./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor681891101
<...>
Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts.
execve("./syz-executor681891101", ["./syz-executor681891101"], 0x7ffc21036330 /* 10 vars */) = 0
brk(NULL) = 0x5555571ac000
brk(0x5555571acc40) = 0x5555571acc40
arch_prctl(ARCH_SET_FS, 0x5555571ac300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor681891101", 4096) = 27
brk(0x5555571cdc40) = 0x5555571cdc40
brk(0x5555571ce000) = 0x5555571ce000
mprotect(0x7f345c14f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 4989
mkdir("./syzkaller.o6Y5ot", 0700) = 0
chmod("./syzkaller.o6Y5ot", 0777) = 0
chdir("./syzkaller.o6Y5ot") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 4990
./strace-static-x86_64: Process 4990 attached
[pid 4990] chdir("./0") = 0
[pid 4990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4990] setpgid(0, 0) = 0
[pid 4990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4990] write(3, "1000", 4) = 4
[pid 4990] close(3) = 0
[pid 4990] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4990] memfd_create("syzkaller", 0) = 3
[pid 4990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 4990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 4990] munmap(0x7f3453c93000, 32768) = 0
[pid 4990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4990] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4990] close(3) = 0
[pid 4990] mkdir("./bus", 0777) = 0
[pid 4990] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 4990] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 4990] chdir("./bus") = 0
[pid 4990] ioctl(4, LOOP_CLR_FD) = 0
[pid 4990] close(4) = 0
[ 53.585075][ T4990] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4990 'syz-executor681'
[ 53.603076][ T4990] loop0: detected capacity change from 0 to 64
[ 53.615017][ T4990] hfs: unable to locate alternate MDB
[ 53.620503][ T4990] hfs: continuing without an alternate MDB
[pid 4990] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 4990] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 4990] write(5, "9", 1) = 1
[ 53.638853][ T4990] FAULT_INJECTION: forcing a failure.
[ 53.638853][ T4990] name failslab, interval 1, probability 0, space 0, times 1
[ 53.651885][ T4990] CPU: 1 PID: 4990 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 53.661963][ T4990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 53.672004][ T4990] Call Trace:
[ 53.675273][ T4990]
[ 53.678203][ T4990] dump_stack_lvl+0x1e7/0x2d0
[ 53.682921][ T4990] ? nf_tcp_handle_invalid+0x650/0x650
[ 53.688371][ T4990] ? panic+0x770/0x770
[ 53.692429][ T4990] ? rcu_is_watching+0x15/0xb0
[ 53.697181][ T4990] ? trace_contention_end+0x3c/0xf0
[ 53.702369][ T4990] should_fail_ex+0x3aa/0x4e0
[ 53.707037][ T4990] should_failslab+0x9/0x20
[ 53.711536][ T4990] slab_pre_alloc_hook+0x59/0x2b0
[ 53.716585][ T4990] ? hfs_find_init+0x90/0x1f0
[ 53.721252][ T4990] __kmem_cache_alloc_node+0x4b/0x290
[ 53.726614][ T4990] ? hfs_find_init+0x90/0x1f0
[ 53.731304][ T4990] __kmalloc+0xa8/0x230
[ 53.735450][ T4990] hfs_find_init+0x90/0x1f0
[ 53.739956][ T4990] hfs_extend_file+0x31b/0x1440
[ 53.744846][ T4990] ? hfs_get_block+0xb60/0xb60
[ 53.749612][ T4990] ? find_lock_entries+0x10f0/0x10f0
[ 53.754899][ T4990] ? clean_bdev_aliases+0x7f9/0x920
[ 53.760102][ T4990] hfs_get_block+0x3e4/0xb60
[ 53.764694][ T4990] ? hfs_free_extents+0x420/0x420
[ 53.769727][ T4990] ? _raw_spin_unlock+0x28/0x40
[ 53.774566][ T4990] ? folio_create_buffers+0x132/0x250
[ 53.779929][ T4990] __block_write_begin_int+0x548/0x1a50
[ 53.785463][ T4990] ? folio_add_lru+0x353/0x6f0
[ 53.790235][ T4990] ? hfs_free_extents+0x420/0x420
[ 53.795252][ T4990] ? PageUptodate+0x290/0x290
[ 53.799917][ T4990] ? folio_test_hugetlb+0xa0/0x1d0
