./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2479213904

<...>
DUID 00:04:9b:41:e3:df:54:6f:ca:1f:62:a0:1b:7c:64:71:74:ce
forked to background, child pid 4645
[   30.881448][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.891189][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.41' (ECDSA) to the list of known hosts.
execve("./syz-executor2479213904", ["./syz-executor2479213904"], 0x7ffdc0cb4180 /* 10 vars */) = 0
brk(NULL)                               = 0x555556446000
brk(0x555556446c40)                     = 0x555556446c40
arch_prctl(ARCH_SET_FS, 0x555556446300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2479213904", 4096) = 28
brk(0x555556467c40)                     = 0x555556467c40
brk(0x555556468000)                     = 0x555556468000
mprotect(0x7f625a273000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("/syzcgroup", 0777)               = 0
mkdir("/syzcgroup/unified", 0777)       = 0
mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL) = 0
chmod("/syzcgroup/unified", 0777)       = 0
openat(AT_FDCWD, "/syzcgroup/unified/cgroup.subtree_control", O_WRONLY) = 3
write(3, "+cpu", 4)                     = 4
write(3, "+memory", 7)                  = 7
write(3, "+io", 3)                      = 3
write(3, "+pids", 5)                    = 5
close(3)                                = 0
mkdir("/syzcgroup/net", 0777)           = 0
mount("none", "/syzcgroup/net", "cgroup", 0, "net") = -1 EINVAL (Invalid argument)
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio") = 0
umount2("/syzcgroup/net", 0)            = 0
mount("none", "/syzcgroup/net", "cgroup", 0, "devices") = 0
umount2("/syzcgroup/net", 0)            = 0
mount("none", "/syzcgroup/net", "cgroup", 0, "blkio") = 0
umount2("/syzcgroup/net", 0)            = 0
mount("none", "/syzcgroup/net", "cgroup", 0, "freezer") = 0
umount2("/syzcgroup/net", 0)            = 0
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted)
syzkaller login: [   53.365621][ T5066] cgroup: Unknown subsys name 'net'
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = 0
chmod("/syzcgroup/net", 0777)           = 0
mkdir("/syzcgroup/cpu", 0777)           = 0
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset") = 0
umount2("/syzcgroup/cpu", 0)            = 0
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct") = 0
umount2("/syzcgroup/cpu", 0)            = 0
mount("none", "/syzcgroup/cpu", "cgroup", 0, "hugetlb") = 0
umount2("/syzcgroup/cpu", 0)            = 0
mount("none", "/syzcgroup/cpu", "cgroup", 0, "rlimit") = -1 EINVAL (Invalid argument)
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted)
[   53.474837][ T5066] cgroup: Unknown subsys name 'rlimit'
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = 0
chmod("/syzcgroup/cpu", 0777)           = 0
openat(AT_FDCWD, "/syzcgroup/cpu/cgroup.clone_children", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/syzcgroup/cpu/cpuset.memory_pressure_enabled", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
getpid()                                = 5066
mkdir("./syzkaller.YLFkRe", 0700)       = 0
chmod("./syzkaller.YLFkRe", 0777)       = 0
chdir("./syzkaller.YLFkRe")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached
, child_tidptr=0x5555564465d0) = 5068
[pid  5068] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5068] setsid()                    = 1
[pid  5068] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5068] unshare(CLONE_NEWNS)        = 0
[pid  5068] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5068] unshare(CLONE_NEWIPC)       = 0
[pid  5068] unshare(CLONE_NEWCGROUP)    = 0
[pid  5068] unshare(CLONE_NEWUTS)       = 0
[pid  5068] unshare(CLONE_SYSVSEM)      = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "16777216", 8)     = 8
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "536870912", 9)    = 9
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "8192", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5068] close(3)                    = 0
[pid  5068] getpid()                    = 1
[pid  5068] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5068] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5068] unshare(CLONE_NEWNET)       = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "0 65535", 7)      = 7
[pid  5068] close(3)                    = 0
[pid  5068] mkdir("/dev/binderfs", 0777) = 0
[pid  5068] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5068] getpid()                    = 1
[pid  5068] mkdir("/syzcgroup/unified/syz0", 0777) = 0
[pid  5068] openat(AT_FDCWD, "/syzcgroup/unified/syz0/pids.max", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "32", 2)           = 2
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/syzcgroup/unified/syz0/memory.low", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "312475648", 9)    = 9
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/syzcgroup/unified/syz0/memory.high", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "313524224", 9)    = 9
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/syzcgroup/unified/syz0/memory.max", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "314572800", 9)    = 9
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/syzcgroup/unified/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1", 1)            = 1
[pid  5068] close(3)                    = 0
[pid  5068] mkdir("/syzcgroup/cpu/syz0", 0777) = 0
[pid  5068] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1", 1)            = 1
[pid  5068] close(3)                    = 0
[pid  5068] mkdir("/syzcgroup/net/syz0", 0777) = 0
[pid  5068] openat(AT_FDCWD, "/syzcgroup/net/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1", 1)            = 1
[pid  5068] close(3)                    = 0
[pid  5068] mkdir("./0", 0777)          = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5068] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5068] close(3)                    = 0
[pid  5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564465d0) = 2
./strace-static-x86_64: Process 5070 attached
[pid  5070] chdir("./0")                = 0
[pid  5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5070] setpgid(0, 0)               = 0
[pid  5070] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0
[pid  5070] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0
[pid  5070] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0
[pid  5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5070] write(3, "1000", 4)         = 4
[pid  5070] close(3)                    = 0
[pid  5070] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5070] memfd_create("syzkaller", 0) = 3
[pid  5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6251db7000
[pid  5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  5070] munmap(0x7f6251db7000, 32768) = 0
[pid  5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5070] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5070] close(3)                    = 0
[pid  5070] mkdir("./file0", 0777)      = 0
[pid  5070] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5070] chdir("./file0")            = 0
[pid  5070] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5070] close(4)                    = 0
[pid  5070] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  5070] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5070] write(5, "13", 2)           = 2
[   53.707058][ T5070] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5070 'syz-executor247'
[   53.722509][ T5070] loop0: detected capacity change from 0 to 64
[   53.756376][ T5070] FAULT_INJECTION: forcing a failure.
[   53.756376][ T5070] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   53.769682][ T5070] CPU: 0 PID: 5070 Comm: syz-executor247 Not tainted 6.3.0-rc3-syzkaller-00029-g9fd6ba5420ba #0
[   53.780240][ T5070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   53.790523][ T5070] Call Trace:
[   53.793822][ T5070]  <TASK>
[   53.796758][ T5070]  dump_stack_lvl+0x1e7/0x2d0
[   53.801467][ T5070]  ? nf_tcp_handle_invalid+0x650/0x650
[   53.806940][ T5070]  ? panic+0x770/0x770
[   53.811030][ T5070]  ? PageHeadHuge+0xa5/0x1d0
[   53.815670][ T5070]  ? hfs_free_extents+0x420/0x420
[   53.820790][ T5070]  should_fail_ex+0x3aa/0x4e0
[   53.825518][ T5070]  copy_page_from_iter_atomic+0x211/0x1140
[   53.831421][ T5070]  ? fault_in_readable+0x20d/0x350
[   53.836548][ T5070]  ? pipe_zero+0x230/0x230
[   53.840969][ T5070]  ? hfs_write_begin+0x8a/0xd0
[   53.846163][ T5070]  ? hfs_free_extents+0x420/0x420
[   53.851209][ T5070]  ? hfs_write_begin+0xa2/0xd0
[   53.856066][ T5070]  generic_perform_write+0x370/0x5e0
[   53.861367][ T5070]  ? generic_file_direct_write+0x460/0x460
[   53.867178][ T5070]  ? __file_remove_privs+0x640/0x640
[   53.872545][ T5070]  ? generic_write_checks+0x160/0x1c0
[   53.877919][ T5070]  __generic_file_write_iter+0x17a/0x400
[   53.883557][ T5070]  generic_file_write_iter+0xaf/0x310
[   53.889222][ T5070]  vfs_write+0x7b2/0xbb0
[   53.893469][ T5070]  ? file_end_write+0x250/0x250
[   53.898326][ T5070]  ? lockdep_hardirqs_on+0x98/0x140
[   53.903526][ T5070]  ? __fdget_pos+0x265/0x2f0
[   53.908125][ T5070]  ksys_write+0x1a0/0x2c0
[   53.912457][ T5070]  ? __ia32_sys_read+0x90/0x90
[   53.917221][ T5070]  ? syscall_enter_from_user_mode+0x32/0x260
[   53.923220][ T5070]  ? syscall_enter_from_user_mode+0x8c/0x260
[   53.929196][ T5070]  do_syscall_64+0x41/0xc0
[   53.933635][ T5070]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.939526][ T5070] RIP: 0033:0x7f625a205289
[   53.943935][ T5070] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   53.963545][ T5070] RSP: 002b:00007ffc8be11f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   53.971987][ T5070] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f625a205289
[   53.979955][ T5070] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   53.987924][ T5070] RBP: 00007ffc8be11f50 R08: 0000000000000002 R09: 00007ffc8be11f60
[   53.995889][ T5070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  5070] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  5070] close(3)                    = 0
[pid  5070] close(4)                    = 0
[pid  5070] close(5)                    = 0
[pid  5070] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5070] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5070] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5070] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5070] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5070] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5070] exit_group(0)               = ?
