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 50.594408][ T5030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 50.602390][ T5030] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 000000000000001d
[pid 5030] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5030] exit_group(0) = ?
[pid 5030] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5030, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/bus") = 0
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./29/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5031
./strace-static-x86_64: Process 5031 attached
[pid 5031] chdir("./30") = 0
[pid 5031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5031] setpgid(0, 0) = 0
[pid 5031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5031] write(3, "1000", 4) = 4
[ 50.610365][ T5030]
[pid 5031] close(3) = 0
[pid 5031] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5031] memfd_create("syzkaller", 0) = 3
[pid 5031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5031] munmap(0x7f01b36ea000, 32768) = 0
[pid 5031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5031] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5031] close(3) = 0
[pid 5031] mkdir("./bus", 0777) = 0
[pid 5031] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5031] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5031] chdir("./bus") = 0
[pid 5031] ioctl(4, LOOP_CLR_FD) = 0
[pid 5031] close(4) = 0
[pid 5031] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5031] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5031] write(5, "9", 1) = 1
[pid 5031] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5031] exit_group(0) = ?
[pid 5031] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5031, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/bus") = 0
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 50.663059][ T5031] loop0: detected capacity change from 0 to 64
[ 50.672876][ T5031] hfs: unable to locate alternate MDB
[ 50.679150][ T5031] hfs: continuing without an alternate MDB
lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./30/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5032
./strace-static-x86_64: Process 5032 attached
[pid 5032] chdir("./31") = 0
[pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5032] setpgid(0, 0) = 0
[pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5032] write(3, "1000", 4) = 4
[pid 5032] close(3) = 0
[pid 5032] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5032] memfd_create("syzkaller", 0) = 3
[pid 5032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5032] munmap(0x7f01b36ea000, 32768) = 0
[pid 5032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5032] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5032] close(3) = 0
[pid 5032] mkdir("./bus", 0777) = 0
[pid 5032] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5032] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5032] chdir("./bus") = 0
[pid 5032] ioctl(4, LOOP_CLR_FD) = 0
[pid 5032] close(4) = 0
[pid 5032] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5032] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5032] write(5, "9", 1) = 1
[pid 5032] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5032] exit_group(0) = ?
[pid 5032] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5032, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/bus") = 0
[ 50.744938][ T5032] loop0: detected capacity change from 0 to 64
[ 50.753809][ T5032] hfs: unable to locate alternate MDB
[ 50.759667][ T5032] hfs: continuing without an alternate MDB
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./31/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5033
./strace-static-x86_64: Process 5033 attached
[pid 5033] chdir("./32") = 0
[pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5033] setpgid(0, 0) = 0
[pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5033] write(3, "1000", 4) = 4
[pid 5033] close(3) = 0
[pid 5033] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5033] memfd_create("syzkaller", 0) = 3
[pid 5033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5033] munmap(0x7f01b36ea000, 32768) = 0
[pid 5033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5033] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5033] close(3) = 0
[pid 5033] mkdir("./bus", 0777) = 0
[pid 5033] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5033] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5033] chdir("./bus") = 0
[pid 5033] ioctl(4, LOOP_CLR_FD) = 0
[pid 5033] close(4) = 0
[pid 5033] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5033] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5033] write(5, "9", 1) = 1
[ 50.822369][ T5033] loop0: detected capacity change from 0 to 64
[ 50.833877][ T5033] hfs: unable to locate alternate MDB
[ 50.839661][ T5033] hfs: continuing without an alternate MDB
[ 50.868878][ T5033] FAULT_INJECTION: forcing a failure.
[ 50.868878][ T5033] name failslab, interval 1, probability 0, space 0, times 0
[ 50.881773][ T5033] CPU: 1 PID: 5033 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 50.892330][ T5033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 50.902419][ T5033] Call Trace:
[ 50.905723][ T5033]
[ 50.908641][ T5033] dump_stack_lvl+0x136/0x150
[ 50.913316][ T5033] should_fail_ex+0x4a3/0x5b0
[ 50.918020][ T5033] should_failslab+0x9/0x20
[ 50.922511][ T5033] __kmem_cache_alloc_node+0x5b/0x320
[ 50.927895][ T5033] ? hfs_find_init+0x95/0x240
[ 50.932560][ T5033] ? hfs_find_init+0x95/0x240
[ 50.937230][ T5033] __kmalloc+0x4e/0x190
[ 50.941402][ T5033] hfs_find_init+0x95/0x240
[ 50.945985][ T5033] hfs_ext_read_extent+0x18d/0xa20
[ 50.951092][ T5033] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 50.956641][ T5033] ? hfs_free_extents+0x2e0/0x2e0
[ 50.961678][ T5033] ? clean_bdev_aliases+0x4ff/0x600
[ 50.966961][ T5033] hfs_extend_file+0x4b5/0xae0
[ 50.971734][ T5033] ? spin_bug+0x1c0/0x1c0
[ 50.976085][ T5033] ? hfs_free_fork+0x920/0x920
[ 50.980895][ T5033] ? rcu_is_watching+0x12/0xb0
[ 50.985711][ T5033] ? __mark_inode_dirty+0x297/0xd60
[ 50.990909][ T5033] hfs_get_block+0x17f/0x820
[ 50.995514][ T5033] __block_write_begin_int+0x3bd/0x14b0
[ 51.001062][ T5033] ? hfs_extend_file+0xae0/0xae0
[ 51.005997][ T5033] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 51.011532][ T5033] ? folio_flags.constprop.0+0x53/0x150
[ 51.017118][ T5033] ? hfs_extend_file+0xae0/0xae0
[ 51.022048][ T5033] block_write_begin+0xb9/0x4d0
[ 51.026893][ T5033] cont_write_begin+0x534/0x740
[ 51.031746][ T5033] ? hfs_extend_file+0xae0/0xae0
[ 51.036690][ T5033] ? block_write_begin+0x4d0/0x4d0
[ 51.041796][ T5033] ? fault_in_readable+0x129/0x210
[ 51.046905][ T5033] ? fault_in_subpage_writeable+0x20/0x20
[ 51.052638][ T5033] hfs_write_begin+0x87/0x150
[ 51.057309][ T5033] ? hfs_extend_file+0xae0/0xae0
[ 51.062238][ T5033] generic_perform_write+0x256/0x570
[ 51.067519][ T5033] ? generic_file_readonly_mmap+0x180/0x180
[ 51.073405][ T5033] ? new_inode+0x280/0x280
[ 51.077828][ T5033] ? generic_write_checks+0x2c0/0x400
[ 51.083204][ T5033] __generic_file_write_iter+0x2ae/0x500
[ 51.089013][ T5033] generic_file_write_iter+0xe3/0x350
[ 51.094389][ T5033] vfs_write+0x945/0xd50
[ 51.098626][ T5033] ? kernel_write+0x670/0x670
[ 51.103324][ T5033] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 51.108796][ T5033] ? find_held_lock+0x2d/0x110
[ 51.113559][ T5033] ? lock_downgrade+0x690/0x690
[ 51.118406][ T5033] ? __fget_light+0x20a/0x270
[ 51.123120][ T5033] ksys_write+0x12b/0x250
[ 51.127565][ T5033] ? __ia32_sys_read+0xb0/0xb0
[ 51.132325][ T5033] ? lockdep_hardirqs_on+0x7d/0x100
[ 51.137522][ T5033] ? _raw_spin_unlock_irq+0x2e/0x50
[ 51.142723][ T5033] ? ptrace_notify+0xfe/0x140
[ 51.147402][ T5033] do_syscall_64+0x39/0xb0
[ 51.151827][ T5033] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.157724][ T5033] RIP: 0033:0x7f01bbb379f9
[ 51.162245][ T5033] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 51.181886][ T5033] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 51.190383][ T5033] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 51.198419][ T5033] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 51.206718][ T5033] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[pid 5033] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5033] exit_group(0) = ?
[pid 5033] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5033, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 51.214692][ T5033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 51.222748][ T5033] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000020
[ 51.230768][ T5033]
umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/bus") = 0
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./32/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5034
./strace-static-x86_64: Process 5034 attached
[pid 5034] chdir("./33") = 0
[pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5034] setpgid(0, 0) = 0
[pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5034] write(3, "1000", 4) = 4
[pid 5034] close(3) = 0
[pid 5034] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5034] memfd_create("syzkaller", 0) = 3
[pid 5034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5034] munmap(0x7f01b36ea000, 32768) = 0
[pid 5034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5034] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5034] close(3) = 0
[pid 5034] mkdir("./bus", 0777) = 0
[pid 5034] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5034] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5034] chdir("./bus") = 0
[pid 5034] ioctl(4, LOOP_CLR_FD) = 0
[pid 5034] close(4) = 0
[pid 5034] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5034] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5034] write(5, "9", 1) = 1
[pid 5034] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5034] exit_group(0) = ?
[pid 5034] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5034, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/bus") = 0
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./33/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 51.316701][ T5034] loop0: detected capacity change from 0 to 64
[ 51.325528][ T5034] hfs: unable to locate alternate MDB
[ 51.332510][ T5034] hfs: continuing without an alternate MDB
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5035 attached
[pid 5035] chdir("./34"
[pid 4999] <... clone resumed>, child_tidptr=0x5555564865d0) = 5035
[pid 5035] <... chdir resumed>) = 0
[pid 5035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5035] setpgid(0, 0) = 0
[pid 5035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5035] write(3, "1000", 4) = 4
[pid 5035] close(3) = 0
[pid 5035] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5035] memfd_create("syzkaller", 0) = 3
[pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5035] munmap(0x7f01b36ea000, 32768) = 0
[pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5035] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5035] close(3) = 0
[pid 5035] mkdir("./bus", 0777) = 0
[pid 5035] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5035] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5035] chdir("./bus") = 0
[pid 5035] ioctl(4, LOOP_CLR_FD) = 0
[pid 5035] close(4) = 0
[pid 5035] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5035] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5035] write(5, "9", 1) = 1
[pid 5035] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5035] exit_group(0) = ?
[pid 5035] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5035, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
[ 51.404005][ T5035] loop0: detected capacity change from 0 to 64
[ 51.413348][ T5035] hfs: unable to locate alternate MDB
[ 51.418793][ T5035] hfs: continuing without an alternate MDB
umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/bus") = 0
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./34/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5036 attached
, child_tidptr=0x5555564865d0) = 5036
[pid 5036] chdir("./35") = 0
[pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5036] setpgid(0, 0) = 0
[pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5036] write(3, "1000", 4) = 4
[pid 5036] close(3) = 0
[pid 5036] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5036] memfd_create("syzkaller", 0) = 3
[pid 5036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5036] munmap(0x7f01b36ea000, 32768) = 0
[pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5036] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5036] close(3) = 0
[pid 5036] mkdir("./bus", 0777) = 0
[pid 5036] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5036] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5036] chdir("./bus") = 0
[pid 5036] ioctl(4, LOOP_CLR_FD) = 0
[pid 5036] close(4) = 0
[pid 5036] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5036] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5036] write(5, "9", 1) = 1
[ 51.516438][ T5036] loop0: detected capacity change from 0 to 64
[ 51.526544][ T5036] hfs: unable to locate alternate MDB
[ 51.533119][ T5036] hfs: continuing without an alternate MDB
[ 51.556246][ T5036] FAULT_INJECTION: forcing a failure.
[ 51.556246][ T5036] name failslab, interval 1, probability 0, space 0, times 0
[ 51.569678][ T5036] CPU: 1 PID: 5036 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 51.580114][ T5036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 51.590170][ T5036] Call Trace:
[ 51.593463][ T5036]
[ 51.596387][ T5036] dump_stack_lvl+0x136/0x150
[ 51.601060][ T5036] should_fail_ex+0x4a3/0x5b0
[ 51.605741][ T5036] should_failslab+0x9/0x20
[ 51.610235][ T5036] __kmem_cache_alloc_node+0x5b/0x320
[ 51.615631][ T5036] ? hfs_find_init+0x95/0x240
[ 51.620416][ T5036] ? hfs_find_init+0x95/0x240
[ 51.625089][ T5036] __kmalloc+0x4e/0x190
[ 51.629256][ T5036] hfs_find_init+0x95/0x240
[ 51.633750][ T5036] hfs_ext_read_extent+0x18d/0xa20
[ 51.638856][ T5036] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 51.644417][ T5036] ? hfs_free_extents+0x2e0/0x2e0
[ 51.649477][ T5036] ? clean_bdev_aliases+0x4ff/0x600
[ 51.654791][ T5036] hfs_extend_file+0x4b5/0xae0
[ 51.659607][ T5036] ? spin_bug+0x1c0/0x1c0
[ 51.663992][ T5036] ? hfs_free_fork+0x920/0x920
[ 51.668764][ T5036] ? rcu_is_watching+0x12/0xb0
[ 51.673531][ T5036] ? __mark_inode_dirty+0x297/0xd60
[ 51.678741][ T5036] hfs_get_block+0x17f/0x820
[ 51.683325][ T5036] __block_write_begin_int+0x3bd/0x14b0
[ 51.688888][ T5036] ? hfs_extend_file+0xae0/0xae0
[ 51.693828][ T5036] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 51.699383][ T5036] ? folio_flags.constprop.0+0x53/0x150
[ 51.704962][ T5036] ? hfs_extend_file+0xae0/0xae0
[ 51.709963][ T5036] block_write_begin+0xb9/0x4d0
[ 51.714835][ T5036] cont_write_begin+0x534/0x740
[ 51.719681][ T5036] ? hfs_extend_file+0xae0/0xae0
[ 51.724613][ T5036] ? block_write_begin+0x4d0/0x4d0
[ 51.729720][ T5036] ? fault_in_readable+0x129/0x210
[ 51.734838][ T5036] ? fault_in_subpage_writeable+0x20/0x20
[ 51.740557][ T5036] hfs_write_begin+0x87/0x150
[ 51.745227][ T5036] ? hfs_extend_file+0xae0/0xae0
[ 51.750488][ T5036] generic_perform_write+0x256/0x570
[ 51.755910][ T5036] ? generic_file_readonly_mmap+0x180/0x180
[ 51.761817][ T5036] ? new_inode+0x280/0x280
[ 51.766234][ T5036] ? generic_write_checks+0x2c0/0x400
[ 51.771608][ T5036] __generic_file_write_iter+0x2ae/0x500
[ 51.777268][ T5036] generic_file_write_iter+0xe3/0x350
[ 51.782683][ T5036] vfs_write+0x945/0xd50
[ 51.786935][ T5036] ? kernel_write+0x670/0x670
[ 51.791722][ T5036] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 51.797190][ T5036] ? find_held_lock+0x2d/0x110
[ 51.801956][ T5036] ? lock_downgrade+0x690/0x690
[ 51.806801][ T5036] ? __fget_light+0x20a/0x270
[ 51.811477][ T5036] ksys_write+0x12b/0x250
[ 51.815802][ T5036] ? __ia32_sys_read+0xb0/0xb0
[ 51.820550][ T5036] ? lockdep_hardirqs_on+0x7d/0x100
[ 51.825743][ T5036] ? _raw_spin_unlock_irq+0x2e/0x50
[ 51.830938][ T5036] ? ptrace_notify+0xfe/0x140
[ 51.835619][ T5036] do_syscall_64+0x39/0xb0
[ 51.840038][ T5036] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.845926][ T5036] RIP: 0033:0x7f01bbb379f9
[ 51.850327][ T5036] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 51.869947][ T5036] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 51.878529][ T5036] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 51.886594][ T5036] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 51.894553][ T5036] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 51.902658][ T5036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5036] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5036] exit_group(0) = ?