[ 53.805022][ T4990] ? pagecache_get_page+0xeb/0x220
[ 53.810123][ T4990] ? hfs_free_extents+0x420/0x420
[ 53.815142][ T4990] block_write_begin+0x9c/0x1f0
[ 53.819981][ T4990] ? cont_write_begin+0x626/0x880
[ 53.824997][ T4990] cont_write_begin+0x643/0x880
[ 53.829844][ T4990] ? fault_in_readable+0x1db/0x350
[ 53.834957][ T4990] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 53.840849][ T4990] ? fault_in_readable+0x21c/0x350
[ 53.845964][ T4990] ? fault_in_safe_writeable+0x260/0x260
[ 53.851605][ T4990] hfs_write_begin+0x8a/0xd0
[ 53.856196][ T4990] ? hfs_free_extents+0x420/0x420
[ 53.861218][ T4990] generic_perform_write+0x300/0x5e0
[ 53.866503][ T4990] ? generic_file_direct_write+0x460/0x460
[ 53.872308][ T4990] ? __file_remove_privs+0x640/0x640
[ 53.877601][ T4990] ? generic_write_checks+0x160/0x1c0
[ 53.882975][ T4990] __generic_file_write_iter+0x17a/0x400
[ 53.888606][ T4990] generic_file_write_iter+0xaf/0x310
[ 53.893971][ T4990] vfs_write+0x7ec/0xc10
[ 53.898213][ T4990] ? _raw_spin_lock_irqsave+0x120/0x120
[ 53.903756][ T4990] ? file_end_write+0x250/0x250
[ 53.908606][ T4990] ? lockdep_hardirqs_on+0x98/0x140
[ 53.913795][ T4990] ? __fdget_pos+0x265/0x2f0
[ 53.918375][ T4990] ksys_write+0x1a0/0x2c0
[ 53.922705][ T4990] ? __ia32_sys_read+0x90/0x90
[ 53.927466][ T4990] ? syscall_enter_from_user_mode+0x32/0x230
[ 53.933440][ T4990] ? syscall_enter_from_user_mode+0x8c/0x230
[ 53.939416][ T4990] do_syscall_64+0x41/0xc0
[ 53.943832][ T4990] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.949718][ T4990] RIP: 0033:0x7f345c0e09f9
[ 53.954125][ T4990] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 53.973736][ T4990] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 53.982142][ T4990] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[pid 4990] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 4990] exit_group(0) = ?
[pid 4990] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4990, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/bus") = 0
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 4992
./strace-static-x86_64: Process 4992 attached
[pid 4992] chdir("./1") = 0
[pid 4992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4992] setpgid(0, 0) = 0
[pid 4992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4992] write(3, "1000", 4) = 4
[pid 4992] close(3) = 0
[pid 4992] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4992] memfd_create("syzkaller", 0) = 3
[pid 4992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 4992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[ 53.990110][ T4990] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 53.998071][ T4990] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 54.006036][ T4990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 54.014004][ T4990] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000000
[ 54.021982][ T4990]
[pid 4992] munmap(0x7f3453c93000, 32768) = 0
[pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4992] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4992] close(3) = 0
[pid 4992] mkdir("./bus", 0777) = 0
[pid 4992] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 4992] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 4992] chdir("./bus") = 0
[pid 4992] ioctl(4, LOOP_CLR_FD) = 0
[pid 4992] close(4) = 0
[pid 4992] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 4992] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 4992] write(5, "9", 1) = 1
[ 54.072712][ T4992] loop0: detected capacity change from 0 to 64
[ 54.082703][ T4992] hfs: unable to locate alternate MDB
[ 54.088310][ T4992] hfs: continuing without an alternate MDB
[ 54.106965][ T4992] FAULT_INJECTION: forcing a failure.