[pid  5070] +++ exited with 0 +++
[pid  5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
[pid  5068] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5068] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(3, 0x555556447620 /* 7 entries */, 32768) = 208
[pid  5068] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5068] unlink("./0/binderfs")      = 0
[pid  5068] umount2("./0/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./0/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0
[pid  5068] unlink("./0/cgroup")        = 0
[pid  5068] umount2("./0/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./0/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./0/cgroup.net")    = 0
[pid  5068] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5068] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5068] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(4, 0x55555644f660 /* 2 entries */, 32768) = 48
[pid  5068] getdents64(4, 0x55555644f660 /* 0 entries */, 32768) = 0
[pid  5068] close(4)                    = 0
[pid  5068] rmdir("./0/file0")          = 0
[pid  5068] umount2("./0/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./0/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./0/cgroup.cpu")    = 0
[pid  5068] getdents64(3, 0x555556447620 /* 0 entries */, 32768) = 0
[pid  5068] close(3)                    = 0
[pid  5068] rmdir("./0")                = 0
[pid  5068] mkdir("./1", 0777)          = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5068] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5068] close(3)                    = 0
[pid  5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564465d0) = 3
[   54.003855][ T5070] R13: 00007ffc8be11fb0 R14: 00007ffc8be11f70 R15: 0000000000000000
[   54.011847][ T5070]  </TASK>
./strace-static-x86_64: Process 5072 attached
[pid  5072] chdir("./1")                = 0
[pid  5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5072] setpgid(0, 0)               = 0
[pid  5072] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0
[pid  5072] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0
[pid  5072] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0
[pid  5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5072] write(3, "1000", 4)         = 4
[pid  5072] close(3)                    = 0
[pid  5072] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5072] memfd_create("syzkaller", 0) = 3
[pid  5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6251db7000
[pid  5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  5072] munmap(0x7f6251db7000, 32768) = 0
[pid  5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5072] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5072] close(3)                    = 0
[pid  5072] mkdir("./file0", 0777)      = 0
[pid  5072] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  5072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5072] chdir("./file0")            = 0
[pid  5072] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5072] close(4)                    = 0
[pid  5072] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  5072] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5072] write(5, "13", 2)           = 2
[   54.086127][ T5072] loop0: detected capacity change from 0 to 64
[   54.109145][ T5072] FAULT_INJECTION: forcing a failure.
[   54.109145][ T5072] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   54.122377][ T5072] CPU: 0 PID: 5072 Comm: syz-executor247 Not tainted 6.3.0-rc3-syzkaller-00029-g9fd6ba5420ba #0
[   54.132803][ T5072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   54.142951][ T5072] Call Trace:
[   54.146318][ T5072]  <TASK>
[   54.149262][ T5072]  dump_stack_lvl+0x1e7/0x2d0
[   54.153975][ T5072]  ? nf_tcp_handle_invalid+0x650/0x650
[   54.159629][ T5072]  ? panic+0x770/0x770
[   54.163707][ T5072]  ? PageHeadHuge+0xa5/0x1d0
[   54.168309][ T5072]  ? hfs_free_extents+0x420/0x420
[   54.173352][ T5072]  should_fail_ex+0x3aa/0x4e0
[   54.178138][ T5072]  copy_page_from_iter_atomic+0x211/0x1140
[   54.183947][ T5072]  ? fault_in_readable+0x20d/0x350
[   54.189158][ T5072]  ? pipe_zero+0x230/0x230
[   54.193591][ T5072]  ? hfs_write_begin+0x8a/0xd0
[   54.198350][ T5072]  ? hfs_free_extents+0x420/0x420
[   54.203379][ T5072]  ? hfs_write_begin+0xa2/0xd0
[   54.208156][ T5072]  generic_perform_write+0x370/0x5e0
[   54.213472][ T5072]  ? generic_file_direct_write+0x460/0x460
[   54.219316][ T5072]  ? __file_remove_privs+0x640/0x640
[   54.224597][ T5072]  ? generic_write_checks+0x160/0x1c0
[   54.230055][ T5072]  __generic_file_write_iter+0x17a/0x400
[   54.235705][ T5072]  generic_file_write_iter+0xaf/0x310
[   54.241191][ T5072]  vfs_write+0x7b2/0xbb0
[   54.245500][ T5072]  ? file_end_write+0x250/0x250
[   54.250466][ T5072]  ? lockdep_hardirqs_on+0x98/0x140
[   54.255675][ T5072]  ? __fdget_pos+0x265/0x2f0
[   54.260460][ T5072]  ksys_write+0x1a0/0x2c0
[   54.264799][ T5072]  ? __ia32_sys_read+0x90/0x90
[   54.269667][ T5072]  ? syscall_enter_from_user_mode+0x32/0x260
[   54.276007][ T5072]  ? syscall_enter_from_user_mode+0x8c/0x260
[   54.282035][ T5072]  do_syscall_64+0x41/0xc0
[   54.286464][ T5072]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.292365][ T5072] RIP: 0033:0x7f625a205289
[   54.296787][ T5072] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   54.316491][ T5072] RSP: 002b:00007ffc8be11f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   54.324908][ T5072] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f625a205289
[pid  5072] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid  5072] close(3)                    = 0
[pid  5072] close(4)                    = 0
[pid  5072] close(5)                    = 0
[pid  5072] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5072] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5072] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5072] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5072] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5072] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5072] exit_group(0)               = ?
[pid  5072] +++ exited with 0 +++
[pid  5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
[pid  5068] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5068] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5068] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(3, 0x555556447620 /* 7 entries */, 32768) = 208
[pid  5068] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5068] unlink("./1/binderfs")      = 0
[pid  5068] umount2("./1/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./1/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0
[pid  5068] unlink("./1/cgroup")        = 0
[pid  5068] umount2("./1/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./1/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./1/cgroup.net")    = 0
[pid  5068] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5068] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5068] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[   54.332879][ T5072] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   54.340857][ T5072] RBP: 00007ffc8be11f50 R08: 0000000000000002 R09: 00007ffc8be11f60
[   54.348845][ T5072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   54.356868][ T5072] R13: 00007ffc8be11fb0 R14: 00007ffc8be11f70 R15: 0000000000000001
[   54.365268][ T5072]  </TASK>
[pid  5068] getdents64(4, 0x55555644f660 /* 2 entries */, 32768) = 48
[pid  5068] getdents64(4, 0x55555644f660 /* 0 entries */, 32768) = 0
[pid  5068] close(4)                    = 0
[pid  5068] rmdir("./1/file0")          = 0
[pid  5068] umount2("./1/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./1/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./1/cgroup.cpu")    = 0
[pid  5068] getdents64(3, 0x555556447620 /* 0 entries */, 32768) = 0
[pid  5068] close(3)                    = 0
[pid  5068] rmdir("./1")                = 0
[pid  5068] mkdir("./2", 0777)          = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5068] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5068] close(3)                    = 0
[pid  5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564465d0) = 4
./strace-static-x86_64: Process 5073 attached
[pid  5073] chdir("./2")                = 0
[pid  5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5073] setpgid(0, 0)               = 0
[pid  5073] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0
[pid  5073] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0
[pid  5073] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0
[pid  5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5073] write(3, "1000", 4)         = 4
[pid  5073] close(3)                    = 0
[pid  5073] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5073] memfd_create("syzkaller", 0) = 3
[pid  5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6251db7000
[pid  5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  5073] munmap(0x7f6251db7000, 32768) = 0
[pid  5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5073] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5073] close(3)                    = 0
[pid  5073] mkdir("./file0", 0777)      = 0
[pid  5073] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5073] chdir("./file0")            = 0
[pid  5073] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5073] close(4)                    = 0
[pid  5073] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  5073] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5073] write(5, "13", 2)           = 2
[   54.457891][ T5073] loop0: detected capacity change from 0 to 64
[   54.478629][ T5073] FAULT_INJECTION: forcing a failure.
[   54.478629][ T5073] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   54.492014][ T5073] CPU: 0 PID: 5073 Comm: syz-executor247 Not tainted 6.3.0-rc3-syzkaller-00029-g9fd6ba5420ba #0
[   54.502447][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   54.512500][ T5073] Call Trace:
[   54.516047][ T5073]  <TASK>
[   54.518987][ T5073]  dump_stack_lvl+0x1e7/0x2d0
[   54.523674][ T5073]  ? nf_tcp_handle_invalid+0x650/0x650
[   54.529163][ T5073]  ? panic+0x770/0x770
[   54.533263][ T5073]  should_fail_ex+0x3aa/0x4e0
[   54.537955][ T5073]  prepare_alloc_pages+0x1d9/0x5b0
[   54.543084][ T5073]  __alloc_pages+0x165/0x670
[   54.547753][ T5073]  ? zone_statistics+0x170/0x170
[   54.552735][ T5073]  folio_alloc+0x1e/0x60
[   54.556988][ T5073]  filemap_alloc_folio+0xde/0x500
[   54.562016][ T5073]  ? rcu_lock_release+0x5/0x30
[   54.566869][ T5073]  ? filemap_add_folio+0x580/0x580
[   54.572156][ T5073]  ? xas_descend+0x223/0x440
[   54.576745][ T5073]  ? xas_load+0x12c/0x140
[   54.581083][ T5073]  __filemap_get_folio+0x719/0xe50
[   54.586211][ T5073]  ? page_cache_prev_miss+0x500/0x500
[   54.591573][ T5073]  ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[   54.597553][ T5073]  ? exc_page_fault+0x4fc/0x7c0
[   54.602415][ T5073]  pagecache_get_page+0x2c/0x240
[   54.607365][ T5073]  ? hfs_free_extents+0x420/0x420
[   54.612468][ T5073]  block_write_begin+0x32/0x1f0
[   54.617402][ T5073]  ? cont_write_begin+0x626/0x880
[   54.622532][ T5073]  cont_write_begin+0x643/0x880
[   54.627400][ T5073]  ? fault_in_readable+0x1cc/0x350
[   54.632517][ T5073]  ? generic_cont_expand_simple+0x2a0/0x2a0
[   54.638413][ T5073]  ? fault_in_readable+0x20d/0x350
[   54.643541][ T5073]  ? fault_in_safe_writeable+0x260/0x260
[   54.649367][ T5073]  hfs_write_begin+0x8a/0xd0
[   54.653956][ T5073]  ? hfs_free_extents+0x420/0x420
[   54.659077][ T5073]  generic_perform_write+0x300/0x5e0
[   54.664393][ T5073]  ? generic_file_direct_write+0x460/0x460
[   54.670221][ T5073]  ? __file_remove_privs+0x640/0x640
[   54.675533][ T5073]  ? generic_write_checks+0x160/0x1c0
[   54.680919][ T5073]  __generic_file_write_iter+0x17a/0x400
[   54.686647][ T5073]  generic_file_write_iter+0xaf/0x310
[   54.692016][ T5073]  vfs_write+0x7b2/0xbb0
[   54.696259][ T5073]  ? file_end_write+0x250/0x250
[   54.701126][ T5073]  ? lockdep_hardirqs_on+0x98/0x140
[   54.706430][ T5073]  ? __fdget_pos+0x265/0x2f0
[   54.711037][ T5073]  ksys_write+0x1a0/0x2c0
[   54.715372][ T5073]  ? __ia32_sys_read+0x90/0x90
[   54.720132][ T5073]  ? syscall_enter_from_user_mode+0x32/0x260
[   54.726119][ T5073]  ? syscall_enter_from_user_mode+0x8c/0x260
[   54.732197][ T5073]  do_syscall_64+0x41/0xc0
[   54.736629][ T5073]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.742612][ T5073] RIP: 0033:0x7f625a205289
[   54.747027][ T5073] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   54.767078][ T5073] RSP: 002b:00007ffc8be11f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   54.775486][ T5073] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f625a205289
[   54.783463][ T5073] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   54.791466][ T5073] RBP: 00007ffc8be11f50 R08: 0000000000000002 R09: 00007ffc8be11f60
[   54.799523][ T5073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  5073] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  5073] close(3)                    = 0
[pid  5073] close(4)                    = 0
[pid  5073] close(5)                    = 0
[pid  5073] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5073] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5073] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5073] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5073] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5073] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5073] exit_group(0)               = ?