[pid 5036] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5036, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
[ 51.910636][ T5036] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000023
[ 51.918638][ T5036]
umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/bus") = 0
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./35/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5037
./strace-static-x86_64: Process 5037 attached
[pid 5037] chdir("./36") = 0
[pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5037] setpgid(0, 0) = 0
[pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5037] write(3, "1000", 4) = 4
[pid 5037] close(3) = 0
[pid 5037] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5037] memfd_create("syzkaller", 0) = 3
[pid 5037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5037] munmap(0x7f01b36ea000, 32768) = 0
[pid 5037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5037] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5037] close(3) = 0
[pid 5037] mkdir("./bus", 0777) = 0
[pid 5037] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5037] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5037] chdir("./bus") = 0
[pid 5037] ioctl(4, LOOP_CLR_FD) = 0
[pid 5037] close(4) = 0
[pid 5037] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5037] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5037] write(5, "9", 1) = 1
[ 52.010544][ T5037] loop0: detected capacity change from 0 to 64
[ 52.020145][ T5037] hfs: unable to locate alternate MDB
[ 52.025636][ T5037] hfs: continuing without an alternate MDB
[ 52.047860][ T5037] FAULT_INJECTION: forcing a failure.
[ 52.047860][ T5037] name failslab, interval 1, probability 0, space 0, times 0
[ 52.060678][ T5037] CPU: 1 PID: 5037 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 52.071117][ T5037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 52.082110][ T5037] Call Trace:
[ 52.085653][ T5037]
[ 52.088627][ T5037] dump_stack_lvl+0x136/0x150
[ 52.093338][ T5037] should_fail_ex+0x4a3/0x5b0
[ 52.098021][ T5037] should_failslab+0x9/0x20
[ 52.102518][ T5037] __kmem_cache_alloc_node+0x5b/0x320
[ 52.107902][ T5037] ? hfs_find_init+0x95/0x240
[ 52.112586][ T5037] ? hfs_find_init+0x95/0x240
[ 52.117257][ T5037] __kmalloc+0x4e/0x190
[ 52.121402][ T5037] hfs_find_init+0x95/0x240
[ 52.125897][ T5037] hfs_ext_read_extent+0x18d/0xa20
[ 52.131036][ T5037] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 52.136642][ T5037] ? hfs_free_extents+0x2e0/0x2e0
[ 52.141697][ T5037] ? clean_bdev_aliases+0x4ff/0x600
[ 52.146897][ T5037] hfs_extend_file+0x4b5/0xae0
[ 52.151674][ T5037] ? spin_bug+0x1c0/0x1c0
[ 52.156029][ T5037] ? hfs_free_fork+0x920/0x920
[ 52.160792][ T5037] ? rcu_is_watching+0x12/0xb0
[ 52.165561][ T5037] ? __mark_inode_dirty+0x297/0xd60
[ 52.170791][ T5037] hfs_get_block+0x17f/0x820
[ 52.175417][ T5037] __block_write_begin_int+0x3bd/0x14b0
[ 52.180995][ T5037] ? hfs_extend_file+0xae0/0xae0
[ 52.185935][ T5037] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 52.191857][ T5037] ? folio_flags.constprop.0+0x53/0x150
[ 52.197485][ T5037] ? hfs_extend_file+0xae0/0xae0
[ 52.202535][ T5037] block_write_begin+0xb9/0x4d0
[ 52.207444][ T5037] cont_write_begin+0x534/0x740
[ 52.212305][ T5037] ? hfs_extend_file+0xae0/0xae0
[ 52.217263][ T5037] ? block_write_begin+0x4d0/0x4d0
[ 52.222392][ T5037] ? fault_in_readable+0x129/0x210
[ 52.227537][ T5037] ? fault_in_subpage_writeable+0x20/0x20
[ 52.233272][ T5037] hfs_write_begin+0x87/0x150
[ 52.237942][ T5037] ? hfs_extend_file+0xae0/0xae0
[ 52.242875][ T5037] generic_perform_write+0x256/0x570
[ 52.248159][ T5037] ? generic_file_readonly_mmap+0x180/0x180
[ 52.254051][ T5037] ? new_inode+0x280/0x280
[ 52.258472][ T5037] ? generic_write_checks+0x2c0/0x400
[ 52.263844][ T5037] __generic_file_write_iter+0x2ae/0x500
[ 52.269487][ T5037] generic_file_write_iter+0xe3/0x350
[ 52.274865][ T5037] vfs_write+0x945/0xd50
[ 52.279104][ T5037] ? kernel_write+0x670/0x670
[ 52.283771][ T5037] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 52.289225][ T5037] ? find_held_lock+0x2d/0x110
[ 52.293990][ T5037] ? lock_downgrade+0x690/0x690
[ 52.298860][ T5037] ? __fget_light+0x20a/0x270
[ 52.303569][ T5037] ksys_write+0x12b/0x250
[ 52.307909][ T5037] ? __ia32_sys_read+0xb0/0xb0
[ 52.312675][ T5037] ? lockdep_hardirqs_on+0x7d/0x100
[ 52.317869][ T5037] ? _raw_spin_unlock_irq+0x2e/0x50
[ 52.323062][ T5037] ? ptrace_notify+0xfe/0x140
[ 52.327734][ T5037] do_syscall_64+0x39/0xb0
[ 52.332186][ T5037] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.338101][ T5037] RIP: 0033:0x7f01bbb379f9
[ 52.342505][ T5037] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.362284][ T5037] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 52.370693][ T5037] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 52.378698][ T5037] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 52.386663][ T5037] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 52.394633][ T5037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 52.402630][ T5037] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000024
[pid 5037] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5037] exit_group(0) = ?
[pid 5037] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5037, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/bus") = 0
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./36/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5038
./strace-static-x86_64: Process 5038 attached
[pid 5038] chdir("./37") = 0
[pid 5038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5038] setpgid(0, 0) = 0
[pid 5038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5038] write(3, "1000", 4) = 4
[pid 5038] close(3) = 0
[pid 5038] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5038] memfd_create("syzkaller", 0) = 3
[pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5038] munmap(0x7f01b36ea000, 32768) = 0
[pid 5038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 52.410625][ T5037]
[pid 5038] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5038] close(3) = 0
[pid 5038] mkdir("./bus", 0777) = 0
[pid 5038] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5038] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5038] chdir("./bus") = 0
[pid 5038] ioctl(4, LOOP_CLR_FD) = 0
[pid 5038] close(4) = 0
[pid 5038] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5038] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5038] write(5, "9", 1) = 1
[ 52.449031][ T5038] loop0: detected capacity change from 0 to 64
[ 52.458408][ T5038] hfs: unable to locate alternate MDB
[ 52.464898][ T5038] hfs: continuing without an alternate MDB
[ 52.482838][ T5038] FAULT_INJECTION: forcing a failure.
[ 52.482838][ T5038] name failslab, interval 1, probability 0, space 0, times 0
[ 52.495754][ T5038] CPU: 0 PID: 5038 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 52.506211][ T5038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 52.516285][ T5038] Call Trace:
[ 52.519611][ T5038]
[ 52.522602][ T5038] dump_stack_lvl+0x136/0x150
[ 52.527412][ T5038] should_fail_ex+0x4a3/0x5b0
[ 52.532259][ T5038] should_failslab+0x9/0x20
[ 52.536908][ T5038] __kmem_cache_alloc_node+0x5b/0x320
[ 52.542413][ T5038] ? hfs_find_init+0x95/0x240
[ 52.547110][ T5038] ? hfs_find_init+0x95/0x240
[ 52.551801][ T5038] __kmalloc+0x4e/0x190
[ 52.555985][ T5038] hfs_find_init+0x95/0x240
[ 52.560522][ T5038] hfs_ext_read_extent+0x18d/0xa20
[ 52.565650][ T5038] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 52.571211][ T5038] ? hfs_free_extents+0x2e0/0x2e0
[ 52.576249][ T5038] ? clean_bdev_aliases+0x4ff/0x600
[ 52.581495][ T5038] hfs_extend_file+0x4b5/0xae0
[ 52.586285][ T5038] ? spin_bug+0x1c0/0x1c0
[ 52.590633][ T5038] ? hfs_free_fork+0x920/0x920
[ 52.595442][ T5038] ? rcu_is_watching+0x12/0xb0
[ 52.600218][ T5038] ? __mark_inode_dirty+0x297/0xd60
[ 52.605454][ T5038] hfs_get_block+0x17f/0x820
[ 52.610074][ T5038] __block_write_begin_int+0x3bd/0x14b0
[ 52.615628][ T5038] ? hfs_extend_file+0xae0/0xae0
[ 52.620570][ T5038] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 52.626207][ T5038] ? folio_flags.constprop.0+0x53/0x150
[ 52.631926][ T5038] ? hfs_extend_file+0xae0/0xae0
[ 52.636977][ T5038] block_write_begin+0xb9/0x4d0
[ 52.641838][ T5038] cont_write_begin+0x534/0x740
[ 52.646696][ T5038] ? hfs_extend_file+0xae0/0xae0
[ 52.651643][ T5038] ? block_write_begin+0x4d0/0x4d0
[ 52.656750][ T5038] ? fault_in_readable+0x129/0x210
[ 52.661860][ T5038] ? fault_in_subpage_writeable+0x20/0x20
[ 52.667596][ T5038] hfs_write_begin+0x87/0x150
[ 52.672384][ T5038] ? hfs_extend_file+0xae0/0xae0
[ 52.677473][ T5038] generic_perform_write+0x256/0x570
[ 52.682809][ T5038] ? generic_file_readonly_mmap+0x180/0x180
[ 52.688743][ T5038] ? new_inode+0x280/0x280
[ 52.693166][ T5038] ? generic_write_checks+0x2c0/0x400
[ 52.698653][ T5038] __generic_file_write_iter+0x2ae/0x500
[ 52.704449][ T5038] generic_file_write_iter+0xe3/0x350
[ 52.709911][ T5038] vfs_write+0x945/0xd50
[ 52.714150][ T5038] ? kernel_write+0x670/0x670
[ 52.718820][ T5038] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 52.724287][ T5038] ? find_held_lock+0x2d/0x110
[ 52.729063][ T5038] ? lock_downgrade+0x690/0x690
[ 52.733917][ T5038] ? __fget_light+0x20a/0x270
[ 52.738648][ T5038] ksys_write+0x12b/0x250
[ 52.742996][ T5038] ? __ia32_sys_read+0xb0/0xb0
[ 52.747791][ T5038] ? lockdep_hardirqs_on+0x7d/0x100
[ 52.752992][ T5038] ? _raw_spin_unlock_irq+0x2e/0x50
[ 52.758199][ T5038] ? ptrace_notify+0xfe/0x140
[ 52.762891][ T5038] do_syscall_64+0x39/0xb0
[ 52.767324][ T5038] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.773235][ T5038] RIP: 0033:0x7f01bbb379f9
[ 52.777653][ T5038] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5038] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5038] exit_group(0) = ?
[pid 5038] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5038, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
[ 52.797376][ T5038] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 52.805980][ T5038] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 52.814021][ T5038] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 52.821999][ T5038] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 52.829976][ T5038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 52.837951][ T5038] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000025
[ 52.845941][ T5038]
umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/bus") = 0
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./37/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5039
./strace-static-x86_64: Process 5039 attached
[pid 5039] chdir("./38") = 0
[pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5039] setpgid(0, 0) = 0
[pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5039] write(3, "1000", 4) = 4
[pid 5039] close(3) = 0
[pid 5039] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5039] memfd_create("syzkaller", 0) = 3
[pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5039] munmap(0x7f01b36ea000, 32768) = 0
[pid 5039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5039] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5039] close(3) = 0
[pid 5039] mkdir("./bus", 0777) = 0
[pid 5039] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5039] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5039] chdir("./bus") = 0
[pid 5039] ioctl(4, LOOP_CLR_FD) = 0
[pid 5039] close(4) = 0
[pid 5039] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5039] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5039] write(5, "9", 1) = 1
[ 52.911986][ T5039] loop0: detected capacity change from 0 to 64
[ 52.921480][ T5039] hfs: unable to locate alternate MDB
[ 52.926907][ T5039] hfs: continuing without an alternate MDB
[ 52.951744][ T5039] FAULT_INJECTION: forcing a failure.