[ 54.106965][ T4992] name failslab, interval 1, probability 0, space 0, times 0
[ 54.120038][ T4992] CPU: 1 PID: 4992 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 54.130129][ T4992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 54.140206][ T4992] Call Trace:
[ 54.143477][ T4992]
[ 54.146396][ T4992] dump_stack_lvl+0x1e7/0x2d0
[ 54.151083][ T4992] ? nf_tcp_handle_invalid+0x650/0x650
[ 54.156557][ T4992] ? panic+0x770/0x770
[ 54.160645][ T4992] ? rcu_is_watching+0x15/0xb0
[ 54.165418][ T4992] ? trace_contention_end+0x3c/0xf0
[ 54.170621][ T4992] should_fail_ex+0x3aa/0x4e0
[ 54.175308][ T4992] should_failslab+0x9/0x20
[ 54.179817][ T4992] slab_pre_alloc_hook+0x59/0x2b0
[ 54.184833][ T4992] ? hfs_find_init+0x90/0x1f0
[ 54.189518][ T4992] __kmem_cache_alloc_node+0x4b/0x290
[ 54.194881][ T4992] ? hfs_find_init+0x90/0x1f0
[ 54.199548][ T4992] __kmalloc+0xa8/0x230
[ 54.203704][ T4992] hfs_find_init+0x90/0x1f0
[ 54.208200][ T4992] hfs_extend_file+0x31b/0x1440
[ 54.213046][ T4992] ? hfs_get_block+0xb60/0xb60
[ 54.217804][ T4992] ? find_lock_entries+0x10f0/0x10f0
[ 54.223088][ T4992] ? clean_bdev_aliases+0x7f9/0x920
[ 54.228274][ T4992] hfs_get_block+0x3e4/0xb60
[ 54.232875][ T4992] ? hfs_free_extents+0x420/0x420
[ 54.237909][ T4992] ? _raw_spin_unlock+0x28/0x40
[ 54.242746][ T4992] ? folio_create_buffers+0x132/0x250
[ 54.248168][ T4992] __block_write_begin_int+0x548/0x1a50
[ 54.253712][ T4992] ? folio_add_lru+0x353/0x6f0
[ 54.258489][ T4992] ? hfs_free_extents+0x420/0x420
[ 54.263509][ T4992] ? PageUptodate+0x290/0x290
[ 54.268181][ T4992] ? folio_test_hugetlb+0xa0/0x1d0
[ 54.273288][ T4992] ? pagecache_get_page+0xeb/0x220
[ 54.278386][ T4992] ? hfs_free_extents+0x420/0x420
[ 54.283410][ T4992] block_write_begin+0x9c/0x1f0
[ 54.288266][ T4992] ? cont_write_begin+0x626/0x880
[ 54.293283][ T4992] cont_write_begin+0x643/0x880
[ 54.298139][ T4992] ? fault_in_readable+0x1db/0x350
[ 54.303257][ T4992] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 54.309140][ T4992] ? fault_in_readable+0x21c/0x350
[ 54.314252][ T4992] ? fault_in_safe_writeable+0x260/0x260
[ 54.319899][ T4992] hfs_write_begin+0x8a/0xd0
[ 54.324482][ T4992] ? hfs_free_extents+0x420/0x420
[ 54.329501][ T4992] generic_perform_write+0x300/0x5e0
[ 54.334782][ T4992] ? generic_file_direct_write+0x460/0x460
[ 54.340575][ T4992] ? __file_remove_privs+0x640/0x640
[ 54.345850][ T4992] ? generic_write_checks+0x160/0x1c0
[ 54.351231][ T4992] __generic_file_write_iter+0x17a/0x400
[ 54.356858][ T4992] generic_file_write_iter+0xaf/0x310
[ 54.362221][ T4992] vfs_write+0x7ec/0xc10
[ 54.366456][ T4992] ? _raw_spin_lock_irqsave+0x120/0x120
[ 54.371993][ T4992] ? file_end_write+0x250/0x250
[ 54.376844][ T4992] ? lockdep_hardirqs_on+0x98/0x140
[ 54.382036][ T4992] ? __fdget_pos+0x265/0x2f0
[ 54.386620][ T4992] ksys_write+0x1a0/0x2c0
[ 54.390946][ T4992] ? __ia32_sys_read+0x90/0x90
[ 54.395703][ T4992] ? syscall_enter_from_user_mode+0x32/0x230
[ 54.401700][ T4992] ? syscall_enter_from_user_mode+0x8c/0x230
[ 54.407686][ T4992] do_syscall_64+0x41/0xc0
[ 54.412095][ T4992] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.417976][ T4992] RIP: 0033:0x7f345c0e09f9
[ 54.422390][ T4992] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.441996][ T4992] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 54.450406][ T4992] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 54.458379][ T4992] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 54.466338][ T4992] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 4992] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 4992] exit_group(0) = ?