[pid  5073] +++ exited with 0 +++
[pid  5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
[pid  5068] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5068] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(3, 0x555556447620 /* 7 entries */, 32768) = 208
[pid  5068] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5068] unlink("./2/binderfs")      = 0
[pid  5068] umount2("./2/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./2/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0
[pid  5068] unlink("./2/cgroup")        = 0
[pid  5068] umount2("./2/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./2/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./2/cgroup.net")    = 0
[pid  5068] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5068] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5068] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(4, 0x55555644f660 /* 2 entries */, 32768) = 48
[pid  5068] getdents64(4, 0x55555644f660 /* 0 entries */, 32768) = 0
[pid  5068] close(4)                    = 0
[pid  5068] rmdir("./2/file0")          = 0
[pid  5068] umount2("./2/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./2/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./2/cgroup.cpu")    = 0
[pid  5068] getdents64(3, 0x555556447620 /* 0 entries */, 32768) = 0
[pid  5068] close(3)                    = 0
[pid  5068] rmdir("./2")                = 0
[pid  5068] mkdir("./3", 0777)          = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5068] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5068] close(3)                    = 0
[pid  5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached
, child_tidptr=0x5555564465d0) = 5
[pid  5074] chdir("./3")                = 0
[pid  5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5074] setpgid(0, 0)               = 0
[pid  5074] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0
[pid  5074] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0
[pid  5074] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0
[pid  5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5074] write(3, "1000", 4)         = 4
[pid  5074] close(3)                    = 0
[pid  5074] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5074] memfd_create("syzkaller", 0) = 3
[pid  5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6251db7000
[pid  5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  5074] munmap(0x7f6251db7000, 32768) = 0
[pid  5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   54.807497][ T5073] R13: 00007ffc8be11fb0 R14: 00007ffc8be11f70 R15: 0000000000000002
[   54.815486][ T5073]  </TASK>
[pid  5074] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5074] close(3)                    = 0
[pid  5074] mkdir("./file0", 0777)      = 0
[pid  5074] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5074] chdir("./file0")            = 0
[pid  5074] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5074] close(4)                    = 0
[pid  5074] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  5074] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5074] write(5, "13", 2)           = 2
[   54.868475][ T5074] loop0: detected capacity change from 0 to 64
[   54.891104][ T5074] FAULT_INJECTION: forcing a failure.
[   54.891104][ T5074] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   54.905145][ T5074] CPU: 1 PID: 5074 Comm: syz-executor247 Not tainted 6.3.0-rc3-syzkaller-00029-g9fd6ba5420ba #0
[   54.915576][ T5074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   54.925632][ T5074] Call Trace:
[   54.929011][ T5074]  <TASK>
[   54.931958][ T5074]  dump_stack_lvl+0x1e7/0x2d0
[   54.936644][ T5074]  ? nf_tcp_handle_invalid+0x650/0x650
[   54.942183][ T5074]  ? panic+0x770/0x770
[   54.946244][ T5074]  should_fail_ex+0x3aa/0x4e0
[   54.950913][ T5074]  prepare_alloc_pages+0x1d9/0x5b0
[   54.956028][ T5074]  __alloc_pages+0x165/0x670
[   54.960607][ T5074]  ? zone_statistics+0x170/0x170
[   54.965642][ T5074]  folio_alloc+0x1e/0x60
[   54.969885][ T5074]  filemap_alloc_folio+0xde/0x500
[   54.975084][ T5074]  ? rcu_lock_release+0x5/0x30
[   54.979851][ T5074]  ? filemap_add_folio+0x580/0x580
[   54.984956][ T5074]  ? xas_descend+0x223/0x440
[   54.989561][ T5074]  ? xas_load+0x12c/0x140
[   54.993891][ T5074]  __filemap_get_folio+0x719/0xe50
[   54.999002][ T5074]  ? page_cache_prev_miss+0x500/0x500
[   55.004379][ T5074]  ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[   55.010448][ T5074]  ? exc_page_fault+0x4fc/0x7c0
[   55.015305][ T5074]  pagecache_get_page+0x2c/0x240
[   55.020243][ T5074]  ? hfs_free_extents+0x420/0x420
[   55.025274][ T5074]  block_write_begin+0x32/0x1f0
[   55.030124][ T5074]  ? cont_write_begin+0x626/0x880
[   55.035149][ T5074]  cont_write_begin+0x643/0x880
[   55.040007][ T5074]  ? fault_in_readable+0x1cc/0x350
[   55.045111][ T5074]  ? generic_cont_expand_simple+0x2a0/0x2a0
[   55.051004][ T5074]  ? fault_in_readable+0x20d/0x350
[   55.056110][ T5074]  ? fault_in_safe_writeable+0x260/0x260
[   55.061746][ T5074]  hfs_write_begin+0x8a/0xd0
[   55.066342][ T5074]  ? hfs_free_extents+0x420/0x420
[   55.071364][ T5074]  generic_perform_write+0x300/0x5e0
[   55.076653][ T5074]  ? generic_file_direct_write+0x460/0x460
[   55.082476][ T5074]  ? __file_remove_privs+0x640/0x640
[   55.087845][ T5074]  ? generic_write_checks+0x160/0x1c0
[   55.093303][ T5074]  __generic_file_write_iter+0x17a/0x400
[   55.098948][ T5074]  generic_file_write_iter+0xaf/0x310
[   55.104317][ T5074]  vfs_write+0x7b2/0xbb0
[   55.108754][ T5074]  ? file_end_write+0x250/0x250
[   55.113611][ T5074]  ? lockdep_hardirqs_on+0x98/0x140
[   55.118812][ T5074]  ? __fdget_pos+0x265/0x2f0
[   55.123400][ T5074]  ksys_write+0x1a0/0x2c0
[   55.127748][ T5074]  ? __ia32_sys_read+0x90/0x90
[   55.132516][ T5074]  ? syscall_enter_from_user_mode+0x32/0x260
[   55.138500][ T5074]  ? syscall_enter_from_user_mode+0x8c/0x260
[   55.144478][ T5074]  do_syscall_64+0x41/0xc0
[   55.148895][ T5074]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.154786][ T5074] RIP: 0033:0x7f625a205289
[   55.159196][ T5074] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.179058][ T5074] RSP: 002b:00007ffc8be11f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   55.187483][ T5074] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f625a205289
[   55.195460][ T5074] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   55.203466][ T5074] RBP: 00007ffc8be11f50 R08: 0000000000000002 R09: 00007ffc8be11f60
[   55.211461][ T5074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  5074] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  5074] close(3)                    = 0
[pid  5074] close(4)                    = 0
[pid  5074] close(5)                    = 0
[pid  5074] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5074] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5074] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5074] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5074] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5074] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5074] exit_group(0)               = ?