[ 52.951744][ T5039] name failslab, interval 1, probability 0, space 0, times 0
[ 52.964657][ T5039] CPU: 0 PID: 5039 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 52.975094][ T5039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 52.985154][ T5039] Call Trace:
[ 52.988429][ T5039]
[ 52.991373][ T5039] dump_stack_lvl+0x136/0x150
[ 52.996064][ T5039] should_fail_ex+0x4a3/0x5b0
[ 53.000740][ T5039] should_failslab+0x9/0x20
[ 53.005247][ T5039] __kmem_cache_alloc_node+0x5b/0x320
[ 53.010638][ T5039] ? hfs_find_init+0x95/0x240
[ 53.015326][ T5039] ? hfs_find_init+0x95/0x240
[ 53.020009][ T5039] __kmalloc+0x4e/0x190
[ 53.024155][ T5039] hfs_find_init+0x95/0x240
[ 53.028669][ T5039] hfs_ext_read_extent+0x18d/0xa20
[ 53.033804][ T5039] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 53.039382][ T5039] ? hfs_free_extents+0x2e0/0x2e0
[ 53.044419][ T5039] ? clean_bdev_aliases+0x4ff/0x600
[ 53.049612][ T5039] hfs_extend_file+0x4b5/0xae0
[ 53.054367][ T5039] ? spin_bug+0x1c0/0x1c0
[ 53.058698][ T5039] ? hfs_free_fork+0x920/0x920
[ 53.063464][ T5039] ? rcu_is_watching+0x12/0xb0
[ 53.068215][ T5039] ? __mark_inode_dirty+0x297/0xd60
[ 53.073437][ T5039] hfs_get_block+0x17f/0x820
[ 53.078039][ T5039] __block_write_begin_int+0x3bd/0x14b0
[ 53.083579][ T5039] ? hfs_extend_file+0xae0/0xae0
[ 53.088512][ T5039] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 53.094075][ T5039] ? folio_flags.constprop.0+0x53/0x150
[ 53.099717][ T5039] ? hfs_extend_file+0xae0/0xae0
[ 53.104652][ T5039] block_write_begin+0xb9/0x4d0
[ 53.109499][ T5039] cont_write_begin+0x534/0x740
[ 53.114357][ T5039] ? hfs_extend_file+0xae0/0xae0
[ 53.119282][ T5039] ? block_write_begin+0x4d0/0x4d0
[ 53.124383][ T5039] ? fault_in_readable+0x129/0x210
[ 53.129493][ T5039] ? fault_in_subpage_writeable+0x20/0x20
[ 53.135250][ T5039] hfs_write_begin+0x87/0x150
[ 53.139955][ T5039] ? hfs_extend_file+0xae0/0xae0
[ 53.144893][ T5039] generic_perform_write+0x256/0x570
[ 53.150185][ T5039] ? generic_file_readonly_mmap+0x180/0x180
[ 53.156077][ T5039] ? new_inode+0x280/0x280
[ 53.160496][ T5039] ? generic_write_checks+0x2c0/0x400
[ 53.165883][ T5039] __generic_file_write_iter+0x2ae/0x500
[ 53.171506][ T5039] generic_file_write_iter+0xe3/0x350
[ 53.176867][ T5039] vfs_write+0x945/0xd50
[ 53.181105][ T5039] ? kernel_write+0x670/0x670
[ 53.185803][ T5039] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 53.191262][ T5039] ? find_held_lock+0x2d/0x110
[ 53.196037][ T5039] ? lock_downgrade+0x690/0x690
[ 53.200897][ T5039] ? __fget_light+0x20a/0x270
[ 53.205659][ T5039] ksys_write+0x12b/0x250
[ 53.209984][ T5039] ? __ia32_sys_read+0xb0/0xb0
[ 53.214733][ T5039] ? lockdep_hardirqs_on+0x7d/0x100
[ 53.219919][ T5039] ? _raw_spin_unlock_irq+0x2e/0x50
[ 53.225135][ T5039] ? ptrace_notify+0xfe/0x140
[ 53.229831][ T5039] do_syscall_64+0x39/0xb0
[ 53.234243][ T5039] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.240127][ T5039] RIP: 0033:0x7f01bbb379f9
[ 53.244529][ T5039] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.264143][ T5039] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 53.272565][ T5039] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 53.280542][ T5039] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 53.288501][ T5039] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 53.296458][ T5039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 53.304430][ T5039] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000026
[pid 5039] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5039] exit_group(0) = ?
[pid 5039] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/bus") = 0
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./38/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5040
./strace-static-x86_64: Process 5040 attached
[pid 5040] chdir("./39") = 0
[pid 5040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5040] setpgid(0, 0) = 0
[pid 5040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5040] write(3, "1000", 4) = 4
[pid 5040] close(3) = 0
[pid 5040] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5040] memfd_create("syzkaller", 0) = 3
[pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5040] munmap(0x7f01b36ea000, 32768) = 0
[pid 5040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 53.312427][ T5039]
[pid 5040] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5040] close(3) = 0
[pid 5040] mkdir("./bus", 0777) = 0
[pid 5040] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5040] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5040] chdir("./bus") = 0
[pid 5040] ioctl(4, LOOP_CLR_FD) = 0
[pid 5040] close(4) = 0
[pid 5040] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5040] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5040] write(5, "9", 1) = 1
[pid 5040] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5040] exit_group(0) = ?
[pid 5040] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5040, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
[ 53.353604][ T5040] loop0: detected capacity change from 0 to 64
[ 53.362982][ T5040] hfs: unable to locate alternate MDB
[ 53.368757][ T5040] hfs: continuing without an alternate MDB
umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/bus") = 0
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./39/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5041
./strace-static-x86_64: Process 5041 attached
[pid 5041] chdir("./40") = 0
[pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5041] setpgid(0, 0) = 0
[pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5041] write(3, "1000", 4) = 4
[pid 5041] close(3) = 0
[pid 5041] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5041] memfd_create("syzkaller", 0) = 3
[pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5041] munmap(0x7f01b36ea000, 32768) = 0
[pid 5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5041] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5041] close(3) = 0
[pid 5041] mkdir("./bus", 0777) = 0
[pid 5041] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5041] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5041] chdir("./bus") = 0
[pid 5041] ioctl(4, LOOP_CLR_FD) = 0
[pid 5041] close(4) = 0
[pid 5041] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5041] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5041] write(5, "9", 1) = 1
[pid 5041] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5041] exit_group(0) = ?
[pid 5041] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/bus") = 0
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./40/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5042
./strace-static-x86_64: Process 5042 attached
[pid 5042] chdir("./41") = 0
[pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 53.445840][ T5041] loop0: detected capacity change from 0 to 64
[ 53.455701][ T5041] hfs: unable to locate alternate MDB
[ 53.461341][ T5041] hfs: continuing without an alternate MDB
[pid 5042] setpgid(0, 0) = 0
[pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5042] write(3, "1000", 4) = 4
[pid 5042] close(3) = 0
[pid 5042] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5042] memfd_create("syzkaller", 0) = 3
[pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5042] munmap(0x7f01b36ea000, 32768) = 0
[pid 5042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5042] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5042] close(3) = 0
[pid 5042] mkdir("./bus", 0777) = 0
[pid 5042] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5042] chdir("./bus") = 0
[pid 5042] ioctl(4, LOOP_CLR_FD) = 0
[pid 5042] close(4) = 0
[pid 5042] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5042] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5042] write(5, "9", 1) = 1
[pid 5042] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5042] exit_group(0) = ?
[pid 5042] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
[ 53.517758][ T5042] loop0: detected capacity change from 0 to 64
[ 53.527711][ T5042] hfs: unable to locate alternate MDB
[ 53.533096][ T5042] hfs: continuing without an alternate MDB
umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/bus") = 0
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./41/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5043
./strace-static-x86_64: Process 5043 attached
[pid 5043] chdir("./42") = 0
[pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5043] setpgid(0, 0) = 0
[pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5043] write(3, "1000", 4) = 4
[pid 5043] close(3) = 0
[pid 5043] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5043] memfd_create("syzkaller", 0) = 3
[pid 5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5043] munmap(0x7f01b36ea000, 32768) = 0
[pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5043] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5043] close(3) = 0
[pid 5043] mkdir("./bus", 0777) = 0
[pid 5043] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5043] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5043] chdir("./bus") = 0
[pid 5043] ioctl(4, LOOP_CLR_FD) = 0
[pid 5043] close(4) = 0
[pid 5043] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5043] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5043] write(5, "9", 1) = 1
[ 53.626000][ T5043] loop0: detected capacity change from 0 to 64
[ 53.635062][ T5043] hfs: unable to locate alternate MDB
[ 53.641208][ T5043] hfs: continuing without an alternate MDB
[ 53.672230][ T5043] FAULT_INJECTION: forcing a failure.
[ 53.672230][ T5043] name failslab, interval 1, probability 0, space 0, times 0
[ 53.684971][ T5043] CPU: 0 PID: 5043 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 53.695415][ T5043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 53.705508][ T5043] Call Trace:
[ 53.708797][ T5043]
[ 53.711722][ T5043] dump_stack_lvl+0x136/0x150
[ 53.716417][ T5043] should_fail_ex+0x4a3/0x5b0
[ 53.721115][ T5043] should_failslab+0x9/0x20
[ 53.725617][ T5043] __kmem_cache_alloc_node+0x5b/0x320
[ 53.731001][ T5043] ? hfs_find_init+0x95/0x240
[ 53.735686][ T5043] ? hfs_find_init+0x95/0x240
[ 53.740400][ T5043] __kmalloc+0x4e/0x190
[ 53.744695][ T5043] hfs_find_init+0x95/0x240
[ 53.749394][ T5043] hfs_ext_read_extent+0x18d/0xa20
[ 53.754633][ T5043] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 53.760303][ T5043] ? hfs_free_extents+0x2e0/0x2e0
[ 53.765374][ T5043] ? clean_bdev_aliases+0x4ff/0x600
[ 53.770577][ T5043] hfs_extend_file+0x4b5/0xae0
[ 53.775334][ T5043] ? spin_bug+0x1c0/0x1c0
[ 53.779682][ T5043] ? hfs_free_fork+0x920/0x920
[ 53.784474][ T5043] ? rcu_is_watching+0x12/0xb0
[ 53.789248][ T5043] ? __mark_inode_dirty+0x297/0xd60
[ 53.794460][ T5043] hfs_get_block+0x17f/0x820
[ 53.799067][ T5043] __block_write_begin_int+0x3bd/0x14b0
[ 53.804628][ T5043] ? hfs_extend_file+0xae0/0xae0
[ 53.809672][ T5043] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 53.815241][ T5043] ? folio_flags.constprop.0+0x53/0x150
[ 53.820796][ T5043] ? hfs_extend_file+0xae0/0xae0
[ 53.825756][ T5043] block_write_begin+0xb9/0x4d0
[ 53.830630][ T5043] cont_write_begin+0x534/0x740
[ 53.835481][ T5043] ? hfs_extend_file+0xae0/0xae0
[ 53.840417][ T5043] ? block_write_begin+0x4d0/0x4d0
[ 53.845523][ T5043] ? fault_in_readable+0x129/0x210
[ 53.850673][ T5043] ? fault_in_subpage_writeable+0x20/0x20
[ 53.856420][ T5043] hfs_write_begin+0x87/0x150
[ 53.861091][ T5043] ? hfs_extend_file+0xae0/0xae0
[ 53.866026][ T5043] generic_perform_write+0x256/0x570
[ 53.871319][ T5043] ? generic_file_readonly_mmap+0x180/0x180
[ 53.877235][ T5043] ? new_inode+0x280/0x280
[ 53.881663][ T5043] ? generic_write_checks+0x2c0/0x400
[ 53.887118][ T5043] __generic_file_write_iter+0x2ae/0x500
[ 53.892782][ T5043] generic_file_write_iter+0xe3/0x350
[ 53.898168][ T5043] vfs_write+0x945/0xd50
[ 53.902411][ T5043] ? kernel_write+0x670/0x670
[ 53.907081][ T5043] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 53.912533][ T5043] ? find_held_lock+0x2d/0x110
[ 53.917296][ T5043] ? lock_downgrade+0x690/0x690
[ 53.922145][ T5043] ? __fget_light+0x20a/0x270
[ 53.926825][ T5043] ksys_write+0x12b/0x250
[ 53.931147][ T5043] ? __ia32_sys_read+0xb0/0xb0
[ 53.935903][ T5043] ? lockdep_hardirqs_on+0x7d/0x100
[ 53.941109][ T5043] ? _raw_spin_unlock_irq+0x2e/0x50
[ 53.946305][ T5043] ? ptrace_notify+0xfe/0x140
[ 53.950982][ T5043] do_syscall_64+0x39/0xb0
[ 53.955400][ T5043] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.961362][ T5043] RIP: 0033:0x7f01bbb379f9
[ 53.965811][ T5043] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.985427][ T5043] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 53.993846][ T5043] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 54.001815][ T5043] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 54.009778][ T5043] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[pid 5043] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5043] exit_group(0) = ?
[pid 5043] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5043, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/bus") = 0
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./42/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5044
./strace-static-x86_64: Process 5044 attached
[pid 5044] chdir("./43") = 0
[pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5044] setpgid(0, 0) = 0
[pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5044] write(3, "1000", 4) = 4
[pid 5044] close(3) = 0
[pid 5044] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5044] memfd_create("syzkaller", 0) = 3
[pid 5044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5044] munmap(0x7f01b36ea000, 32768) = 0
[pid 5044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 54.017758][ T5043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 54.025729][ T5043] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 000000000000002a
[ 54.033733][ T5043]
[pid 5044] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5044] close(3) = 0
[pid 5044] mkdir("./bus", 0777) = 0
[pid 5044] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5044] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5044] chdir("./bus") = 0
[pid 5044] ioctl(4, LOOP_CLR_FD) = 0
[pid 5044] close(4) = 0
[pid 5044] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5044] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5044] write(5, "9", 1) = 1
[ 54.070201][ T5044] loop0: detected capacity change from 0 to 64
[ 54.079439][ T5044] hfs: unable to locate alternate MDB
[ 54.084813][ T5044] hfs: continuing without an alternate MDB
[ 54.101919][ T5044] FAULT_INJECTION: forcing a failure.