[pid 4992] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4992, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/bus") = 0
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 4993
./strace-static-x86_64: Process 4993 attached
[pid 4993] chdir("./2") = 0
[pid 4993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4993] setpgid(0, 0) = 0
[pid 4993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4993] write(3, "1000", 4) = 4
[pid 4993] close(3) = 0
[pid 4993] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4993] memfd_create("syzkaller", 0) = 3
[pid 4993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[ 54.474315][ T4992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 54.482271][ T4992] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000001
[ 54.490238][ T4992]
[pid 4993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 4993] munmap(0x7f3453c93000, 32768) = 0
[pid 4993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4993] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4993] close(3) = 0
[pid 4993] mkdir("./bus", 0777) = 0
[pid 4993] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 4993] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 4993] chdir("./bus") = 0
[pid 4993] ioctl(4, LOOP_CLR_FD) = 0
[pid 4993] close(4) = 0
[pid 4993] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 4993] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 4993] write(5, "9", 1) = 1
[ 54.534930][ T4993] loop0: detected capacity change from 0 to 64
[ 54.544729][ T4993] hfs: unable to locate alternate MDB
[ 54.550338][ T4993] hfs: continuing without an alternate MDB
[ 54.566326][ T4993] FAULT_INJECTION: forcing a failure.
[ 54.566326][ T4993] name failslab, interval 1, probability 0, space 0, times 0
[ 54.579474][ T4993] CPU: 0 PID: 4993 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 54.589563][ T4993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 54.599614][ T4993] Call Trace:
[ 54.602882][ T4993]
[ 54.605810][ T4993] dump_stack_lvl+0x1e7/0x2d0
[ 54.610527][ T4993] ? nf_tcp_handle_invalid+0x650/0x650
[ 54.615980][ T4993] ? panic+0x770/0x770
[ 54.620041][ T4993] ? rcu_is_watching+0x15/0xb0
[ 54.624794][ T4993] ? trace_contention_end+0x3c/0xf0
[ 54.629980][ T4993] should_fail_ex+0x3aa/0x4e0
[ 54.634652][ T4993] should_failslab+0x9/0x20
[ 54.639157][ T4993] slab_pre_alloc_hook+0x59/0x2b0
[ 54.644189][ T4993] ? hfs_find_init+0x90/0x1f0
[ 54.648851][ T4993] __kmem_cache_alloc_node+0x4b/0x290
[ 54.654214][ T4993] ? hfs_find_init+0x90/0x1f0
[ 54.658890][ T4993] __kmalloc+0xa8/0x230
[ 54.663040][ T4993] hfs_find_init+0x90/0x1f0
[ 54.667546][ T4993] hfs_extend_file+0x31b/0x1440
[ 54.672409][ T4993] ? hfs_get_block+0xb60/0xb60
[ 54.677179][ T4993] ? find_lock_entries+0x10f0/0x10f0
[ 54.682465][ T4993] ? clean_bdev_aliases+0x7f9/0x920
[ 54.687663][ T4993] hfs_get_block+0x3e4/0xb60
[ 54.692263][ T4993] ? hfs_free_extents+0x420/0x420
[ 54.697280][ T4993] ? _raw_spin_unlock+0x28/0x40
[ 54.702115][ T4993] ? folio_create_buffers+0x132/0x250
[ 54.707474][ T4993] __block_write_begin_int+0x548/0x1a50
[ 54.713024][ T4993] ? folio_add_lru+0x353/0x6f0
[ 54.717802][ T4993] ? hfs_free_extents+0x420/0x420
[ 54.722816][ T4993] ? PageUptodate+0x290/0x290
[ 54.727479][ T4993] ? folio_test_hugetlb+0xa0/0x1d0
[ 54.732585][ T4993] ? pagecache_get_page+0xeb/0x220
[ 54.737688][ T4993] ? hfs_free_extents+0x420/0x420
[ 54.742713][ T4993] block_write_begin+0x9c/0x1f0
[ 54.747591][ T4993] ? cont_write_begin+0x626/0x880
[ 54.752781][ T4993] cont_write_begin+0x643/0x880
[ 54.757636][ T4993] ? fault_in_readable+0x1db/0x350
[ 54.762749][ T4993] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 54.768631][ T4993] ? fault_in_readable+0x21c/0x350
[ 54.773741][ T4993] ? fault_in_safe_writeable+0x260/0x260
[ 54.779383][ T4993] hfs_write_begin+0x8a/0xd0
[ 54.783961][ T4993] ? hfs_free_extents+0x420/0x420
[ 54.788977][ T4993] generic_perform_write+0x300/0x5e0