[pid  5074] +++ exited with 0 +++
[pid  5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
[pid  5068] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5068] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5068] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(3, 0x555556447620 /* 7 entries */, 32768) = 208
[pid  5068] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5068] unlink("./3/binderfs")      = 0
[pid  5068] umount2("./3/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./3/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0
[pid  5068] unlink("./3/cgroup")        = 0
[pid  5068] umount2("./3/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./3/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./3/cgroup.net")    = 0
[pid  5068] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5068] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5068] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(4, 0x55555644f660 /* 2 entries */, 32768) = 48
[pid  5068] getdents64(4, 0x55555644f660 /* 0 entries */, 32768) = 0
[pid  5068] close(4)                    = 0
[pid  5068] rmdir("./3/file0")          = 0
[pid  5068] umount2("./3/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./3/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./3/cgroup.cpu")    = 0
[pid  5068] getdents64(3, 0x555556447620 /* 0 entries */, 32768) = 0
[pid  5068] close(3)                    = 0
[pid  5068] rmdir("./3")                = 0
[pid  5068] mkdir("./4", 0777)          = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5068] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5068] close(3)                    = 0
[pid  5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached
 <unfinished ...>
[pid  5075] chdir("./4" <unfinished ...>
[pid  5068] <... clone resumed>, child_tidptr=0x5555564465d0) = 6
[pid  5075] <... chdir resumed>)        = 0
[pid  5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5075] setpgid(0, 0)               = 0
[pid  5075] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0
[pid  5075] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0
[pid  5075] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0
[pid  5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5075] write(3, "1000", 4)         = 4
[pid  5075] close(3)                    = 0
[pid  5075] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5075] memfd_create("syzkaller", 0) = 3
[pid  5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6251db7000
[   55.219518][ T5074] R13: 00007ffc8be11fb0 R14: 00007ffc8be11f70 R15: 0000000000000003
[   55.227598][ T5074]  </TASK>
[pid  5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  5075] munmap(0x7f6251db7000, 32768) = 0
[pid  5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5075] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5075] close(3)                    = 0
[pid  5075] mkdir("./file0", 0777)      = 0
[pid  5075] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5075] chdir("./file0")            = 0
[pid  5075] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5075] close(4)                    = 0
[pid  5075] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  5075] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5075] write(5, "13", 2)           = 2
[   55.283797][ T5075] loop0: detected capacity change from 0 to 64
[   55.307307][ T5075] FAULT_INJECTION: forcing a failure.
[   55.307307][ T5075] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   55.321170][ T5075] CPU: 0 PID: 5075 Comm: syz-executor247 Not tainted 6.3.0-rc3-syzkaller-00029-g9fd6ba5420ba #0
[   55.331640][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   55.341693][ T5075] Call Trace:
[   55.344987][ T5075]  <TASK>
[   55.347940][ T5075]  dump_stack_lvl+0x1e7/0x2d0
[   55.352678][ T5075]  ? nf_tcp_handle_invalid+0x650/0x650
[   55.358504][ T5075]  ? panic+0x770/0x770
[   55.362759][ T5075]  should_fail_ex+0x3aa/0x4e0
[   55.367474][ T5075]  prepare_alloc_pages+0x1d9/0x5b0
[   55.372618][ T5075]  __alloc_pages+0x165/0x670
[   55.377259][ T5075]  ? zone_statistics+0x170/0x170
[   55.382335][ T5075]  folio_alloc+0x1e/0x60
[   55.386607][ T5075]  filemap_alloc_folio+0xde/0x500
[   55.391646][ T5075]  ? rcu_lock_release+0x5/0x30
[   55.396422][ T5075]  ? filemap_add_folio+0x580/0x580
[   55.401544][ T5075]  ? xas_descend+0x223/0x440
[   55.406132][ T5075]  ? xas_load+0x12c/0x140
[   55.410470][ T5075]  __filemap_get_folio+0x719/0xe50
[   55.415596][ T5075]  ? page_cache_prev_miss+0x500/0x500
[   55.420965][ T5075]  ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[   55.426962][ T5075]  ? exc_page_fault+0x4fc/0x7c0
[   55.431827][ T5075]  pagecache_get_page+0x2c/0x240
[   55.436805][ T5075]  ? hfs_free_extents+0x420/0x420
[   55.441849][ T5075]  block_write_begin+0x32/0x1f0
[   55.446753][ T5075]  ? cont_write_begin+0x626/0x880
[   55.451796][ T5075]  cont_write_begin+0x643/0x880
[   55.456677][ T5075]  ? fault_in_readable+0x1cc/0x350
[   55.461799][ T5075]  ? generic_cont_expand_simple+0x2a0/0x2a0
[   55.467709][ T5075]  ? fault_in_readable+0x20d/0x350
[   55.472817][ T5075]  ? fault_in_safe_writeable+0x260/0x260
[   55.478464][ T5075]  hfs_write_begin+0x8a/0xd0
[   55.483064][ T5075]  ? hfs_free_extents+0x420/0x420
[   55.488092][ T5075]  generic_perform_write+0x300/0x5e0
[   55.493394][ T5075]  ? generic_file_direct_write+0x460/0x460
[   55.499201][ T5075]  ? __file_remove_privs+0x640/0x640
[   55.504507][ T5075]  ? generic_write_checks+0x160/0x1c0
[   55.509881][ T5075]  __generic_file_write_iter+0x17a/0x400
[   55.515715][ T5075]  generic_file_write_iter+0xaf/0x310
[   55.521117][ T5075]  vfs_write+0x7b2/0xbb0
[   55.525421][ T5075]  ? file_end_write+0x250/0x250
[   55.530275][ T5075]  ? lockdep_hardirqs_on+0x98/0x140
[   55.535469][ T5075]  ? __fdget_pos+0x265/0x2f0
[   55.540063][ T5075]  ksys_write+0x1a0/0x2c0
[   55.544406][ T5075]  ? __ia32_sys_read+0x90/0x90
[   55.549191][ T5075]  ? syscall_enter_from_user_mode+0x32/0x260
[   55.555209][ T5075]  ? syscall_enter_from_user_mode+0x8c/0x260
[   55.561329][ T5075]  do_syscall_64+0x41/0xc0
[   55.565837][ T5075]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.572094][ T5075] RIP: 0033:0x7f625a205289
[   55.576525][ T5075] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   55.596152][ T5075] RSP: 002b:00007ffc8be11f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   55.604592][ T5075] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f625a205289
[   55.612577][ T5075] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   55.620547][ T5075] RBP: 00007ffc8be11f50 R08: 0000000000000002 R09: 00007ffc8be11f60
[pid  5075] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  5075] close(3)                    = 0
[pid  5075] close(4)                    = 0
[pid  5075] close(5)                    = 0
[pid  5075] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5075] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5075] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5075] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5075] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5075] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5075] exit_group(0)               = ?
[pid  5075] +++ exited with 0 +++
[pid  5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
[pid  5068] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5068] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(3, 0x555556447620 /* 7 entries */, 32768) = 208
[pid  5068] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5068] unlink("./4/binderfs")      = 0
[pid  5068] umount2("./4/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./4/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0
[pid  5068] unlink("./4/cgroup")        = 0
[pid  5068] umount2("./4/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./4/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./4/cgroup.net")    = 0
[pid  5068] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5068] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5068] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(4, 0x55555644f660 /* 2 entries */, 32768) = 48
[pid  5068] getdents64(4, 0x55555644f660 /* 0 entries */, 32768) = 0
[pid  5068] close(4)                    = 0
[pid  5068] rmdir("./4/file0")          = 0
[pid  5068] umount2("./4/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./4/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./4/cgroup.cpu")    = 0
[pid  5068] getdents64(3, 0x555556447620 /* 0 entries */, 32768) = 0
[pid  5068] close(3)                    = 0
[pid  5068] rmdir("./4")                = 0
[pid  5068] mkdir("./5", 0777)          = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5068] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5068] close(3)                    = 0
[pid  5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564465d0) = 7
./strace-static-x86_64: Process 5076 attached
[pid  5076] chdir("./5")                = 0
[pid  5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5076] setpgid(0, 0)               = 0
[   55.628518][ T5075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   55.636484][ T5075] R13: 00007ffc8be11fb0 R14: 00007ffc8be11f70 R15: 0000000000000004
[   55.644466][ T5075]  </TASK>
[pid  5076] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0
[pid  5076] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0
[pid  5076] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0
[pid  5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5076] write(3, "1000", 4)         = 4
[pid  5076] close(3)                    = 0
[pid  5076] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5076] memfd_create("syzkaller", 0) = 3
[pid  5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6251db7000
[pid  5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  5076] munmap(0x7f6251db7000, 32768) = 0
[pid  5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5076] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5076] close(3)                    = 0
[pid  5076] mkdir("./file0", 0777)      = 0
[pid  5076] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5076] chdir("./file0")            = 0
[pid  5076] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5076] close(4)                    = 0
[pid  5076] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  5076] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5076] write(5, "13", 2)           = 2
[   55.709759][ T5076] loop0: detected capacity change from 0 to 64
[   55.728059][ T5076] FAULT_INJECTION: forcing a failure.