[ 54.101919][ T5044] name failslab, interval 1, probability 0, space 0, times 0
[ 54.115059][ T5044] CPU: 0 PID: 5044 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 54.125477][ T5044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 54.135519][ T5044] Call Trace:
[ 54.138795][ T5044]
[ 54.141724][ T5044] dump_stack_lvl+0x136/0x150
[ 54.146399][ T5044] should_fail_ex+0x4a3/0x5b0
[ 54.151103][ T5044] should_failslab+0x9/0x20
[ 54.155597][ T5044] __kmem_cache_alloc_node+0x5b/0x320
[ 54.160975][ T5044] ? hfs_find_init+0x95/0x240
[ 54.165638][ T5044] ? hfs_find_init+0x95/0x240
[ 54.170344][ T5044] __kmalloc+0x4e/0x190
[ 54.174495][ T5044] hfs_find_init+0x95/0x240
[ 54.178980][ T5044] hfs_ext_read_extent+0x18d/0xa20
[ 54.184085][ T5044] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 54.189623][ T5044] ? rcu_is_watching+0x12/0xb0
[ 54.194401][ T5044] ? hfs_free_extents+0x2e0/0x2e0
[ 54.199448][ T5044] ? clean_bdev_aliases+0x4ff/0x600
[ 54.204675][ T5044] ? find_held_lock+0x2d/0x110
[ 54.209456][ T5044] hfs_extend_file+0x4b5/0xae0
[ 54.214248][ T5044] ? spin_bug+0x1c0/0x1c0
[ 54.218599][ T5044] ? hfs_free_fork+0x920/0x920
[ 54.223550][ T5044] ? rcu_is_watching+0x12/0xb0
[ 54.228512][ T5044] ? __mark_inode_dirty+0x297/0xd60
[ 54.233862][ T5044] hfs_get_block+0x17f/0x820
[ 54.238544][ T5044] __block_write_begin_int+0x3bd/0x14b0
[ 54.244126][ T5044] ? hfs_extend_file+0xae0/0xae0
[ 54.249105][ T5044] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 54.254676][ T5044] ? folio_flags.constprop.0+0x53/0x150
[ 54.260229][ T5044] ? hfs_extend_file+0xae0/0xae0
[ 54.265166][ T5044] block_write_begin+0xb9/0x4d0
[ 54.270113][ T5044] cont_write_begin+0x534/0x740
[ 54.275083][ T5044] ? hfs_extend_file+0xae0/0xae0
[ 54.280058][ T5044] ? block_write_begin+0x4d0/0x4d0
[ 54.285162][ T5044] ? fault_in_readable+0x129/0x210
[ 54.290271][ T5044] ? fault_in_subpage_writeable+0x20/0x20
[ 54.296056][ T5044] hfs_write_begin+0x87/0x150
[ 54.300830][ T5044] ? hfs_extend_file+0xae0/0xae0
[ 54.305814][ T5044] generic_perform_write+0x256/0x570
[ 54.311112][ T5044] ? generic_file_readonly_mmap+0x180/0x180
[ 54.316999][ T5044] ? new_inode+0x280/0x280
[ 54.321429][ T5044] ? generic_write_checks+0x2c0/0x400
[ 54.326806][ T5044] __generic_file_write_iter+0x2ae/0x500
[ 54.332457][ T5044] generic_file_write_iter+0xe3/0x350
[ 54.337860][ T5044] vfs_write+0x945/0xd50
[ 54.342103][ T5044] ? kernel_write+0x670/0x670
[ 54.346778][ T5044] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 54.352259][ T5044] ? find_held_lock+0x2d/0x110
[ 54.357038][ T5044] ? lock_downgrade+0x690/0x690
[ 54.361901][ T5044] ? __fget_light+0x20a/0x270
[ 54.366585][ T5044] ksys_write+0x12b/0x250
[ 54.370918][ T5044] ? __ia32_sys_read+0xb0/0xb0
[ 54.375683][ T5044] ? lockdep_hardirqs_on+0x7d/0x100
[ 54.380898][ T5044] ? _raw_spin_unlock_irq+0x2e/0x50
[ 54.386177][ T5044] ? ptrace_notify+0xfe/0x140
[ 54.391015][ T5044] do_syscall_64+0x39/0xb0
[ 54.395619][ T5044] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.401631][ T5044] RIP: 0033:0x7f01bbb379f9
[ 54.406070][ T5044] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.425762][ T5044] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 54.434249][ T5044] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 54.442224][ T5044] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 54.450302][ T5044] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 54.458342][ T5044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5044] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5044] exit_group(0) = ?
[pid 5044] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5044, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/bus") = 0
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./43/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 54.466326][ T5044] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 000000000000002b
[ 54.474310][ T5044]
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5045
./strace-static-x86_64: Process 5045 attached
[pid 5045] chdir("./44") = 0
[pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5045] setpgid(0, 0) = 0
[pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5045] write(3, "1000", 4) = 4
[pid 5045] close(3) = 0
[pid 5045] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5045] memfd_create("syzkaller", 0) = 3
[pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5045] munmap(0x7f01b36ea000, 32768) = 0
[pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5045] close(3) = 0
[pid 5045] mkdir("./bus", 0777) = 0
[pid 5045] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5045] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5045] chdir("./bus") = 0
[pid 5045] ioctl(4, LOOP_CLR_FD) = 0
[pid 5045] close(4) = 0
[pid 5045] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5045] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5045] write(5, "9", 1) = 1
[ 54.536434][ T5045] loop0: detected capacity change from 0 to 64
[ 54.546129][ T5045] hfs: unable to locate alternate MDB
[ 54.551714][ T5045] hfs: continuing without an alternate MDB
[ 54.572677][ T5045] FAULT_INJECTION: forcing a failure.
[ 54.572677][ T5045] name failslab, interval 1, probability 0, space 0, times 0
[ 54.585439][ T5045] CPU: 1 PID: 5045 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 54.595867][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 54.605912][ T5045] Call Trace:
[ 54.609228][ T5045]
[ 54.612196][ T5045] dump_stack_lvl+0x136/0x150
[ 54.616952][ T5045] should_fail_ex+0x4a3/0x5b0
[ 54.621716][ T5045] should_failslab+0x9/0x20
[ 54.626233][ T5045] __kmem_cache_alloc_node+0x5b/0x320
[ 54.631594][ T5045] ? hfs_find_init+0x95/0x240
[ 54.636254][ T5045] ? hfs_find_init+0x95/0x240
[ 54.640933][ T5045] __kmalloc+0x4e/0x190
[ 54.645097][ T5045] hfs_find_init+0x95/0x240
[ 54.649602][ T5045] hfs_ext_read_extent+0x18d/0xa20
[ 54.654711][ T5045] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 54.660259][ T5045] ? hfs_free_extents+0x2e0/0x2e0
[ 54.665319][ T5045] ? clean_bdev_aliases+0x4ff/0x600
[ 54.670592][ T5045] hfs_extend_file+0x4b5/0xae0
[ 54.675371][ T5045] ? spin_bug+0x1c0/0x1c0
[ 54.679729][ T5045] ? hfs_free_fork+0x920/0x920
[ 54.684488][ T5045] ? rcu_is_watching+0x12/0xb0
[ 54.689253][ T5045] ? __mark_inode_dirty+0x297/0xd60
[ 54.694450][ T5045] hfs_get_block+0x17f/0x820
[ 54.699040][ T5045] __block_write_begin_int+0x3bd/0x14b0
[ 54.704584][ T5045] ? hfs_extend_file+0xae0/0xae0
[ 54.709543][ T5045] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 54.715095][ T5045] ? folio_flags.constprop.0+0x53/0x150
[ 54.720645][ T5045] ? hfs_extend_file+0xae0/0xae0
[ 54.725582][ T5045] block_write_begin+0xb9/0x4d0
[ 54.730431][ T5045] cont_write_begin+0x534/0x740
[ 54.735293][ T5045] ? hfs_extend_file+0xae0/0xae0
[ 54.740277][ T5045] ? block_write_begin+0x4d0/0x4d0
[ 54.745400][ T5045] ? fault_in_readable+0x129/0x210
[ 54.750511][ T5045] ? fault_in_subpage_writeable+0x20/0x20
[ 54.756230][ T5045] hfs_write_begin+0x87/0x150
[ 54.760903][ T5045] ? hfs_extend_file+0xae0/0xae0
[ 54.765834][ T5045] generic_perform_write+0x256/0x570
[ 54.771121][ T5045] ? generic_file_readonly_mmap+0x180/0x180
[ 54.777008][ T5045] ? new_inode+0x280/0x280
[ 54.781420][ T5045] ? generic_write_checks+0x2c0/0x400
[ 54.786788][ T5045] __generic_file_write_iter+0x2ae/0x500
[ 54.792428][ T5045] generic_file_write_iter+0xe3/0x350
[ 54.797803][ T5045] vfs_write+0x945/0xd50
[ 54.802064][ T5045] ? kernel_write+0x670/0x670
[ 54.806731][ T5045] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 54.812184][ T5045] ? find_held_lock+0x2d/0x110
[ 54.818974][ T5045] ? lock_downgrade+0x690/0x690
[ 54.823856][ T5045] ? __fget_light+0x20a/0x270
[ 54.828564][ T5045] ksys_write+0x12b/0x250
[ 54.832893][ T5045] ? __ia32_sys_read+0xb0/0xb0
[ 54.837677][ T5045] ? lockdep_hardirqs_on+0x7d/0x100
[ 54.842871][ T5045] ? _raw_spin_unlock_irq+0x2e/0x50
[ 54.848070][ T5045] ? ptrace_notify+0xfe/0x140
[ 54.852747][ T5045] do_syscall_64+0x39/0xb0
[ 54.857184][ T5045] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.863107][ T5045] RIP: 0033:0x7f01bbb379f9
[ 54.867519][ T5045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.887133][ T5045] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 54.895543][ T5045] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 54.903516][ T5045] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 54.911483][ T5045] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 54.919460][ T5045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 54.927469][ T5045] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 000000000000002c
[ 54.935468][ T5045]
[pid 5045] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5045] exit_group(0) = ?
[pid 5045] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/bus") = 0
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./44/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5046
./strace-static-x86_64: Process 5046 attached
[pid 5046] chdir("./45") = 0
[pid 5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5046] setpgid(0, 0) = 0
[pid 5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5046] write(3, "1000", 4) = 4
[pid 5046] close(3) = 0
[pid 5046] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5046] memfd_create("syzkaller", 0) = 3
[pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5046] munmap(0x7f01b36ea000, 32768) = 0
[pid 5046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5046] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5046] close(3) = 0
[pid 5046] mkdir("./bus", 0777) = 0
[pid 5046] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5046] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5046] chdir("./bus") = 0
[pid 5046] ioctl(4, LOOP_CLR_FD) = 0
[pid 5046] close(4) = 0
[pid 5046] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5046] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5046] write(5, "9", 1) = 1
[ 54.994757][ T5046] loop0: detected capacity change from 0 to 64
[ 55.004202][ T5046] hfs: unable to locate alternate MDB
[ 55.010034][ T5046] hfs: continuing without an alternate MDB
[ 55.031711][ T5046] FAULT_INJECTION: forcing a failure.
[ 55.031711][ T5046] name failslab, interval 1, probability 0, space 0, times 0
[ 55.045132][ T5046] CPU: 0 PID: 5046 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 55.055707][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 55.065787][ T5046] Call Trace:
[ 55.069063][ T5046]
[ 55.071998][ T5046] dump_stack_lvl+0x136/0x150
[ 55.076685][ T5046] should_fail_ex+0x4a3/0x5b0
[ 55.081357][ T5046] should_failslab+0x9/0x20
[ 55.085853][ T5046] __kmem_cache_alloc_node+0x5b/0x320
[ 55.091220][ T5046] ? hfs_find_init+0x95/0x240
[ 55.095889][ T5046] ? hfs_find_init+0x95/0x240
[ 55.100567][ T5046] __kmalloc+0x4e/0x190
[ 55.104730][ T5046] hfs_find_init+0x95/0x240
[ 55.109220][ T5046] hfs_ext_read_extent+0x18d/0xa20
[ 55.114318][ T5046] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 55.119865][ T5046] ? hfs_free_extents+0x2e0/0x2e0
[ 55.124897][ T5046] ? clean_bdev_aliases+0x4ff/0x600
[ 55.130087][ T5046] hfs_extend_file+0x4b5/0xae0
[ 55.134840][ T5046] ? spin_bug+0x1c0/0x1c0
[ 55.139159][ T5046] ? hfs_free_fork+0x920/0x920
[ 55.143913][ T5046] ? rcu_is_watching+0x12/0xb0
[ 55.148668][ T5046] ? __mark_inode_dirty+0x297/0xd60
[ 55.153856][ T5046] hfs_get_block+0x17f/0x820
[ 55.158440][ T5046] __block_write_begin_int+0x3bd/0x14b0
[ 55.163987][ T5046] ? hfs_extend_file+0xae0/0xae0
[ 55.168937][ T5046] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 55.174475][ T5046] ? folio_flags.constprop.0+0x53/0x150
[ 55.180013][ T5046] ? hfs_extend_file+0xae0/0xae0
[ 55.184939][ T5046] block_write_begin+0xb9/0x4d0
[ 55.189791][ T5046] cont_write_begin+0x534/0x740
[ 55.194656][ T5046] ? hfs_extend_file+0xae0/0xae0
[ 55.199580][ T5046] ? block_write_begin+0x4d0/0x4d0
[ 55.204677][ T5046] ? fault_in_readable+0x129/0x210
[ 55.209779][ T5046] ? fault_in_subpage_writeable+0x20/0x20
[ 55.215489][ T5046] hfs_write_begin+0x87/0x150
[ 55.220167][ T5046] ? hfs_extend_file+0xae0/0xae0
[ 55.225089][ T5046] generic_perform_write+0x256/0x570
[ 55.230401][ T5046] ? generic_file_readonly_mmap+0x180/0x180
[ 55.236297][ T5046] ? new_inode+0x280/0x280
[ 55.240707][ T5046] ? generic_write_checks+0x2c0/0x400
[ 55.246088][ T5046] __generic_file_write_iter+0x2ae/0x500
[ 55.251712][ T5046] generic_file_write_iter+0xe3/0x350
[ 55.257083][ T5046] vfs_write+0x945/0xd50
[ 55.261332][ T5046] ? kernel_write+0x670/0x670
[ 55.265997][ T5046] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 55.271460][ T5046] ? find_held_lock+0x2d/0x110
[ 55.276230][ T5046] ? lock_downgrade+0x690/0x690
[ 55.281089][ T5046] ? __fget_light+0x20a/0x270
[ 55.285763][ T5046] ksys_write+0x12b/0x250
[ 55.290092][ T5046] ? __ia32_sys_read+0xb0/0xb0
[ 55.295047][ T5046] ? lockdep_hardirqs_on+0x7d/0x100
[ 55.300250][ T5046] ? _raw_spin_unlock_irq+0x2e/0x50
[ 55.305444][ T5046] ? ptrace_notify+0xfe/0x140
[ 55.310172][ T5046] do_syscall_64+0x39/0xb0
[ 55.314648][ T5046] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.320572][ T5046] RIP: 0033:0x7f01bbb379f9
[ 55.324987][ T5046] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5046] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5046] exit_group(0) = ?
[pid 5046] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5046, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/bus") = 0
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./45/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
[ 55.344599][ T5046] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 55.353018][ T5046] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 55.361012][ T5046] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 55.369001][ T5046] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 55.377153][ T5046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 55.385206][ T5046] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 000000000000002d
[ 55.393196][ T5046]
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5047 attached
, child_tidptr=0x5555564865d0) = 5047
[pid 5047] chdir("./46") = 0
[pid 5047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5047] setpgid(0, 0) = 0
[pid 5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5047] write(3, "1000", 4) = 4
[pid 5047] close(3) = 0
[pid 5047] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5047] memfd_create("syzkaller", 0) = 3
[pid 5047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5047] munmap(0x7f01b36ea000, 32768) = 0
[pid 5047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5047] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5047] close(3) = 0
[pid 5047] mkdir("./bus", 0777) = 0
[pid 5047] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5047] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5047] chdir("./bus") = 0
[pid 5047] ioctl(4, LOOP_CLR_FD) = 0
[pid 5047] close(4) = 0
[pid 5047] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5047] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5047] write(5, "9", 1) = 1
[pid 5047] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5047] exit_group(0) = ?