[   55.728059][ T5076] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   55.741551][ T5076] CPU: 1 PID: 5076 Comm: syz-executor247 Not tainted 6.3.0-rc3-syzkaller-00029-g9fd6ba5420ba #0
[   55.751980][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   55.762119][ T5076] Call Trace:
[   55.765416][ T5076]  <TASK>
[   55.768362][ T5076]  dump_stack_lvl+0x1e7/0x2d0
[   55.773057][ T5076]  ? nf_tcp_handle_invalid+0x650/0x650
[   55.778534][ T5076]  ? panic+0x770/0x770
[   55.782609][ T5076]  should_fail_ex+0x3aa/0x4e0
[   55.787377][ T5076]  prepare_alloc_pages+0x1d9/0x5b0
[   55.792489][ T5076]  __alloc_pages+0x165/0x670
[   55.797078][ T5076]  ? zone_statistics+0x170/0x170
[   55.802126][ T5076]  folio_alloc+0x1e/0x60
[   55.806389][ T5076]  filemap_alloc_folio+0xde/0x500
[   55.811526][ T5076]  ? rcu_lock_release+0x5/0x30
[   55.816286][ T5076]  ? filemap_add_folio+0x580/0x580
[   55.821491][ T5076]  ? xas_descend+0x223/0x440
[   55.826128][ T5076]  ? xas_load+0x12c/0x140
[   55.830509][ T5076]  __filemap_get_folio+0x719/0xe50
[   55.835809][ T5076]  ? page_cache_prev_miss+0x500/0x500
[   55.841194][ T5076]  ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[   55.847193][ T5076]  ? exc_page_fault+0x4fc/0x7c0
[   55.852606][ T5076]  pagecache_get_page+0x2c/0x240
[   55.857548][ T5076]  ? hfs_free_extents+0x420/0x420
[   55.862590][ T5076]  block_write_begin+0x32/0x1f0
[   55.867469][ T5076]  ? cont_write_begin+0x626/0x880
[   55.872507][ T5076]  cont_write_begin+0x643/0x880
[   55.877405][ T5076]  ? fault_in_readable+0x1cc/0x350
[   55.882576][ T5076]  ? generic_cont_expand_simple+0x2a0/0x2a0
[   55.888581][ T5076]  ? fault_in_readable+0x20d/0x350
[   55.893703][ T5076]  ? fault_in_safe_writeable+0x260/0x260
[   55.899370][ T5076]  hfs_write_begin+0x8a/0xd0
[   55.903973][ T5076]  ? hfs_free_extents+0x420/0x420
[   55.909007][ T5076]  generic_perform_write+0x300/0x5e0
[   55.914326][ T5076]  ? generic_file_direct_write+0x460/0x460
[   55.920128][ T5076]  ? __file_remove_privs+0x640/0x640
[   55.925467][ T5076]  ? generic_write_checks+0x160/0x1c0
[   55.930862][ T5076]  __generic_file_write_iter+0x17a/0x400
[   55.936538][ T5076]  generic_file_write_iter+0xaf/0x310
[   55.941923][ T5076]  vfs_write+0x7b2/0xbb0
[   55.946184][ T5076]  ? file_end_write+0x250/0x250
[   55.951054][ T5076]  ? lockdep_hardirqs_on+0x98/0x140
[   55.956305][ T5076]  ? __fdget_pos+0x265/0x2f0
[   55.960929][ T5076]  ksys_write+0x1a0/0x2c0
[   55.965299][ T5076]  ? __ia32_sys_read+0x90/0x90
[   55.970082][ T5076]  ? syscall_enter_from_user_mode+0x32/0x260
[   55.976089][ T5076]  ? syscall_enter_from_user_mode+0x8c/0x260
[   55.982527][ T5076]  do_syscall_64+0x41/0xc0
[   55.986982][ T5076]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.992911][ T5076] RIP: 0033:0x7f625a205289
[   55.997433][ T5076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.017414][ T5076] RSP: 002b:00007ffc8be11f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   56.025965][ T5076] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f625a205289
[   56.034054][ T5076] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   56.042124][ T5076] RBP: 00007ffc8be11f50 R08: 0000000000000002 R09: 00007ffc8be11f60
[   56.050201][ T5076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid  5076] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  5076] close(3)                    = 0
[pid  5076] close(4)                    = 0
[pid  5076] close(5)                    = 0
[pid  5076] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5076] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5076] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5076] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5076] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5076] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5076] exit_group(0)               = ?
[pid  5076] +++ exited with 0 +++
[pid  5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
[pid  5068] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5068] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(3, 0x555556447620 /* 7 entries */, 32768) = 208
[pid  5068] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5068] unlink("./5/binderfs")      = 0
[pid  5068] umount2("./5/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./5/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0
[pid  5068] unlink("./5/cgroup")        = 0
[pid  5068] umount2("./5/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./5/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./5/cgroup.net")    = 0
[pid  5068] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5068] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5068] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(4, 0x55555644f660 /* 2 entries */, 32768) = 48
[pid  5068] getdents64(4, 0x55555644f660 /* 0 entries */, 32768) = 0
[pid  5068] close(4)                    = 0
[pid  5068] rmdir("./5/file0")          = 0
[pid  5068] umount2("./5/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./5/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./5/cgroup.cpu")    = 0
[pid  5068] getdents64(3, 0x555556447620 /* 0 entries */, 32768) = 0
[pid  5068] close(3)                    = 0
[pid  5068] rmdir("./5")                = 0
[pid  5068] mkdir("./6", 0777)          = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5068] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5068] close(3)                    = 0
[pid  5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564465d0) = 8
./strace-static-x86_64: Process 5077 attached
[pid  5077] chdir("./6")                = 0
[pid  5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5077] setpgid(0, 0)               = 0
[pid  5077] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0
[pid  5077] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0
[pid  5077] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0
[pid  5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5077] write(3, "1000", 4)         = 4
[pid  5077] close(3)                    = 0
[pid  5077] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5077] memfd_create("syzkaller", 0) = 3
[pid  5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6251db7000
[pid  5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  5077] munmap(0x7f6251db7000, 32768) = 0
[pid  5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   56.058178][ T5076] R13: 00007ffc8be11fb0 R14: 00007ffc8be11f70 R15: 0000000000000005
[   56.066177][ T5076]  </TASK>
[pid  5077] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5077] close(3)                    = 0
[pid  5077] mkdir("./file0", 0777)      = 0
[pid  5077] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5077] chdir("./file0")            = 0
[pid  5077] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5077] close(4)                    = 0
[pid  5077] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  5077] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5077] write(5, "13", 2)           = 2
[   56.119546][ T5077] loop0: detected capacity change from 0 to 64
[   56.142531][ T5077] FAULT_INJECTION: forcing a failure.
[   56.142531][ T5077] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   56.156082][ T5077] CPU: 1 PID: 5077 Comm: syz-executor247 Not tainted 6.3.0-rc3-syzkaller-00029-g9fd6ba5420ba #0
[   56.166521][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   56.176584][ T5077] Call Trace:
[   56.179952][ T5077]  <TASK>
[   56.182971][ T5077]  dump_stack_lvl+0x1e7/0x2d0
[   56.187682][ T5077]  ? nf_tcp_handle_invalid+0x650/0x650
[   56.193241][ T5077]  ? panic+0x770/0x770
[   56.197351][ T5077]  should_fail_ex+0x3aa/0x4e0
[   56.202053][ T5077]  prepare_alloc_pages+0x1d9/0x5b0
[   56.207263][ T5077]  __alloc_pages+0x165/0x670
[   56.211864][ T5077]  ? zone_statistics+0x170/0x170
[   56.216817][ T5077]  folio_alloc+0x1e/0x60
[   56.221157][ T5077]  filemap_alloc_folio+0xde/0x500
[   56.226186][ T5077]  ? rcu_lock_release+0x5/0x30
[   56.230965][ T5077]  ? filemap_add_folio+0x580/0x580
[   56.236162][ T5077]  ? xas_descend+0x223/0x440
[   56.240760][ T5077]  ? xas_load+0x12c/0x140
[   56.245103][ T5077]  __filemap_get_folio+0x719/0xe50
[   56.250221][ T5077]  ? page_cache_prev_miss+0x500/0x500
[   56.255587][ T5077]  ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[   56.261657][ T5077]  ? exc_page_fault+0x4fc/0x7c0
[   56.266928][ T5077]  pagecache_get_page+0x2c/0x240
[   56.271975][ T5077]  ? hfs_free_extents+0x420/0x420
[   56.277014][ T5077]  block_write_begin+0x32/0x1f0
[   56.281890][ T5077]  ? cont_write_begin+0x626/0x880
[   56.286918][ T5077]  cont_write_begin+0x643/0x880
[   56.291862][ T5077]  ? fault_in_readable+0x1cc/0x350
[   56.296969][ T5077]  ? generic_cont_expand_simple+0x2a0/0x2a0
[   56.302871][ T5077]  ? fault_in_readable+0x20d/0x350
[   56.308064][ T5077]  ? fault_in_safe_writeable+0x260/0x260
[   56.313872][ T5077]  hfs_write_begin+0x8a/0xd0
[   56.318458][ T5077]  ? hfs_free_extents+0x420/0x420
[   56.323479][ T5077]  generic_perform_write+0x300/0x5e0
[   56.328792][ T5077]  ? generic_file_direct_write+0x460/0x460
[   56.334608][ T5077]  ? __file_remove_privs+0x640/0x640
[   56.339920][ T5077]  ? generic_write_checks+0x160/0x1c0
[   56.345384][ T5077]  __generic_file_write_iter+0x17a/0x400
[   56.351026][ T5077]  generic_file_write_iter+0xaf/0x310
[   56.356414][ T5077]  vfs_write+0x7b2/0xbb0
[   56.360701][ T5077]  ? file_end_write+0x250/0x250
[   56.365666][ T5077]  ? lockdep_hardirqs_on+0x98/0x140
[   56.370876][ T5077]  ? __fdget_pos+0x265/0x2f0
[   56.375465][ T5077]  ksys_write+0x1a0/0x2c0
[   56.379809][ T5077]  ? __ia32_sys_read+0x90/0x90
[   56.384671][ T5077]  ? syscall_enter_from_user_mode+0x32/0x260
[   56.390654][ T5077]  ? syscall_enter_from_user_mode+0x8c/0x260
[   56.396641][ T5077]  do_syscall_64+0x41/0xc0
[   56.401092][ T5077]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.407105][ T5077] RIP: 0033:0x7f625a205289
[   56.411533][ T5077] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.431414][ T5077] RSP: 002b:00007ffc8be11f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   56.439824][ T5077] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f625a205289
[   56.447788][ T5077] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   56.455782][ T5077] RBP: 00007ffc8be11f50 R08: 0000000000000002 R09: 00007ffc8be11f60
[pid  5077] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  5077] close(3)                    = 0
[pid  5077] close(4)                    = 0
[pid  5077] close(5)                    = 0
[pid  5077] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5077] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5077] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5077] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5077] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5077] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5077] exit_group(0)               = ?
[pid  5077] +++ exited with 0 +++
[pid  5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
[pid  5068] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5068] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5068] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(3, 0x555556447620 /* 7 entries */, 32768) = 208
[pid  5068] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5068] unlink("./6/binderfs")      = 0
[pid  5068] umount2("./6/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./6/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0
[pid  5068] unlink("./6/cgroup")        = 0
[pid  5068] umount2("./6/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./6/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./6/cgroup.net")    = 0
[pid  5068] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5068] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5068] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(4, 0x55555644f660 /* 2 entries */, 32768) = 48
[pid  5068] getdents64(4, 0x55555644f660 /* 0 entries */, 32768) = 0
[pid  5068] close(4)                    = 0
[pid  5068] rmdir("./6/file0")          = 0
[pid  5068] umount2("./6/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./6/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./6/cgroup.cpu")    = 0
[pid  5068] getdents64(3, 0x555556447620 /* 0 entries */, 32768) = 0
[pid  5068] close(3)                    = 0
[pid  5068] rmdir("./6")                = 0
[pid  5068] mkdir("./7", 0777)          = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5068] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5068] close(3)                    = 0
[pid  5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564465d0) = 9
./strace-static-x86_64: Process 5078 attached
[   56.463746][ T5077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   56.471720][ T5077] R13: 00007ffc8be11fb0 R14: 00007ffc8be11f70 R15: 0000000000000006
[   56.479873][ T5077]  </TASK>
[pid  5078] chdir("./7")                = 0
[pid  5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5078] setpgid(0, 0)               = 0
[pid  5078] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0
[pid  5078] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0
[pid  5078] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0
[pid  5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5078] write(3, "1000", 4)         = 4
[pid  5078] close(3)                    = 0
[pid  5078] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5078] memfd_create("syzkaller", 0) = 3
[pid  5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6251db7000
[pid  5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  5078] munmap(0x7f6251db7000, 32768) = 0
[pid  5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5078] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5078] close(3)                    = 0
[pid  5078] mkdir("./file0", 0777)      = 0
[pid  5078] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5078] chdir("./file0")            = 0
[pid  5078] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5078] close(4)                    = 0
[pid  5078] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  5078] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5078] write(5, "13", 2)           = 2
[   56.550474][ T5078] loop0: detected capacity change from 0 to 64
[   56.578418][ T5078] FAULT_INJECTION: forcing a failure.
[   56.578418][ T5078] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   56.591801][ T5078] CPU: 0 PID: 5078 Comm: syz-executor247 Not tainted 6.3.0-rc3-syzkaller-00029-g9fd6ba5420ba #0
[   56.602328][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   56.612407][ T5078] Call Trace:
[   56.615688][ T5078]  <TASK>
[   56.618629][ T5078]  dump_stack_lvl+0x1e7/0x2d0
[   56.623311][ T5078]  ? nf_tcp_handle_invalid+0x650/0x650
[   56.628772][ T5078]  ? panic+0x770/0x770
[   56.632846][ T5078]  should_fail_ex+0x3aa/0x4e0
[   56.637543][ T5078]  prepare_alloc_pages+0x1d9/0x5b0
[   56.642675][ T5078]  __alloc_pages+0x165/0x670
[   56.647262][ T5078]  ? zone_statistics+0x170/0x170
[   56.652296][ T5078]  folio_alloc+0x1e/0x60
[   56.656538][ T5078]  filemap_alloc_folio+0xde/0x500
[   56.661555][ T5078]  ? rcu_lock_release+0x5/0x30
[   56.666314][ T5078]  ? filemap_add_folio+0x580/0x580
[   56.671417][ T5078]  ? xas_descend+0x223/0x440
[   56.676006][ T5078]  ? xas_load+0x12c/0x140
[   56.680342][ T5078]  __filemap_get_folio+0x719/0xe50
[   56.685471][ T5078]  ? page_cache_prev_miss+0x500/0x500
[   56.690837][ T5078]  ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[   56.696829][ T5078]  ? exc_page_fault+0x4fc/0x7c0
[   56.701683][ T5078]  pagecache_get_page+0x2c/0x240
[   56.706624][ T5078]  ? hfs_free_extents+0x420/0x420
[   56.711643][ T5078]  block_write_begin+0x32/0x1f0
[   56.716526][ T5078]  ? cont_write_begin+0x626/0x880
[   56.721550][ T5078]  cont_write_begin+0x643/0x880
[   56.726422][ T5078]  ? fault_in_readable+0x1cc/0x350
[   56.731526][ T5078]  ? generic_cont_expand_simple+0x2a0/0x2a0
[   56.737416][ T5078]  ? fault_in_readable+0x20d/0x350
[   56.742524][ T5078]  ? fault_in_safe_writeable+0x260/0x260
[   56.748289][ T5078]  hfs_write_begin+0x8a/0xd0
[   56.752876][ T5078]  ? hfs_free_extents+0x420/0x420
[   56.757905][ T5078]  generic_perform_write+0x300/0x5e0
[   56.763224][ T5078]  ? generic_file_direct_write+0x460/0x460
[   56.769027][ T5078]  ? __file_remove_privs+0x640/0x640
[   56.774311][ T5078]  ? generic_write_checks+0x160/0x1c0
[   56.779684][ T5078]  __generic_file_write_iter+0x17a/0x400
[   56.785314][ T5078]  generic_file_write_iter+0xaf/0x310
[   56.790686][ T5078]  vfs_write+0x7b2/0xbb0
[   56.794933][ T5078]  ? file_end_write+0x250/0x250
[   56.799787][ T5078]  ? lockdep_hardirqs_on+0x98/0x140
[   56.804985][ T5078]  ? __fdget_pos+0x265/0x2f0
[   56.809576][ T5078]  ksys_write+0x1a0/0x2c0
[   56.813914][ T5078]  ? __ia32_sys_read+0x90/0x90
[   56.818691][ T5078]  ? syscall_enter_from_user_mode+0x32/0x260
[   56.824675][ T5078]  ? syscall_enter_from_user_mode+0x8c/0x260
[   56.830669][ T5078]  do_syscall_64+0x41/0xc0
[   56.835085][ T5078]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.840989][ T5078] RIP: 0033:0x7f625a205289
[   56.845404][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   56.865007][ T5078] RSP: 002b:00007ffc8be11f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   56.873418][ T5078] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f625a205289
[   56.881384][ T5078] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   56.889365][ T5078] RBP: 00007ffc8be11f50 R08: 0000000000000002 R09: 00007ffc8be11f60
[pid  5078] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 16384
[pid  5078] close(3)                    = 0
[pid  5078] close(4)                    = 0
[pid  5078] close(5)                    = 0
[pid  5078] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5078] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5078] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5078] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5078] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5078] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5078] exit_group(0)               = ?
[pid  5078] +++ exited with 0 +++
[pid  5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
[pid  5068] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5068] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5068] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(3, 0x555556447620 /* 7 entries */, 32768) = 208
[pid  5068] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
[pid  5068] unlink("./7/binderfs")      = 0
[pid  5068] umount2("./7/cgroup", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./7/cgroup", {st_mode=S_IFLNK|0777, st_size=23, ...}) = 0
[pid  5068] unlink("./7/cgroup")        = 0
[pid  5068] umount2("./7/cgroup.net", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./7/cgroup.net", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./7/cgroup.net")    = 0
[pid  5068] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[pid  5068] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5068] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[pid  5068] getdents64(4, 0x55555644f660 /* 2 entries */, 32768) = 48
[pid  5068] getdents64(4, 0x55555644f660 /* 0 entries */, 32768) = 0
[pid  5068] close(4)                    = 0
[pid  5068] rmdir("./7/file0")          = 0
[pid  5068] umount2("./7/cgroup.cpu", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5068] lstat("./7/cgroup.cpu", {st_mode=S_IFLNK|0777, st_size=19, ...}) = 0
[pid  5068] unlink("./7/cgroup.cpu")    = 0
[pid  5068] getdents64(3, 0x555556447620 /* 0 entries */, 32768) = 0
[pid  5068] close(3)                    = 0
[pid  5068] rmdir("./7")                = 0
[   56.897331][ T5078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   56.905320][ T5078] R13: 00007ffc8be11fb0 R14: 00007ffc8be11f70 R15: 0000000000000007
[   56.913312][ T5078]  </TASK>
[pid  5068] mkdir("./8", 0777)          = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5068] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5068] close(3)                    = 0
[pid  5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached
 <unfinished ...>
[pid  5079] chdir("./8" <unfinished ...>
[pid  5068] <... clone resumed>, child_tidptr=0x5555564465d0) = 10
[pid  5079] <... chdir resumed>)        = 0
[pid  5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5079] setpgid(0, 0)               = 0
[pid  5079] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0
[pid  5079] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0
[pid  5079] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0
[pid  5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5079] write(3, "1000", 4)         = 4
[pid  5079] close(3)                    = 0
[pid  5079] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5079] memfd_create("syzkaller", 0) = 3
[pid  5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6251db7000
[pid  5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  5079] munmap(0x7f6251db7000, 32768) = 0
[pid  5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5079] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5079] close(3)                    = 0
[pid  5079] mkdir("./file0", 0777)      = 0
[pid  5079] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid  5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5079] chdir("./file0")            = 0
[pid  5079] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5079] close(4)                    = 0
[pid  5079] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  5079] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5079] write(5, "13", 2)           = 2
[   56.972571][ T5079] loop0: detected capacity change from 0 to 64
[   57.006552][ T5079] FAULT_INJECTION: forcing a failure.