[pid 5047] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5047, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
[ 55.446228][ T5047] loop0: detected capacity change from 0 to 64
[ 55.455720][ T5047] hfs: unable to locate alternate MDB
[ 55.461229][ T5047] hfs: continuing without an alternate MDB
umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/bus") = 0
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./46/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5048
./strace-static-x86_64: Process 5048 attached
[pid 5048] chdir("./47") = 0
[pid 5048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5048] setpgid(0, 0) = 0
[pid 5048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5048] write(3, "1000", 4) = 4
[pid 5048] close(3) = 0
[pid 5048] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5048] memfd_create("syzkaller", 0) = 3
[pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5048] munmap(0x7f01b36ea000, 32768) = 0
[pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5048] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5048] close(3) = 0
[pid 5048] mkdir("./bus", 0777) = 0
[pid 5048] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5048] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5048] chdir("./bus") = 0
[pid 5048] ioctl(4, LOOP_CLR_FD) = 0
[pid 5048] close(4) = 0
[pid 5048] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5048] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5048] write(5, "9", 1) = 1
[ 55.542113][ T5048] loop0: detected capacity change from 0 to 64
[ 55.553399][ T5048] hfs: unable to locate alternate MDB
[ 55.558946][ T5048] hfs: continuing without an alternate MDB
[ 55.577546][ T5048] FAULT_INJECTION: forcing a failure.
[ 55.577546][ T5048] name failslab, interval 1, probability 0, space 0, times 0
[ 55.590367][ T5048] CPU: 0 PID: 5048 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 55.600801][ T5048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 55.610883][ T5048] Call Trace:
[ 55.614159][ T5048]
[ 55.617081][ T5048] dump_stack_lvl+0x136/0x150
[ 55.621757][ T5048] should_fail_ex+0x4a3/0x5b0
[ 55.626439][ T5048] should_failslab+0x9/0x20
[ 55.630938][ T5048] __kmem_cache_alloc_node+0x5b/0x320
[ 55.636323][ T5048] ? hfs_find_init+0x95/0x240
[ 55.640998][ T5048] ? hfs_find_init+0x95/0x240
[ 55.645662][ T5048] __kmalloc+0x4e/0x190
[ 55.649808][ T5048] hfs_find_init+0x95/0x240
[ 55.654301][ T5048] hfs_ext_read_extent+0x18d/0xa20
[ 55.659413][ T5048] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 55.664956][ T5048] ? hfs_free_extents+0x2e0/0x2e0
[ 55.669981][ T5048] ? clean_bdev_aliases+0x4ff/0x600
[ 55.675187][ T5048] hfs_extend_file+0x4b5/0xae0
[ 55.679946][ T5048] ? spin_bug+0x1c0/0x1c0
[ 55.684276][ T5048] ? hfs_free_fork+0x920/0x920
[ 55.689035][ T5048] ? rcu_is_watching+0x12/0xb0
[ 55.693798][ T5048] ? __mark_inode_dirty+0x297/0xd60
[ 55.699003][ T5048] hfs_get_block+0x17f/0x820
[ 55.703597][ T5048] __block_write_begin_int+0x3bd/0x14b0
[ 55.709137][ T5048] ? hfs_extend_file+0xae0/0xae0
[ 55.714072][ T5048] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 55.719608][ T5048] ? folio_flags.constprop.0+0x53/0x150
[ 55.725156][ T5048] ? hfs_extend_file+0xae0/0xae0
[ 55.730126][ T5048] block_write_begin+0xb9/0x4d0
[ 55.734972][ T5048] cont_write_begin+0x534/0x740
[ 55.739825][ T5048] ? hfs_extend_file+0xae0/0xae0
[ 55.744755][ T5048] ? block_write_begin+0x4d0/0x4d0
[ 55.749855][ T5048] ? fault_in_readable+0x129/0x210
[ 55.754965][ T5048] ? fault_in_subpage_writeable+0x20/0x20
[ 55.760685][ T5048] hfs_write_begin+0x87/0x150
[ 55.765353][ T5048] ? hfs_extend_file+0xae0/0xae0
[ 55.770288][ T5048] generic_perform_write+0x256/0x570
[ 55.775575][ T5048] ? generic_file_readonly_mmap+0x180/0x180
[ 55.781467][ T5048] ? new_inode+0x280/0x280
[ 55.785878][ T5048] ? generic_write_checks+0x2c0/0x400
[ 55.791252][ T5048] __generic_file_write_iter+0x2ae/0x500
[ 55.796899][ T5048] generic_file_write_iter+0xe3/0x350
[ 55.802275][ T5048] vfs_write+0x945/0xd50
[ 55.806508][ T5048] ? kernel_write+0x670/0x670
[ 55.811180][ T5048] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 55.816636][ T5048] ? find_held_lock+0x2d/0x110
[ 55.821401][ T5048] ? lock_downgrade+0x690/0x690
[ 55.826249][ T5048] ? __fget_light+0x20a/0x270
[ 55.830934][ T5048] ksys_write+0x12b/0x250
[ 55.835280][ T5048] ? __ia32_sys_read+0xb0/0xb0
[ 55.840034][ T5048] ? lockdep_hardirqs_on+0x7d/0x100
[ 55.845234][ T5048] ? _raw_spin_unlock_irq+0x2e/0x50
[ 55.850431][ T5048] ? ptrace_notify+0xfe/0x140
[ 55.855103][ T5048] do_syscall_64+0x39/0xb0
[ 55.859528][ T5048] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.865423][ T5048] RIP: 0033:0x7f01bbb379f9
[ 55.869837][ T5048] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5048] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5048] exit_group(0) = ?
[pid 5048] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5048, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/bus") = 0
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./47/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 55.889451][ T5048] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 55.897862][ T5048] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 55.905821][ T5048] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 55.913795][ T5048] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 55.921761][ T5048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 55.929724][ T5048] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 000000000000002f
[ 55.937698][ T5048]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5049
./strace-static-x86_64: Process 5049 attached
[pid 5049] chdir("./48") = 0
[pid 5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5049] setpgid(0, 0) = 0
[pid 5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5049] write(3, "1000", 4) = 4
[pid 5049] close(3) = 0
[pid 5049] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5049] memfd_create("syzkaller", 0) = 3
[pid 5049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5049] munmap(0x7f01b36ea000, 32768) = 0
[pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5049] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5049] close(3) = 0
[pid 5049] mkdir("./bus", 0777) = 0
[pid 5049] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5049] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5049] chdir("./bus") = 0
[pid 5049] ioctl(4, LOOP_CLR_FD) = 0
[pid 5049] close(4) = 0
[pid 5049] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5049] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5049] write(5, "9", 1) = 1
[ 55.988113][ T5049] loop0: detected capacity change from 0 to 64
[ 55.998351][ T5049] hfs: unable to locate alternate MDB
[ 56.003775][ T5049] hfs: continuing without an alternate MDB
[ 56.026329][ T5049] FAULT_INJECTION: forcing a failure.
[ 56.026329][ T5049] name failslab, interval 1, probability 0, space 0, times 0
[ 56.039081][ T5049] CPU: 0 PID: 5049 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 56.049514][ T5049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 56.059572][ T5049] Call Trace:
[ 56.062876][ T5049]
[ 56.065830][ T5049] dump_stack_lvl+0x136/0x150
[ 56.070535][ T5049] should_fail_ex+0x4a3/0x5b0
[ 56.075206][ T5049] should_failslab+0x9/0x20
[ 56.079694][ T5049] __kmem_cache_alloc_node+0x5b/0x320
[ 56.085091][ T5049] ? hfs_find_init+0x95/0x240
[ 56.089768][ T5049] ? hfs_find_init+0x95/0x240
[ 56.094444][ T5049] __kmalloc+0x4e/0x190
[ 56.098602][ T5049] hfs_find_init+0x95/0x240
[ 56.103112][ T5049] hfs_ext_read_extent+0x18d/0xa20
[ 56.108210][ T5049] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 56.113744][ T5049] ? hfs_free_extents+0x2e0/0x2e0
[ 56.118762][ T5049] ? clean_bdev_aliases+0x4ff/0x600
[ 56.123954][ T5049] hfs_extend_file+0x4b5/0xae0
[ 56.128708][ T5049] ? spin_bug+0x1c0/0x1c0
[ 56.133036][ T5049] ? hfs_free_fork+0x920/0x920
[ 56.137805][ T5049] ? rcu_is_watching+0x12/0xb0
[ 56.142560][ T5049] ? __mark_inode_dirty+0x297/0xd60
[ 56.147755][ T5049] hfs_get_block+0x17f/0x820
[ 56.152350][ T5049] __block_write_begin_int+0x3bd/0x14b0
[ 56.157902][ T5049] ? hfs_extend_file+0xae0/0xae0
[ 56.162850][ T5049] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 56.168381][ T5049] ? folio_flags.constprop.0+0x53/0x150
[ 56.173933][ T5049] ? hfs_extend_file+0xae0/0xae0
[ 56.178891][ T5049] block_write_begin+0xb9/0x4d0
[ 56.183774][ T5049] cont_write_begin+0x534/0x740
[ 56.188646][ T5049] ? hfs_extend_file+0xae0/0xae0
[ 56.193656][ T5049] ? block_write_begin+0x4d0/0x4d0
[ 56.198909][ T5049] ? fault_in_readable+0x129/0x210
[ 56.204215][ T5049] ? fault_in_subpage_writeable+0x20/0x20
[ 56.209948][ T5049] hfs_write_begin+0x87/0x150
[ 56.214628][ T5049] ? hfs_extend_file+0xae0/0xae0
[ 56.219557][ T5049] generic_perform_write+0x256/0x570
[ 56.224925][ T5049] ? generic_file_readonly_mmap+0x180/0x180
[ 56.230935][ T5049] ? new_inode+0x280/0x280
[ 56.235349][ T5049] ? generic_write_checks+0x2c0/0x400
[ 56.240734][ T5049] __generic_file_write_iter+0x2ae/0x500
[ 56.246475][ T5049] generic_file_write_iter+0xe3/0x350
[ 56.252033][ T5049] vfs_write+0x945/0xd50
[ 56.256318][ T5049] ? kernel_write+0x670/0x670
[ 56.260996][ T5049] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 56.266484][ T5049] ? find_held_lock+0x2d/0x110
[ 56.271253][ T5049] ? lock_downgrade+0x690/0x690
[ 56.276106][ T5049] ? __fget_light+0x20a/0x270
[ 56.280789][ T5049] ksys_write+0x12b/0x250
[ 56.285138][ T5049] ? __ia32_sys_read+0xb0/0xb0
[ 56.290024][ T5049] ? lockdep_hardirqs_on+0x7d/0x100
[ 56.295486][ T5049] ? _raw_spin_unlock_irq+0x2e/0x50
[ 56.300864][ T5049] ? ptrace_notify+0xfe/0x140
[ 56.305669][ T5049] do_syscall_64+0x39/0xb0
[ 56.310101][ T5049] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.316018][ T5049] RIP: 0033:0x7f01bbb379f9
[ 56.320558][ T5049] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 56.340244][ T5049] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 56.348679][ T5049] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 56.356675][ T5049] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 56.364657][ T5049] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 56.372656][ T5049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 56.380653][ T5049] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000030
[pid 5049] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5049] exit_group(0) = ?
[pid 5049] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5049, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/bus") = 0
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./48/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 56.388643][ T5049]
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5050
./strace-static-x86_64: Process 5050 attached
[pid 5050] chdir("./49") = 0
[pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5050] setpgid(0, 0) = 0
[pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5050] write(3, "1000", 4) = 4
[pid 5050] close(3) = 0
[pid 5050] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5050] memfd_create("syzkaller", 0) = 3
[pid 5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5050] munmap(0x7f01b36ea000, 32768) = 0
[pid 5050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5050] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5050] close(3) = 0
[pid 5050] mkdir("./bus", 0777) = 0
[pid 5050] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5050] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5050] chdir("./bus") = 0
[pid 5050] ioctl(4, LOOP_CLR_FD) = 0
[pid 5050] close(4) = 0
[pid 5050] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5050] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5050] write(5, "9", 1) = 1
[ 56.452846][ T5050] loop0: detected capacity change from 0 to 64
[ 56.463119][ T5050] hfs: unable to locate alternate MDB
[ 56.468611][ T5050] hfs: continuing without an alternate MDB
[ 56.490176][ T5050] FAULT_INJECTION: forcing a failure.
[ 56.490176][ T5050] name failslab, interval 1, probability 0, space 0, times 0
[ 56.502856][ T5050] CPU: 0 PID: 5050 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 56.513297][ T5050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 56.523415][ T5050] Call Trace:
[ 56.526761][ T5050]
[ 56.529749][ T5050] dump_stack_lvl+0x136/0x150
[ 56.534529][ T5050] should_fail_ex+0x4a3/0x5b0
[ 56.539258][ T5050] should_failslab+0x9/0x20
[ 56.543755][ T5050] __kmem_cache_alloc_node+0x5b/0x320
[ 56.549133][ T5050] ? hfs_find_init+0x95/0x240
[ 56.553845][ T5050] ? hfs_find_init+0x95/0x240
[ 56.558511][ T5050] __kmalloc+0x4e/0x190
[ 56.562660][ T5050] hfs_find_init+0x95/0x240
[ 56.567160][ T5050] hfs_ext_read_extent+0x18d/0xa20
[ 56.572381][ T5050] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 56.578116][ T5050] ? hfs_free_extents+0x2e0/0x2e0
[ 56.583199][ T5050] ? clean_bdev_aliases+0x4ff/0x600
[ 56.588402][ T5050] hfs_extend_file+0x4b5/0xae0
[ 56.593166][ T5050] ? spin_bug+0x1c0/0x1c0
[ 56.597595][ T5050] ? hfs_free_fork+0x920/0x920
[ 56.602526][ T5050] ? rcu_is_watching+0x12/0xb0
[ 56.607396][ T5050] ? __mark_inode_dirty+0x297/0xd60
[ 56.612701][ T5050] hfs_get_block+0x17f/0x820
[ 56.617289][ T5050] __block_write_begin_int+0x3bd/0x14b0
[ 56.622839][ T5050] ? hfs_extend_file+0xae0/0xae0
[ 56.627781][ T5050] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 56.633321][ T5050] ? folio_flags.constprop.0+0x53/0x150
[ 56.638877][ T5050] ? hfs_extend_file+0xae0/0xae0
[ 56.643833][ T5050] block_write_begin+0xb9/0x4d0
[ 56.648705][ T5050] cont_write_begin+0x534/0x740
[ 56.653562][ T5050] ? hfs_extend_file+0xae0/0xae0
[ 56.658504][ T5050] ? block_write_begin+0x4d0/0x4d0
[ 56.663614][ T5050] ? fault_in_readable+0x129/0x210
[ 56.668734][ T5050] ? fault_in_subpage_writeable+0x20/0x20
[ 56.674485][ T5050] hfs_write_begin+0x87/0x150
[ 56.679161][ T5050] ? hfs_extend_file+0xae0/0xae0
[ 56.684135][ T5050] generic_perform_write+0x256/0x570
[ 56.689558][ T5050] ? generic_file_readonly_mmap+0x180/0x180
[ 56.695576][ T5050] ? new_inode+0x280/0x280
[ 56.700094][ T5050] ? generic_write_checks+0x2c0/0x400
[ 56.705516][ T5050] __generic_file_write_iter+0x2ae/0x500
[ 56.711155][ T5050] generic_file_write_iter+0xe3/0x350
[ 56.716524][ T5050] vfs_write+0x945/0xd50
[ 56.720756][ T5050] ? kernel_write+0x670/0x670
[ 56.725458][ T5050] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 56.730960][ T5050] ? find_held_lock+0x2d/0x110
[ 56.735727][ T5050] ? lock_downgrade+0x690/0x690
[ 56.740576][ T5050] ? __fget_light+0x20a/0x270
[ 56.745302][ T5050] ksys_write+0x12b/0x250
[ 56.749702][ T5050] ? __ia32_sys_read+0xb0/0xb0
[ 56.754529][ T5050] ? lockdep_hardirqs_on+0x7d/0x100
[ 56.759741][ T5050] ? _raw_spin_unlock_irq+0x2e/0x50
[ 56.764944][ T5050] ? ptrace_notify+0xfe/0x140
[ 56.769635][ T5050] do_syscall_64+0x39/0xb0
[ 56.774045][ T5050] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.779932][ T5050] RIP: 0033:0x7f01bbb379f9
[ 56.784335][ T5050] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 56.803986][ T5050] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 56.812432][ T5050] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 56.820426][ T5050] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 56.828462][ T5050] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 56.836473][ T5050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 56.844438][ T5050] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000031
[pid 5050] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5050] exit_group(0) = ?
[pid 5050] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/bus") = 0
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./49/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5051
./strace-static-x86_64: Process 5051 attached
[pid 5051] chdir("./50") = 0
[pid 5051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5051] setpgid(0, 0) = 0
[pid 5051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5051] write(3, "1000", 4) = 4
[pid 5051] close(3) = 0
[pid 5051] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5051] memfd_create("syzkaller", 0) = 3
[pid 5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5051] munmap(0x7f01b36ea000, 32768) = 0
[pid 5051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 56.852414][ T5050]
[pid 5051] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5051] close(3) = 0
[pid 5051] mkdir("./bus", 0777) = 0
[pid 5051] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5051] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5051] chdir("./bus") = 0
[pid 5051] ioctl(4, LOOP_CLR_FD) = 0
[pid 5051] close(4) = 0
[pid 5051] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5051] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5051] write(5, "9", 1) = 1
[ 56.881421][ T5051] loop0: detected capacity change from 0 to 64
[ 56.890476][ T5051] hfs: unable to locate alternate MDB
[ 56.897933][ T5051] hfs: continuing without an alternate MDB
[ 56.918359][ T5051] FAULT_INJECTION: forcing a failure.
[ 56.918359][ T5051] name failslab, interval 1, probability 0, space 0, times 0
[ 56.931119][ T5051] CPU: 1 PID: 5051 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 56.941545][ T5051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 56.951598][ T5051] Call Trace:
[ 56.954866][ T5051]
[ 56.957798][ T5051] dump_stack_lvl+0x136/0x150
[ 56.962507][ T5051] should_fail_ex+0x4a3/0x5b0
[ 56.967226][ T5051] should_failslab+0x9/0x20
[ 56.971740][ T5051] __kmem_cache_alloc_node+0x5b/0x320
[ 56.977223][ T5051] ? hfs_find_init+0x95/0x240
[ 56.982023][ T5051] ? hfs_find_init+0x95/0x240
[ 56.986834][ T5051] __kmalloc+0x4e/0x190
[ 56.991079][ T5051] hfs_find_init+0x95/0x240
[ 56.995580][ T5051] hfs_ext_read_extent+0x18d/0xa20
[ 57.000695][ T5051] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 57.006254][ T5051] ? hfs_free_extents+0x2e0/0x2e0
[ 57.011293][ T5051] ? clean_bdev_aliases+0x4ff/0x600
[ 57.016534][ T5051] hfs_extend_file+0x4b5/0xae0
[ 57.021311][ T5051] ? spin_bug+0x1c0/0x1c0
[ 57.025729][ T5051] ? hfs_free_fork+0x920/0x920
[ 57.030630][ T5051] ? rcu_is_watching+0x12/0xb0
[ 57.035584][ T5051] ? __mark_inode_dirty+0x297/0xd60
[ 57.040825][ T5051] hfs_get_block+0x17f/0x820
[ 57.045435][ T5051] __block_write_begin_int+0x3bd/0x14b0
[ 57.051017][ T5051] ? hfs_extend_file+0xae0/0xae0
[ 57.056051][ T5051] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 57.061734][ T5051] ? folio_flags.constprop.0+0x53/0x150
[ 57.067469][ T5051] ? hfs_extend_file+0xae0/0xae0
[ 57.072517][ T5051] block_write_begin+0xb9/0x4d0
[ 57.077365][ T5051] cont_write_begin+0x534/0x740
[ 57.082227][ T5051] ? hfs_extend_file+0xae0/0xae0
[ 57.087195][ T5051] ? block_write_begin+0x4d0/0x4d0
[ 57.092302][ T5051] ? fault_in_readable+0x129/0x210
[ 57.097412][ T5051] ? fault_in_subpage_writeable+0x20/0x20
[ 57.103236][ T5051] hfs_write_begin+0x87/0x150
[ 57.107943][ T5051] ? hfs_extend_file+0xae0/0xae0
[ 57.112895][ T5051] generic_perform_write+0x256/0x570
[ 57.118184][ T5051] ? generic_file_readonly_mmap+0x180/0x180
[ 57.124084][ T5051] ? new_inode+0x280/0x280
[ 57.128504][ T5051] ? generic_write_checks+0x2c0/0x400
[ 57.133881][ T5051] __generic_file_write_iter+0x2ae/0x500
[ 57.139530][ T5051] generic_file_write_iter+0xe3/0x350
[ 57.144917][ T5051] vfs_write+0x945/0xd50
[ 57.149155][ T5051] ? kernel_write+0x670/0x670
[ 57.153822][ T5051] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 57.159363][ T5051] ? find_held_lock+0x2d/0x110
[ 57.164267][ T5051] ? lock_downgrade+0x690/0x690
[ 57.169243][ T5051] ? __fget_light+0x20a/0x270
[ 57.174128][ T5051] ksys_write+0x12b/0x250
[ 57.178611][ T5051] ? __ia32_sys_read+0xb0/0xb0
[ 57.183386][ T5051] ? lockdep_hardirqs_on+0x7d/0x100
[ 57.188582][ T5051] ? _raw_spin_unlock_irq+0x2e/0x50
[ 57.193804][ T5051] ? ptrace_notify+0xfe/0x140
[ 57.198524][ T5051] do_syscall_64+0x39/0xb0
[ 57.203035][ T5051] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.208988][ T5051] RIP: 0033:0x7f01bbb379f9
[ 57.213405][ T5051] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.233023][ T5051] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 57.241458][ T5051] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 57.249433][ T5051] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 57.257413][ T5051] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 57.265475][ T5051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 57.273518][ T5051] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000032
[pid 5051] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5051] exit_group(0) = ?
[pid 5051] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5051, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./50/bus") = 0
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./50/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5052
./strace-static-x86_64: Process 5052 attached
[pid 5052] chdir("./51") = 0
[pid 5052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5052] setpgid(0, 0) = 0
[pid 5052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5052] write(3, "1000", 4) = 4
[pid 5052] close(3) = 0
[ 57.281527][ T5051]
[pid 5052] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5052] memfd_create("syzkaller", 0) = 3
[pid 5052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5052] munmap(0x7f01b36ea000, 32768) = 0
[pid 5052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5052] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5052] close(3) = 0
[pid 5052] mkdir("./bus", 0777) = 0
[pid 5052] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5052] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5052] chdir("./bus") = 0
[pid 5052] ioctl(4, LOOP_CLR_FD) = 0
[pid 5052] close(4) = 0
[pid 5052] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5052] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5052] write(5, "9", 1) = 1
[ 57.331237][ T5052] loop0: detected capacity change from 0 to 64
[ 57.340011][ T5052] hfs: unable to locate alternate MDB
[ 57.345474][ T5052] hfs: continuing without an alternate MDB
[ 57.367638][ T5052] FAULT_INJECTION: forcing a failure.
[ 57.367638][ T5052] name failslab, interval 1, probability 0, space 0, times 0
[ 57.380445][ T5052] CPU: 1 PID: 5052 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 57.390875][ T5052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 57.400965][ T5052] Call Trace:
[ 57.404260][ T5052]
[ 57.407202][ T5052] dump_stack_lvl+0x136/0x150
[ 57.411900][ T5052] should_fail_ex+0x4a3/0x5b0
[ 57.416594][ T5052] should_failslab+0x9/0x20
[ 57.421107][ T5052] __kmem_cache_alloc_node+0x5b/0x320
[ 57.426575][ T5052] ? hfs_find_init+0x95/0x240
[ 57.431317][ T5052] ? hfs_find_init+0x95/0x240
[ 57.435993][ T5052] __kmalloc+0x4e/0x190
[ 57.440150][ T5052] hfs_find_init+0x95/0x240
[ 57.444667][ T5052] hfs_ext_read_extent+0x18d/0xa20
[ 57.449813][ T5052] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 57.455398][ T5052] ? hfs_free_extents+0x2e0/0x2e0
[ 57.460425][ T5052] ? clean_bdev_aliases+0x4ff/0x600
[ 57.465628][ T5052] hfs_extend_file+0x4b5/0xae0
[ 57.470389][ T5052] ? spin_bug+0x1c0/0x1c0
[ 57.474720][ T5052] ? hfs_free_fork+0x920/0x920
[ 57.479478][ T5052] ? rcu_is_watching+0x12/0xb0
[ 57.484243][ T5052] ? __mark_inode_dirty+0x297/0xd60
[ 57.489448][ T5052] hfs_get_block+0x17f/0x820
[ 57.494065][ T5052] __block_write_begin_int+0x3bd/0x14b0
[ 57.499715][ T5052] ? hfs_extend_file+0xae0/0xae0
[ 57.504682][ T5052] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 57.510225][ T5052] ? folio_flags.constprop.0+0x53/0x150
[ 57.515778][ T5052] ? hfs_extend_file+0xae0/0xae0
[ 57.520742][ T5052] block_write_begin+0xb9/0x4d0
[ 57.525623][ T5052] cont_write_begin+0x534/0x740
[ 57.530488][ T5052] ? hfs_extend_file+0xae0/0xae0
[ 57.535440][ T5052] ? block_write_begin+0x4d0/0x4d0
[ 57.540546][ T5052] ? fault_in_readable+0x129/0x210
[ 57.545660][ T5052] ? fault_in_subpage_writeable+0x20/0x20
[ 57.551385][ T5052] hfs_write_begin+0x87/0x150
[ 57.556057][ T5052] ? hfs_extend_file+0xae0/0xae0
[ 57.560990][ T5052] generic_perform_write+0x256/0x570
[ 57.566274][ T5052] ? generic_file_readonly_mmap+0x180/0x180
[ 57.572170][ T5052] ? new_inode+0x280/0x280
[ 57.576588][ T5052] ? generic_write_checks+0x2c0/0x400
[ 57.581967][ T5052] __generic_file_write_iter+0x2ae/0x500
[ 57.587612][ T5052] generic_file_write_iter+0xe3/0x350
[ 57.592990][ T5052] vfs_write+0x945/0xd50
[ 57.597227][ T5052] ? kernel_write+0x670/0x670
[ 57.601896][ T5052] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 57.607348][ T5052] ? find_held_lock+0x2d/0x110
[ 57.612110][ T5052] ? lock_downgrade+0x690/0x690
[ 57.617008][ T5052] ? __fget_light+0x20a/0x270
[ 57.621753][ T5052] ksys_write+0x12b/0x250
[ 57.626106][ T5052] ? __ia32_sys_read+0xb0/0xb0
[ 57.630871][ T5052] ? lockdep_hardirqs_on+0x7d/0x100
[ 57.636069][ T5052] ? _raw_spin_unlock_irq+0x2e/0x50
[ 57.641275][ T5052] ? ptrace_notify+0xfe/0x140
[ 57.645954][ T5052] do_syscall_64+0x39/0xb0
[ 57.650380][ T5052] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.656283][ T5052] RIP: 0033:0x7f01bbb379f9
[ 57.660698][ T5052] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5052] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5052] exit_group(0) = ?
[pid 5052] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5052, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/bus") = 0
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./51/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
[ 57.680376][ T5052] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 57.688813][ T5052] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 57.696774][ T5052] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 57.704740][ T5052] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 57.712714][ T5052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 57.720682][ T5052] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000033
[ 57.728680][ T5052]
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5053
./strace-static-x86_64: Process 5053 attached
[pid 5053] chdir("./52") = 0
[pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5053] setpgid(0, 0) = 0
[pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5053] write(3, "1000", 4) = 4
[pid 5053] close(3) = 0
[pid 5053] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5053] memfd_create("syzkaller", 0) = 3
[pid 5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5053] munmap(0x7f01b36ea000, 32768) = 0
[pid 5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5053] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5053] close(3) = 0
[pid 5053] mkdir("./bus", 0777) = 0
[pid 5053] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5053] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5053] chdir("./bus") = 0
[pid 5053] ioctl(4, LOOP_CLR_FD) = 0
[pid 5053] close(4) = 0
[pid 5053] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5053] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5053] write(5, "9", 1) = 1
[ 57.782112][ T5053] loop0: detected capacity change from 0 to 64
[ 57.791445][ T5053] hfs: unable to locate alternate MDB
[ 57.796879][ T5053] hfs: continuing without an alternate MDB
[ 57.817692][ T5053] FAULT_INJECTION: forcing a failure.