[   57.006552][ T5079] name failslab, interval 1, probability 0, space 0, times 1
[   57.019958][ T5079] CPU: 1 PID: 5079 Comm: syz-executor247 Not tainted 6.3.0-rc3-syzkaller-00029-g9fd6ba5420ba #0
[   57.030401][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   57.040457][ T5079] Call Trace:
[   57.043736][ T5079]  <TASK>
[   57.046748][ T5079]  dump_stack_lvl+0x1e7/0x2d0
[   57.051439][ T5079]  ? nf_tcp_handle_invalid+0x650/0x650
[   57.056925][ T5079]  ? panic+0x770/0x770
[   57.061017][ T5079]  should_fail_ex+0x3aa/0x4e0
[   57.065711][ T5079]  should_failslab+0x9/0x20
[   57.070399][ T5079]  slab_pre_alloc_hook+0x59/0x2b0
[   57.075438][ T5079]  ? __hfs_bnode_create+0xf8/0x7b0
[   57.080559][ T5079]  __kmem_cache_alloc_node+0x4b/0x290
[   57.085958][ T5079]  ? __hfs_bnode_create+0xf8/0x7b0
[   57.091067][ T5079]  __kmalloc+0xa8/0x230
[   57.095573][ T5079]  __hfs_bnode_create+0xf8/0x7b0
[   57.100517][ T5079]  ? do_raw_spin_lock+0x14d/0x3a0
[   57.105539][ T5079]  ? hfs_bnode_get+0x40/0x40
[   57.110388][ T5079]  ? do_raw_spin_unlock+0x13b/0x8b0
[   57.115587][ T5079]  hfs_bnode_create+0x124/0x440
[   57.120435][ T5079]  hfs_bmap_alloc+0x5a6/0x640
[   57.125113][ T5079]  ? hfs_bmap_reserve+0x3f0/0x3f0
[   57.130142][ T5079]  hfs_btree_inc_height+0x11e/0xd20
[   57.135345][ T5079]  ? hfs_brec_insert+0xbd0/0xbd0
[   57.140309][ T5079]  ? __mutex_trylock_common+0x182/0x2e0
[   57.145855][ T5079]  ? __might_sleep+0xc0/0xc0
[   57.150463][ T5079]  hfs_brec_insert+0x15b/0xbd0
[   57.155228][ T5079]  ? rcu_is_watching+0x15/0xb0
[   57.160015][ T5079]  ? trace_contention_end+0x3c/0xf0
[   57.165243][ T5079]  ? hfs_brec_find+0x197/0x570
[   57.170020][ T5079]  ? hfs_brec_keylen+0x360/0x360
[   57.174976][ T5079]  ? mutex_lock_io_nested+0x60/0x60
[   57.180196][ T5079]  __hfs_ext_write_extent+0x2f2/0x4f0
[   57.185752][ T5079]  __hfs_ext_cache_extent+0x6a/0x990
[   57.191055][ T5079]  ? mutex_lock_nested+0x1b/0x20
[   57.196010][ T5079]  ? hfs_find_init+0x16e/0x1f0
[   57.200834][ T5079]  hfs_extend_file+0x344/0x1440
[   57.205863][ T5079]  ? hfs_get_block+0xb60/0xb60
[   57.210627][ T5079]  ? find_lock_entries+0x1100/0x1100
[   57.215926][ T5079]  ? clean_bdev_aliases+0x7f9/0x920
[   57.221607][ T5079]  hfs_get_block+0x3e4/0xb60
[   57.227113][ T5079]  ? hfs_free_extents+0x420/0x420
[   57.232160][ T5079]  ? create_page_buffers+0x24e/0x4c0
[   57.237711][ T5079]  __block_write_begin_int+0x548/0x1a50
[   57.243275][ T5079]  ? hfs_free_extents+0x420/0x420
[   57.248326][ T5079]  ? page_zero_new_buffers+0x660/0x660
[   57.253786][ T5079]  ? PageHeadHuge+0xa5/0x1d0
[   57.258380][ T5079]  ? hfs_free_extents+0x420/0x420
[   57.263403][ T5079]  block_write_begin+0x9c/0x1f0
[   57.268282][ T5079]  ? cont_write_begin+0x626/0x880
[   57.273307][ T5079]  cont_write_begin+0x643/0x880
[   57.278178][ T5079]  ? fault_in_readable+0x1cc/0x350
[   57.283298][ T5079]  ? generic_cont_expand_simple+0x2a0/0x2a0
[   57.289214][ T5079]  ? fault_in_readable+0x20d/0x350
[   57.294337][ T5079]  ? fault_in_safe_writeable+0x260/0x260
[   57.299980][ T5079]  hfs_write_begin+0x8a/0xd0
[   57.304587][ T5079]  ? hfs_free_extents+0x420/0x420
[   57.309711][ T5079]  generic_perform_write+0x300/0x5e0
[   57.315008][ T5079]  ? generic_file_direct_write+0x460/0x460
[   57.320843][ T5079]  ? __file_remove_privs+0x640/0x640
[   57.326136][ T5079]  ? generic_write_checks+0x160/0x1c0
[   57.331509][ T5079]  __generic_file_write_iter+0x17a/0x400
[   57.337168][ T5079]  generic_file_write_iter+0xaf/0x310
[   57.342541][ T5079]  vfs_write+0x7b2/0xbb0
[   57.346807][ T5079]  ? file_end_write+0x250/0x250
[   57.351680][ T5079]  ? lockdep_hardirqs_on+0x98/0x140
[   57.356883][ T5079]  ? __fdget_pos+0x265/0x2f0
[   57.361484][ T5079]  ksys_write+0x1a0/0x2c0
[   57.365829][ T5079]  ? __ia32_sys_read+0x90/0x90
[   57.370627][ T5079]  ? syscall_enter_from_user_mode+0x32/0x260
[   57.376610][ T5079]  ? syscall_enter_from_user_mode+0x8c/0x260
[   57.382590][ T5079]  do_syscall_64+0x41/0xc0
[   57.387007][ T5079]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.392898][ T5079] RIP: 0033:0x7f625a205289
[   57.397307][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.416909][ T5079] RSP: 002b:00007ffc8be11f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   57.425319][ T5079] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f625a205289
[   57.433286][ T5079] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   57.441250][ T5079] RBP: 00007ffc8be11f50 R08: 0000000000000002 R09: 00007ffc8be11f60
[   57.449217][ T5079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   57.457179][ T5079] R13: 00007ffc8be11fb0 R14: 00007ffc8be11f70 R15: 0000000000000008
[   57.465170][ T5079]  </TASK>
[   57.469430][ T5079] hfs: new node 0 already hashed?
[   57.475666][ T5079] ------------[ cut here ]------------
[   57.481240][ T5079] WARNING: CPU: 1 PID: 5079 at fs/hfs/bnode.c:422 hfs_bnode_create+0x3b1/0x440
[   57.490259][ T5079] Modules linked in:
[   57.494211][ T5079] CPU: 1 PID: 5079 Comm: syz-executor247 Not tainted 6.3.0-rc3-syzkaller-00029-g9fd6ba5420ba #0
[   57.504681][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   57.514813][ T5079] RIP: 0010:hfs_bnode_create+0x3b1/0x440
[   57.520454][ T5079] Code: 8a 44 89 e6 e8 d0 3d 3e 08 e9 7c fd ff ff e8 e6 6d 2a ff 4c 89 ff e8 fe 22 4a 08 48 c7 c7 e0 8e ff 8a 44 89 e6 e8 af 3d 3e 08 <0f> 0b eb b5 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 89 fc ff ff 48 89
[   57.540145][ T5079] RSP: 0018:ffffc90003aeef98 EFLAGS: 00010246
[   57.546264][ T5079] RAX: 000000000000001f RBX: ffff88801f1d0b00 RCX: 49aae03f34d4b700
[   57.554664][ T5079] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   57.562655][ T5079] RBP: 0000000000000000 R08: ffffffff816dfe9c R09: fffff5200075dd6d
[   57.570877][ T5079] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[   57.578929][ T5079] R13: dffffc0000000000 R14: ffff88807b3aa000 R15: ffff88807b3aa0e0
[   57.587186][ T5079] FS:  0000555556446300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   57.596198][ T5079] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   57.602802][ T5079] CR2: 000055555644f628 CR3: 0000000024040000 CR4: 00000000003506e0
[   57.610829][ T5079] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   57.618871][ T5079] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   57.626927][ T5079] Call Trace:
[   57.630265][ T5079]  <TASK>
[   57.633221][ T5079]  hfs_bmap_alloc+0x5a6/0x640
[   57.637979][ T5079]  ? hfs_bmap_reserve+0x3f0/0x3f0
[   57.643042][ T5079]  hfs_btree_inc_height+0x11e/0xd20
[   57.648501][ T5079]  ? hfs_brec_insert+0x6e0/0xbd0
[   57.653527][ T5079]  ? hfs_brec_insert+0xbd0/0xbd0
[   57.658479][ T5079]  ? do_raw_spin_unlock+0x13b/0x8b0
[   57.663731][ T5079]  ? hfs_bnode_put+0x1c0/0x370
[   57.668523][ T5079]  hfs_brec_insert+0x723/0xbd0
[   57.673315][ T5079]  ? hfs_brec_keylen+0x360/0x360
[   57.678386][ T5079]  ? mutex_lock_io_nested+0x60/0x60
[   57.683950][ T5079]  __hfs_ext_write_extent+0x2f2/0x4f0
[   57.689538][ T5079]  __hfs_ext_cache_extent+0x6a/0x990
[   57.694901][ T5079]  ? mutex_lock_nested+0x1b/0x20
[   57.699862][ T5079]  ? hfs_find_init+0x16e/0x1f0
[   57.704788][ T5079]  hfs_extend_file+0x344/0x1440
[   57.709758][ T5079]  ? hfs_get_block+0xb60/0xb60
[   57.714893][ T5079]  ? find_lock_entries+0x1100/0x1100
[   57.720236][ T5079]  ? clean_bdev_aliases+0x7f9/0x920
[   57.725570][ T5079]  hfs_get_block+0x3e4/0xb60
[   57.730215][ T5079]  ? hfs_free_extents+0x420/0x420
[   57.735321][ T5079]  ? create_page_buffers+0x24e/0x4c0
[   57.740626][ T5079]  __block_write_begin_int+0x548/0x1a50
[   57.746355][ T5079]  ? hfs_free_extents+0x420/0x420
[   57.751410][ T5079]  ? page_zero_new_buffers+0x660/0x660