[ 57.817692][ T5053] name failslab, interval 1, probability 0, space 0, times 0
[ 57.830435][ T5053] CPU: 0 PID: 5053 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 57.840934][ T5053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 57.851072][ T5053] Call Trace:
[ 57.854381][ T5053]
[ 57.857331][ T5053] dump_stack_lvl+0x136/0x150
[ 57.862011][ T5053] should_fail_ex+0x4a3/0x5b0
[ 57.866690][ T5053] should_failslab+0x9/0x20
[ 57.871184][ T5053] __kmem_cache_alloc_node+0x5b/0x320
[ 57.876557][ T5053] ? hfs_find_init+0x95/0x240
[ 57.881235][ T5053] ? hfs_find_init+0x95/0x240
[ 57.885903][ T5053] __kmalloc+0x4e/0x190
[ 57.890053][ T5053] hfs_find_init+0x95/0x240
[ 57.894579][ T5053] hfs_ext_read_extent+0x18d/0xa20
[ 57.899714][ T5053] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 57.905295][ T5053] ? rcu_is_watching+0x12/0xb0
[ 57.910059][ T5053] ? hfs_free_extents+0x2e0/0x2e0
[ 57.915082][ T5053] ? clean_bdev_aliases+0x4ff/0x600
[ 57.920282][ T5053] ? find_held_lock+0x2d/0x110
[ 57.925044][ T5053] hfs_extend_file+0x4b5/0xae0
[ 57.929801][ T5053] ? spin_bug+0x1c0/0x1c0
[ 57.934127][ T5053] ? hfs_free_fork+0x920/0x920
[ 57.938886][ T5053] ? rcu_is_watching+0x12/0xb0
[ 57.943664][ T5053] ? __mark_inode_dirty+0x297/0xd60
[ 57.948913][ T5053] hfs_get_block+0x17f/0x820
[ 57.953526][ T5053] __block_write_begin_int+0x3bd/0x14b0
[ 57.959068][ T5053] ? hfs_extend_file+0xae0/0xae0
[ 57.964004][ T5053] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 57.969559][ T5053] ? folio_flags.constprop.0+0x53/0x150
[ 57.975154][ T5053] ? hfs_extend_file+0xae0/0xae0
[ 57.980092][ T5053] block_write_begin+0xb9/0x4d0
[ 57.984939][ T5053] cont_write_begin+0x534/0x740
[ 57.989787][ T5053] ? hfs_extend_file+0xae0/0xae0
[ 57.994719][ T5053] ? block_write_begin+0x4d0/0x4d0
[ 57.999821][ T5053] ? fault_in_readable+0x129/0x210
[ 58.004927][ T5053] ? fault_in_subpage_writeable+0x20/0x20
[ 58.010648][ T5053] hfs_write_begin+0x87/0x150
[ 58.015318][ T5053] ? hfs_extend_file+0xae0/0xae0
[ 58.020247][ T5053] generic_perform_write+0x256/0x570
[ 58.026838][ T5053] ? generic_file_readonly_mmap+0x180/0x180
[ 58.032733][ T5053] ? new_inode+0x280/0x280
[ 58.037155][ T5053] ? generic_write_checks+0x2c0/0x400
[ 58.042530][ T5053] __generic_file_write_iter+0x2ae/0x500
[ 58.048169][ T5053] generic_file_write_iter+0xe3/0x350
[ 58.054844][ T5053] vfs_write+0x945/0xd50
[ 58.059079][ T5053] ? kernel_write+0x670/0x670
[ 58.063760][ T5053] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 58.069223][ T5053] ? find_held_lock+0x2d/0x110
[ 58.074007][ T5053] ? lock_downgrade+0x690/0x690
[ 58.078880][ T5053] ? __fget_light+0x20a/0x270
[ 58.083584][ T5053] ksys_write+0x12b/0x250
[ 58.087943][ T5053] ? __ia32_sys_read+0xb0/0xb0
[ 58.092703][ T5053] ? lockdep_hardirqs_on+0x7d/0x100
[ 58.097899][ T5053] ? _raw_spin_unlock_irq+0x2e/0x50
[ 58.103095][ T5053] ? ptrace_notify+0xfe/0x140
[ 58.107777][ T5053] do_syscall_64+0x39/0xb0
[ 58.112225][ T5053] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.118121][ T5053] RIP: 0033:0x7f01bbb379f9
[ 58.122532][ T5053] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.142147][ T5053] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 58.150552][ T5053] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 58.158516][ T5053] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 58.166475][ T5053] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 58.174452][ T5053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5053] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5053] exit_group(0) = ?
[pid 5053] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 58.182482][ T5053] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000034
[ 58.190484][ T5053]
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./52/bus") = 0
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./52/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5054
./strace-static-x86_64: Process 5054 attached
[pid 5054] chdir("./53") = 0
[pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5054] setpgid(0, 0) = 0
[pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5054] write(3, "1000", 4) = 4
[pid 5054] close(3) = 0
[pid 5054] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5054] memfd_create("syzkaller", 0) = 3
[pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5054] munmap(0x7f01b36ea000, 32768) = 0
[pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5054] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5054] close(3) = 0
[pid 5054] mkdir("./bus", 0777) = 0
[pid 5054] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5054] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5054] chdir("./bus") = 0
[pid 5054] ioctl(4, LOOP_CLR_FD) = 0
[pid 5054] close(4) = 0
[pid 5054] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5054] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5054] write(5, "9", 1) = 1
[pid 5054] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5054] exit_group(0) = ?
[pid 5054] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5054, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556487620 /* 4 entries */, 32768) = 104
umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555648f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555648f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./53/bus") = 0
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./53/binderfs") = 0
getdents64(3, 0x555556487620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 58.262972][ T5054] loop0: detected capacity change from 0 to 64
[ 58.271755][ T5054] hfs: unable to locate alternate MDB
[ 58.277488][ T5054] hfs: continuing without an alternate MDB
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564865d0) = 5055
./strace-static-x86_64: Process 5055 attached
[pid 5055] chdir("./54") = 0
[pid 5055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5055] setpgid(0, 0) = 0
[pid 5055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5055] write(3, "1000", 4) = 4
[pid 5055] close(3) = 0
[pid 5055] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5055] memfd_create("syzkaller", 0) = 3
[pid 5055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f01b36ea000
[pid 5055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5055] munmap(0x7f01b36ea000, 32768) = 0
[pid 5055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5055] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5055] close(3) = 0
[pid 5055] mkdir("./bus", 0777) = 0
[pid 5055] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5055] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5055] chdir("./bus") = 0
[pid 5055] ioctl(4, LOOP_CLR_FD) = 0
[pid 5055] close(4) = 0
[pid 5055] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5055] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5055] write(5, "9", 1) = 1
[ 58.341344][ T5055] loop0: detected capacity change from 0 to 64
[ 58.350940][ T5055] hfs: unable to locate alternate MDB
[ 58.356509][ T5055] hfs: continuing without an alternate MDB
[ 58.371752][ T5055] FAULT_INJECTION: forcing a failure.
[ 58.371752][ T5055] name failslab, interval 1, probability 0, space 0, times 0
[ 58.389576][ T5055] CPU: 1 PID: 5055 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 58.400054][ T5055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 58.410127][ T5055] Call Trace:
[ 58.413418][ T5055]
[ 58.416360][ T5055] dump_stack_lvl+0x136/0x150
[ 58.421054][ T5055] should_fail_ex+0x4a3/0x5b0
[ 58.425766][ T5055] should_failslab+0x9/0x20
[ 58.430343][ T5055] __kmem_cache_alloc_node+0x5b/0x320
[ 58.435838][ T5055] ? __hfs_bnode_create+0x107/0x820
[ 58.441043][ T5055] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 58.447045][ T5055] ? __hfs_bnode_create+0x107/0x820
[ 58.452322][ T5055] __kmalloc+0x4e/0x190
[ 58.456582][ T5055] __hfs_bnode_create+0x107/0x820
[ 58.461722][ T5055] ? memcpy_to_page+0x80/0x80
[ 58.466469][ T5055] ? lock_downgrade+0x690/0x690
[ 58.471315][ T5055] ? do_raw_spin_lock+0x124/0x2b0
[ 58.476342][ T5055] ? spin_bug+0x1c0/0x1c0
[ 58.480685][ T5055] ? lock_downgrade+0x690/0x690
[ 58.485556][ T5055] hfs_bnode_find+0x423/0xc60
[ 58.490228][ T5055] ? is_bpf_text_address+0x9d/0x1b0
[ 58.495427][ T5055] ? hfs_bnode_put.part.0+0x280/0x280
[ 58.500895][ T5055] ? __lock_acquire+0x1987/0x5f30
[ 58.505998][ T5055] ? hfs_bmap_reserve+0x2b9/0x380
[ 58.511054][ T5055] hfs_bmap_alloc+0x102/0x800
[ 58.515760][ T5055] ? hfs_bmap_reserve+0x380/0x380
[ 58.520787][ T5055] hfs_btree_inc_height.isra.0+0xe6/0x950
[ 58.526515][ T5055] ? hfs_bnode_split+0xda0/0xda0
[ 58.531570][ T5055] ? rcu_is_watching+0x12/0xb0
[ 58.536361][ T5055] ? trace_contention_end+0xd8/0x100
[ 58.541654][ T5055] hfs_brec_insert+0x983/0xbc0
[ 58.546518][ T5055] ? hfs_find_init+0x182/0x240
[ 58.551391][ T5055] ? hfs_brec_find+0x3c9/0x500
[ 58.556273][ T5055] ? hfs_brec_keylen+0x3a0/0x3a0
[ 58.561276][ T5055] ? __kmem_cache_alloc_node+0x1b0/0x320
[ 58.566919][ T5055] ? hfs_bmap_reserve+0x2b9/0x380
[ 58.571992][ T5055] __hfs_ext_write_extent+0x3ec/0x510
[ 58.577384][ T5055] hfs_ext_read_extent+0x81c/0xa20
[ 58.582502][ T5055] ? rcu_is_watching+0x12/0xb0
[ 58.587271][ T5055] ? hfs_free_extents+0x2e0/0x2e0
[ 58.592295][ T5055] ? clean_bdev_aliases+0x4ff/0x600
[ 58.597495][ T5055] ? find_held_lock+0x2d/0x110
[ 58.602284][ T5055] hfs_extend_file+0x4b5/0xae0
[ 58.607087][ T5055] ? spin_bug+0x1c0/0x1c0
[ 58.611424][ T5055] ? hfs_free_fork+0x920/0x920
[ 58.616196][ T5055] ? rcu_is_watching+0x12/0xb0
[ 58.620948][ T5055] ? __mark_inode_dirty+0x297/0xd60
[ 58.626144][ T5055] hfs_get_block+0x17f/0x820
[ 58.630726][ T5055] __block_write_begin_int+0x3bd/0x14b0
[ 58.636259][ T5055] ? hfs_extend_file+0xae0/0xae0
[ 58.641183][ T5055] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 58.646722][ T5055] ? folio_flags.constprop.0+0x53/0x150
[ 58.652304][ T5055] ? hfs_extend_file+0xae0/0xae0
[ 58.657235][ T5055] block_write_begin+0xb9/0x4d0
[ 58.662086][ T5055] cont_write_begin+0x534/0x740
[ 58.666951][ T5055] ? hfs_extend_file+0xae0/0xae0
[ 58.671888][ T5055] ? block_write_begin+0x4d0/0x4d0
[ 58.676997][ T5055] ? fault_in_readable+0x129/0x210
[ 58.682131][ T5055] ? fault_in_subpage_writeable+0x20/0x20
[ 58.687841][ T5055] hfs_write_begin+0x87/0x150
[ 58.692510][ T5055] ? hfs_extend_file+0xae0/0xae0
[ 58.697456][ T5055] generic_perform_write+0x256/0x570
[ 58.702751][ T5055] ? generic_file_readonly_mmap+0x180/0x180
[ 58.708660][ T5055] ? new_inode+0x280/0x280
[ 58.713065][ T5055] ? generic_write_checks+0x2c0/0x400
[ 58.718438][ T5055] __generic_file_write_iter+0x2ae/0x500
[ 58.724089][ T5055] generic_file_write_iter+0xe3/0x350
[ 58.729465][ T5055] vfs_write+0x945/0xd50
[ 58.733776][ T5055] ? kernel_write+0x670/0x670
[ 58.738459][ T5055] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 58.743932][ T5055] ? find_held_lock+0x2d/0x110
[ 58.748695][ T5055] ? lock_downgrade+0x690/0x690
[ 58.753544][ T5055] ? __fget_light+0x20a/0x270
[ 58.758241][ T5055] ksys_write+0x12b/0x250
[ 58.762597][ T5055] ? __ia32_sys_read+0xb0/0xb0
[ 58.767436][ T5055] ? lockdep_hardirqs_on+0x7d/0x100
[ 58.772681][ T5055] ? _raw_spin_unlock_irq+0x2e/0x50
[ 58.777924][ T5055] ? ptrace_notify+0xfe/0x140
[ 58.782608][ T5055] do_syscall_64+0x39/0xb0
[ 58.787047][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.792945][ T5055] RIP: 0033:0x7f01bbb379f9
[ 58.797415][ T5055] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.817177][ T5055] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 58.825757][ T5055] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 58.833774][ T5055] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 58.841747][ T5055] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 58.849719][ T5055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 58.857700][ T5055] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000036
[ 58.865731][ T5055]
[ 58.869160][ T5055] hfs: new node 0 already hashed?
[ 58.874464][ T5055] ------------[ cut here ]------------
[ 58.880042][ T5055] WARNING: CPU: 1 PID: 5055 at fs/hfs/bnode.c:422 hfs_bnode_create+0x14c/0x530
[ 58.889746][ T5055] Modules linked in:
[ 58.893882][ T5055] CPU: 1 PID: 5055 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 58.904451][ T5055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 58.914566][ T5055] RIP: 0010:hfs_bnode_create+0x14c/0x530
[ 58.920272][ T5055] Code: 89 ef 44 89 fe e8 14 45 32 ff 44 39 fd 75 9b e8 6a 49 32 ff 4c 89 f7 e8 92 2a c2 07 89 ee 48 c7 c7 e0 fe 66 8a e8 84 2d 16 ff <0f> 0b e8 4d 49 32 ff 4c 89 e0 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e
[ 58.939934][ T5055] RSP: 0018:ffffc90003c0f358 EFLAGS: 00010282
[ 58.946038][ T5055] RAX: 000000000000001f RBX: ffff888070dbc000 RCX: 0000000000000000
[ 58.954084][ T5055] RDX: 0000000000000000 RSI: ffffffff8168bd1c RDI: 0000000000000005
[ 58.962118][ T5055] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[ 58.970147][ T5055] R10: 0000000080000000 R11: 0000000000000001 R12: ffff8880177c3100
[ 58.978350][ T5055] R13: dffffc0000000000 R14: ffff888070dbc0e0 R15: 0000000000000000
[ 58.986470][ T5055] FS: 0000555556486300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 58.995665][ T5055] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 59.002388][ T5055] CR2: 0000000020008000 CR3: 000000002a234000 CR4: 0000000000350ee0
[ 59.010434][ T5055] Call Trace:
[ 59.013735][ T5055]
[ 59.016675][ T5055] ? __warn+0xe6/0x390
[ 59.020820][ T5055] ? hfs_bnode_create+0x14c/0x530
[ 59.025915][ T5055] ? report_bug+0x2da/0x500
[ 59.030817][ T5055] ? handle_bug+0x3c/0x70
[ 59.035232][ T5055] ? exc_invalid_op+0x18/0x50
[ 59.039975][ T5055] ? asm_exc_invalid_op+0x1a/0x20
[ 59.045032][ T5055] ? vprintk+0x8c/0xa0
[ 59.049391][ T5055] ? hfs_bnode_create+0x14c/0x530
[ 59.054616][ T5055] ? hfs_bnode_create+0x14c/0x530
[ 59.059955][ T5055] hfs_bmap_alloc+0x6f4/0x800
[ 59.064728][ T5055] ? hfs_bmap_reserve+0x380/0x380
[ 59.069805][ T5055] ? hfs_bnode_put.part.0+0x1e0/0x280
[ 59.075202][ T5055] ? lock_downgrade+0x690/0x690
[ 59.080125][ T5055] hfs_btree_inc_height.isra.0+0xe6/0x950
[ 59.085884][ T5055] ? hfs_bnode_split+0xda0/0xda0
[ 59.090912][ T5055] ? do_raw_spin_unlock+0x175/0x230
[ 59.096235][ T5055] ? _raw_spin_unlock+0x28/0x40
[ 59.101447][ T5055] ? hfs_bnode_put.part.0+0x1e0/0x280
[ 59.106936][ T5055] hfs_brec_insert+0x851/0xbc0
[ 59.111796][ T5055] ? hfs_brec_keylen+0x3a0/0x3a0
[ 59.116774][ T5055] ? __kmem_cache_alloc_node+0x1b0/0x320
[ 59.122726][ T5055] ? hfs_bmap_reserve+0x2b9/0x380
[ 59.128142][ T5055] __hfs_ext_write_extent+0x3ec/0x510
[ 59.133753][ T5055] hfs_ext_read_extent+0x81c/0xa20
[ 59.138975][ T5055] ? rcu_is_watching+0x12/0xb0
[ 59.143761][ T5055] ? hfs_free_extents+0x2e0/0x2e0
[ 59.148847][ T5055] ? clean_bdev_aliases+0x4ff/0x600
[ 59.154069][ T5055] ? find_held_lock+0x2d/0x110
[ 59.158905][ T5055] hfs_extend_file+0x4b5/0xae0
[ 59.163699][ T5055] ? spin_bug+0x1c0/0x1c0
[ 59.168080][ T5055] ? hfs_free_fork+0x920/0x920
[ 59.172878][ T5055] ? rcu_is_watching+0x12/0xb0
[ 59.177723][ T5055] ? __mark_inode_dirty+0x297/0xd60
[ 59.182963][ T5055] hfs_get_block+0x17f/0x820
[ 59.187615][ T5055] __block_write_begin_int+0x3bd/0x14b0
[ 59.193192][ T5055] ? hfs_extend_file+0xae0/0xae0
[ 59.198283][ T5055] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 59.203968][ T5055] ? folio_flags.constprop.0+0x53/0x150
[ 59.209579][ T5055] ? hfs_extend_file+0xae0/0xae0
[ 59.214540][ T5055] block_write_begin+0xb9/0x4d0
[ 59.219447][ T5055] cont_write_begin+0x534/0x740
[ 59.224330][ T5055] ? hfs_extend_file+0xae0/0xae0
[ 59.229464][ T5055] ? block_write_begin+0x4d0/0x4d0
[ 59.234773][ T5055] ? fault_in_readable+0x129/0x210
[ 59.240218][ T5055] ? fault_in_subpage_writeable+0x20/0x20
[ 59.246100][ T5055] hfs_write_begin+0x87/0x150
[ 59.250863][ T5055] ? hfs_extend_file+0xae0/0xae0
[ 59.255808][ T5055] generic_perform_write+0x256/0x570
[ 59.261151][ T5055] ? generic_file_readonly_mmap+0x180/0x180
[ 59.267090][ T5055] ? new_inode+0x280/0x280
[ 59.271551][ T5055] ? generic_write_checks+0x2c0/0x400
[ 59.276942][ T5055] __generic_file_write_iter+0x2ae/0x500
[ 59.282651][ T5055] generic_file_write_iter+0xe3/0x350
[ 59.288211][ T5055] vfs_write+0x945/0xd50
[ 59.292605][ T5055] ? kernel_write+0x670/0x670
[ 59.297394][ T5055] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 59.302873][ T5055] ? find_held_lock+0x2d/0x110
[ 59.307710][ T5055] ? lock_downgrade+0x690/0x690
[ 59.312581][ T5055] ? __fget_light+0x20a/0x270
[ 59.317314][ T5055] ksys_write+0x12b/0x250
[ 59.321653][ T5055] ? __ia32_sys_read+0xb0/0xb0
[ 59.326409][ T5055] ? lockdep_hardirqs_on+0x7d/0x100
[ 59.331672][ T5055] ? _raw_spin_unlock_irq+0x2e/0x50
[ 59.336937][ T5055] ? ptrace_notify+0xfe/0x140
[ 59.341781][ T5055] do_syscall_64+0x39/0xb0
[ 59.346197][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.352178][ T5055] RIP: 0033:0x7f01bbb379f9
[ 59.356624][ T5055] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.376346][ T5055] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 59.384809][ T5055] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 59.392826][ T5055] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 59.400848][ T5055] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 59.408893][ T5055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 59.416888][ T5055] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000036
[ 59.424948][ T5055]
[ 59.428005][ T5055] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 59.435276][ T5055] CPU: 1 PID: 5055 Comm: syz-executor425 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0
[ 59.445698][ T5055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 59.455799][ T5055] Call Trace:
[ 59.459112][ T5055]
[ 59.462037][ T5055] dump_stack_lvl+0xd9/0x150
[ 59.466649][ T5055] panic+0x686/0x730
[ 59.470531][ T5055] ? panic_smp_self_stop+0xa0/0xa0
[ 59.475630][ T5055] ? show_trace_log_lvl+0x284/0x390
[ 59.480839][ T5055] ? hfs_bnode_create+0x14c/0x530
[ 59.485894][ T5055] check_panic_on_warn+0xb1/0xc0
[ 59.490854][ T5055] __warn+0xf2/0x390
[ 59.494744][ T5055] ? hfs_bnode_create+0x14c/0x530
[ 59.499778][ T5055] report_bug+0x2da/0x500
[ 59.504196][ T5055] handle_bug+0x3c/0x70
[ 59.508461][ T5055] exc_invalid_op+0x18/0x50
[ 59.512979][ T5055] asm_exc_invalid_op+0x1a/0x20
[ 59.517860][ T5055] RIP: 0010:hfs_bnode_create+0x14c/0x530
[ 59.523491][ T5055] Code: 89 ef 44 89 fe e8 14 45 32 ff 44 39 fd 75 9b e8 6a 49 32 ff 4c 89 f7 e8 92 2a c2 07 89 ee 48 c7 c7 e0 fe 66 8a e8 84 2d 16 ff <0f> 0b e8 4d 49 32 ff 4c 89 e0 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e
[ 59.543118][ T5055] RSP: 0018:ffffc90003c0f358 EFLAGS: 00010282
[ 59.549211][ T5055] RAX: 000000000000001f RBX: ffff888070dbc000 RCX: 0000000000000000
[ 59.557184][ T5055] RDX: 0000000000000000 RSI: ffffffff8168bd1c RDI: 0000000000000005
[ 59.565150][ T5055] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[ 59.573156][ T5055] R10: 0000000080000000 R11: 0000000000000001 R12: ffff8880177c3100
[ 59.581134][ T5055] R13: dffffc0000000000 R14: ffff888070dbc0e0 R15: 0000000000000000
[ 59.589108][ T5055] ? vprintk+0x8c/0xa0
[ 59.593180][ T5055] ? hfs_bnode_create+0x14c/0x530
[ 59.598203][ T5055] hfs_bmap_alloc+0x6f4/0x800
[ 59.602877][ T5055] ? hfs_bmap_reserve+0x380/0x380
[ 59.607894][ T5055] ? hfs_bnode_put.part.0+0x1e0/0x280
[ 59.613255][ T5055] ? lock_downgrade+0x690/0x690
[ 59.618104][ T5055] hfs_btree_inc_height.isra.0+0xe6/0x950
[ 59.623815][ T5055] ? hfs_bnode_split+0xda0/0xda0
[ 59.628744][ T5055] ? do_raw_spin_unlock+0x175/0x230
[ 59.633944][ T5055] ? _raw_spin_unlock+0x28/0x40
[ 59.638803][ T5055] ? hfs_bnode_put.part.0+0x1e0/0x280
[ 59.644176][ T5055] hfs_brec_insert+0x851/0xbc0
[ 59.648940][ T5055] ? hfs_brec_keylen+0x3a0/0x3a0
[ 59.653900][ T5055] ? __kmem_cache_alloc_node+0x1b0/0x320
[ 59.659559][ T5055] ? hfs_bmap_reserve+0x2b9/0x380
[ 59.664613][ T5055] __hfs_ext_write_extent+0x3ec/0x510
[ 59.670003][ T5055] hfs_ext_read_extent+0x81c/0xa20
[ 59.675116][ T5055] ? rcu_is_watching+0x12/0xb0
[ 59.679902][ T5055] ? hfs_free_extents+0x2e0/0x2e0
[ 59.684923][ T5055] ? clean_bdev_aliases+0x4ff/0x600
[ 59.690121][ T5055] ? find_held_lock+0x2d/0x110
[ 59.694906][ T5055] hfs_extend_file+0x4b5/0xae0
[ 59.699698][ T5055] ? spin_bug+0x1c0/0x1c0
[ 59.704025][ T5055] ? hfs_free_fork+0x920/0x920
[ 59.708785][ T5055] ? rcu_is_watching+0x12/0xb0
[ 59.713558][ T5055] ? __mark_inode_dirty+0x297/0xd60
[ 59.718787][ T5055] hfs_get_block+0x17f/0x820
[ 59.723385][ T5055] __block_write_begin_int+0x3bd/0x14b0
[ 59.728962][ T5055] ? hfs_extend_file+0xae0/0xae0
[ 59.733897][ T5055] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 59.739434][ T5055] ? folio_flags.constprop.0+0x53/0x150
[ 59.744988][ T5055] ? hfs_extend_file+0xae0/0xae0
[ 59.749924][ T5055] block_write_begin+0xb9/0x4d0
[ 59.754788][ T5055] cont_write_begin+0x534/0x740
[ 59.759641][ T5055] ? hfs_extend_file+0xae0/0xae0
[ 59.764597][ T5055] ? block_write_begin+0x4d0/0x4d0
[ 59.769712][ T5055] ? fault_in_readable+0x129/0x210
[ 59.774824][ T5055] ? fault_in_subpage_writeable+0x20/0x20
[ 59.780545][ T5055] hfs_write_begin+0x87/0x150
[ 59.785222][ T5055] ? hfs_extend_file+0xae0/0xae0
[ 59.790175][ T5055] generic_perform_write+0x256/0x570
[ 59.795474][ T5055] ? generic_file_readonly_mmap+0x180/0x180
[ 59.801363][ T5055] ? new_inode+0x280/0x280
[ 59.805773][ T5055] ? generic_write_checks+0x2c0/0x400
[ 59.811146][ T5055] __generic_file_write_iter+0x2ae/0x500
[ 59.816816][ T5055] generic_file_write_iter+0xe3/0x350
[ 59.822212][ T5055] vfs_write+0x945/0xd50
[ 59.826475][ T5055] ? kernel_write+0x670/0x670
[ 59.831233][ T5055] ? recalc_sigpending_tsk+0x18b/0x1d0
[ 59.836688][ T5055] ? find_held_lock+0x2d/0x110
[ 59.841496][ T5055] ? lock_downgrade+0x690/0x690
[ 59.846365][ T5055] ? __fget_light+0x20a/0x270
[ 59.851056][ T5055] ksys_write+0x12b/0x250
[ 59.855412][ T5055] ? __ia32_sys_read+0xb0/0xb0
[ 59.860184][ T5055] ? lockdep_hardirqs_on+0x7d/0x100
[ 59.865382][ T5055] ? _raw_spin_unlock_irq+0x2e/0x50
[ 59.870585][ T5055] ? ptrace_notify+0xfe/0x140
[ 59.875262][ T5055] do_syscall_64+0x39/0xb0
[ 59.879679][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.885576][ T5055] RIP: 0033:0x7f01bbb379f9
[ 59.889985][ T5055] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.910974][ T5055] RSP: 002b:00007ffd86a04088 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 59.919380][ T5055] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f01bbb379f9
[ 59.927341][ T5055] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 59.935297][ T5055] RBP: 00007ffd86a040b0 R08: 0000000000000001 R09: 00007ffd86a040c0
[ 59.943255][ T5055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 59.951215][ T5055] R13: 00007ffd86a040f0 R14: 00007ffd86a040d0 R15: 0000000000000036
[ 59.959187][ T5055]
[ 59.962914][ T5055] Kernel Offset: disabled
[ 59.967343][ T5055] Rebooting in 86400 seconds..