[   57.756938][ T5079]  ? PageHeadHuge+0xa5/0x1d0
[   57.761564][ T5079]  ? hfs_free_extents+0x420/0x420
[   57.766680][ T5079]  block_write_begin+0x9c/0x1f0
[   57.771564][ T5079]  ? cont_write_begin+0x626/0x880
[   57.776776][ T5079]  cont_write_begin+0x643/0x880
[   57.781670][ T5079]  ? fault_in_readable+0x1cc/0x350
[   57.786945][ T5079]  ? generic_cont_expand_simple+0x2a0/0x2a0
[   57.792867][ T5079]  ? fault_in_readable+0x20d/0x350
[   57.798074][ T5079]  ? fault_in_safe_writeable+0x260/0x260
[   57.803803][ T5079]  hfs_write_begin+0x8a/0xd0
[   57.808394][ T5079]  ? hfs_free_extents+0x420/0x420
[   57.813495][ T5079]  generic_perform_write+0x300/0x5e0
[   57.818976][ T5079]  ? generic_file_direct_write+0x460/0x460
[   57.824845][ T5079]  ? __file_remove_privs+0x640/0x640
[   57.830160][ T5079]  ? generic_write_checks+0x160/0x1c0
[   57.835738][ T5079]  __generic_file_write_iter+0x17a/0x400
[   57.841406][ T5079]  generic_file_write_iter+0xaf/0x310
[   57.846879][ T5079]  vfs_write+0x7b2/0xbb0
[   57.851172][ T5079]  ? file_end_write+0x250/0x250
[   57.856114][ T5079]  ? lockdep_hardirqs_on+0x98/0x140
[   57.861447][ T5079]  ? __fdget_pos+0x265/0x2f0
[   57.866110][ T5079]  ksys_write+0x1a0/0x2c0
[   57.870470][ T5079]  ? __ia32_sys_read+0x90/0x90
[   57.875304][ T5079]  ? syscall_enter_from_user_mode+0x32/0x260
[   57.881301][ T5079]  ? syscall_enter_from_user_mode+0x8c/0x260
[   57.887565][ T5079]  do_syscall_64+0x41/0xc0
[   57.892099][ T5079]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.898178][ T5079] RIP: 0033:0x7f625a205289
[   57.902642][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   57.922368][ T5079] RSP: 002b:00007ffc8be11f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   57.930832][ T5079] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f625a205289
[   57.938884][ T5079] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   57.946921][ T5079] RBP: 00007ffc8be11f50 R08: 0000000000000002 R09: 00007ffc8be11f60
[   57.954961][ T5079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   57.962940][ T5079] R13: 00007ffc8be11fb0 R14: 00007ffc8be11f70 R15: 0000000000000008
[   57.971054][ T5079]  </TASK>
[   57.974303][ T5079] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   57.981676][ T5079] CPU: 1 PID: 5079 Comm: syz-executor247 Not tainted 6.3.0-rc3-syzkaller-00029-g9fd6ba5420ba #0
[   57.992084][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   58.002142][ T5079] Call Trace:
[   58.005421][ T5079]  <TASK>
[   58.008376][ T5079]  dump_stack_lvl+0x1e7/0x2d0
[   58.013061][ T5079]  ? nf_tcp_handle_invalid+0x650/0x650
[   58.018531][ T5079]  ? panic+0x770/0x770
[   58.022603][ T5079]  ? vscnprintf+0x5d/0x80
[   58.026932][ T5079]  panic+0x31c/0x770
[   58.030840][ T5079]  ? __warn+0x171/0x4a0
[   58.034993][ T5079]  ? memcpy_page_flushcache+0x100/0x100
[   58.040545][ T5079]  __warn+0x314/0x4a0
[   58.044524][ T5079]  ? hfs_bnode_create+0x3b1/0x440
[   58.049633][ T5079]  report_bug+0x2b3/0x500
[   58.053974][ T5079]  ? hfs_bnode_create+0x3b1/0x440
[   58.059104][ T5079]  handle_bug+0x3d/0x70
[   58.063260][ T5079]  exc_invalid_op+0x1a/0x50
[   58.067833][ T5079]  asm_exc_invalid_op+0x1a/0x20
[   58.072683][ T5079] RIP: 0010:hfs_bnode_create+0x3b1/0x440
[   58.078337][ T5079] Code: 8a 44 89 e6 e8 d0 3d 3e 08 e9 7c fd ff ff e8 e6 6d 2a ff 4c 89 ff e8 fe 22 4a 08 48 c7 c7 e0 8e ff 8a 44 89 e6 e8 af 3d 3e 08 <0f> 0b eb b5 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 89 fc ff ff 48 89
[   58.097941][ T5079] RSP: 0018:ffffc90003aeef98 EFLAGS: 00010246
[   58.104006][ T5079] RAX: 000000000000001f RBX: ffff88801f1d0b00 RCX: 49aae03f34d4b700
[   58.112014][ T5079] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[   58.120017][ T5079] RBP: 0000000000000000 R08: ffffffff816dfe9c R09: fffff5200075dd6d
[   58.128006][ T5079] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[   58.135987][ T5079] R13: dffffc0000000000 R14: ffff88807b3aa000 R15: ffff88807b3aa0e0
[   58.143964][ T5079]  ? __wake_up_klogd+0xcc/0x100
[   58.148832][ T5079]  ? hfs_bnode_create+0x3b1/0x440
[   58.153856][ T5079]  hfs_bmap_alloc+0x5a6/0x640
[   58.158536][ T5079]  ? hfs_bmap_reserve+0x3f0/0x3f0
[   58.163562][ T5079]  hfs_btree_inc_height+0x11e/0xd20
[   58.168776][ T5079]  ? hfs_brec_insert+0x6e0/0xbd0
[   58.173711][ T5079]  ? hfs_brec_insert+0xbd0/0xbd0
[   58.178646][ T5079]  ? do_raw_spin_unlock+0x13b/0x8b0
[   58.183890][ T5079]  ? hfs_bnode_put+0x1c0/0x370
[   58.188677][ T5079]  hfs_brec_insert+0x723/0xbd0
[   58.193493][ T5079]  ? hfs_brec_keylen+0x360/0x360
[   58.198438][ T5079]  ? mutex_lock_io_nested+0x60/0x60
[   58.203683][ T5079]  __hfs_ext_write_extent+0x2f2/0x4f0
[   58.209086][ T5079]  __hfs_ext_cache_extent+0x6a/0x990
[   58.214389][ T5079]  ? mutex_lock_nested+0x1b/0x20
[   58.219535][ T5079]  ? hfs_find_init+0x16e/0x1f0
[   58.224365][ T5079]  hfs_extend_file+0x344/0x1440
[   58.229250][ T5079]  ? hfs_get_block+0xb60/0xb60
[   58.234032][ T5079]  ? find_lock_entries+0x1100/0x1100
[   58.239328][ T5079]  ? clean_bdev_aliases+0x7f9/0x920
[   58.244624][ T5079]  hfs_get_block+0x3e4/0xb60
[   58.249221][ T5079]  ? hfs_free_extents+0x420/0x420
[   58.254251][ T5079]  ? create_page_buffers+0x24e/0x4c0
[   58.259548][ T5079]  __block_write_begin_int+0x548/0x1a50
[   58.265109][ T5079]  ? hfs_free_extents+0x420/0x420
[   58.270130][ T5079]  ? page_zero_new_buffers+0x660/0x660
[   58.275590][ T5079]  ? PageHeadHuge+0xa5/0x1d0
[   58.280270][ T5079]  ? hfs_free_extents+0x420/0x420
[   58.285428][ T5079]  block_write_begin+0x9c/0x1f0
[   58.290309][ T5079]  ? cont_write_begin+0x626/0x880
[   58.295357][ T5079]  cont_write_begin+0x643/0x880
[   58.300308][ T5079]  ? fault_in_readable+0x1cc/0x350
[   58.305441][ T5079]  ? generic_cont_expand_simple+0x2a0/0x2a0
[   58.311369][ T5079]  ? fault_in_readable+0x20d/0x350
[   58.316494][ T5079]  ? fault_in_safe_writeable+0x260/0x260
[   58.322135][ T5079]  hfs_write_begin+0x8a/0xd0
[   58.326744][ T5079]  ? hfs_free_extents+0x420/0x420
[   58.331790][ T5079]  generic_perform_write+0x300/0x5e0
[   58.337135][ T5079]  ? generic_file_direct_write+0x460/0x460
[   58.342981][ T5079]  ? __file_remove_privs+0x640/0x640
[   58.348281][ T5079]  ? generic_write_checks+0x160/0x1c0
[   58.353659][ T5079]  __generic_file_write_iter+0x17a/0x400
[   58.359314][ T5079]  generic_file_write_iter+0xaf/0x310
[   58.364702][ T5079]  vfs_write+0x7b2/0xbb0
[   58.369055][ T5079]  ? file_end_write+0x250/0x250
[   58.373941][ T5079]  ? lockdep_hardirqs_on+0x98/0x140
[   58.379148][ T5079]  ? __fdget_pos+0x265/0x2f0
[   58.384352][ T5079]  ksys_write+0x1a0/0x2c0
[   58.388686][ T5079]  ? __ia32_sys_read+0x90/0x90
[   58.393451][ T5079]  ? syscall_enter_from_user_mode+0x32/0x260
[   58.399431][ T5079]  ? syscall_enter_from_user_mode+0x8c/0x260
[   58.405433][ T5079]  do_syscall_64+0x41/0xc0
[   58.409851][ T5079]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.415762][ T5079] RIP: 0033:0x7f625a205289
[   58.420199][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   58.440051][ T5079] RSP: 002b:00007ffc8be11f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   58.448487][ T5079] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f625a205289
[   58.456506][ T5079] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[   58.464479][ T5079] RBP: 00007ffc8be11f50 R08: 0000000000000002 R09: 00007ffc8be11f60
[   58.472557][ T5079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[   58.480525][ T5079] R13: 00007ffc8be11fb0 R14: 00007ffc8be11f70 R15: 0000000000000008
[   58.488508][ T5079]  </TASK>
[   58.492095][ T5079] Kernel Offset: disabled
[   58.496502][ T5079] Rebooting in 86400 seconds..