[ 54.794280][ T4993] ? generic_file_direct_write+0x460/0x460
[ 54.800073][ T4993] ? __file_remove_privs+0x640/0x640
[ 54.805347][ T4993] ? generic_write_checks+0x160/0x1c0
[ 54.810708][ T4993] __generic_file_write_iter+0x17a/0x400
[ 54.816333][ T4993] generic_file_write_iter+0xaf/0x310
[ 54.821704][ T4993] vfs_write+0x7ec/0xc10
[ 54.825936][ T4993] ? _raw_spin_lock_irqsave+0x120/0x120
[ 54.831493][ T4993] ? file_end_write+0x250/0x250
[ 54.836341][ T4993] ? lockdep_hardirqs_on+0x98/0x140
[ 54.841538][ T4993] ? __fdget_pos+0x265/0x2f0
[ 54.846137][ T4993] ksys_write+0x1a0/0x2c0
[ 54.850460][ T4993] ? __ia32_sys_read+0x90/0x90
[ 54.855212][ T4993] ? syscall_enter_from_user_mode+0x32/0x230
[ 54.861195][ T4993] ? syscall_enter_from_user_mode+0x8c/0x230
[ 54.867174][ T4993] do_syscall_64+0x41/0xc0
[ 54.871598][ T4993] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.877481][ T4993] RIP: 0033:0x7f345c0e09f9
[ 54.881893][ T4993] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 54.901515][ T4993] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 54.909915][ T4993] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 54.917877][ T4993] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 54.925835][ T4993] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 4993] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 4993] exit_group(0) = ?
[pid 4993] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4993, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/bus") = 0
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 4994
./strace-static-x86_64: Process 4994 attached
[pid 4994] chdir("./3") = 0
[pid 4994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4994] setpgid(0, 0) = 0
[pid 4994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4994] write(3, "1000", 4) = 4
[pid 4994] close(3) = 0
[pid 4994] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4994] memfd_create("syzkaller", 0) = 3
[pid 4994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 4994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 4994] munmap(0x7f3453c93000, 32768) = 0
[pid 4994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 54.933792][ T4993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 54.941749][ T4993] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000002
[ 54.949716][ T4993]
[pid 4994] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4994] close(3) = 0
[pid 4994] mkdir("./bus", 0777) = 0
[pid 4994] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 4994] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 4994] chdir("./bus") = 0
[pid 4994] ioctl(4, LOOP_CLR_FD) = 0
[pid 4994] close(4) = 0
[pid 4994] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 4994] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 4994] write(5, "9", 1) = 1
[ 54.987424][ T4994] loop0: detected capacity change from 0 to 64
[ 54.996671][ T4994] hfs: unable to locate alternate MDB
[ 55.002789][ T4994] hfs: continuing without an alternate MDB
[ 55.018891][ T4994] FAULT_INJECTION: forcing a failure.
[ 55.018891][ T4994] name failslab, interval 1, probability 0, space 0, times 0
[ 55.031613][ T4994] CPU: 1 PID: 4994 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 55.041675][ T4994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 55.051734][ T4994] Call Trace:
[ 55.055000][ T4994]
[ 55.057923][ T4994] dump_stack_lvl+0x1e7/0x2d0
[ 55.062606][ T4994] ? nf_tcp_handle_invalid+0x650/0x650
[ 55.068074][ T4994] ? panic+0x770/0x770
[ 55.072161][ T4994] ? rcu_is_watching+0x15/0xb0
[ 55.076926][ T4994] ? trace_contention_end+0x3c/0xf0
[ 55.082129][ T4994] should_fail_ex+0x3aa/0x4e0
[ 55.086815][ T4994] should_failslab+0x9/0x20
[ 55.091306][ T4994] slab_pre_alloc_hook+0x59/0x2b0
[ 55.096321][ T4994] ? hfs_find_init+0x90/0x1f0
[ 55.100992][ T4994] __kmem_cache_alloc_node+0x4b/0x290
[ 55.106384][ T4994] ? hfs_find_init+0x90/0x1f0
[ 55.111070][ T4994] __kmalloc+0xa8/0x230
[ 55.115225][ T4994] hfs_find_init+0x90/0x1f0
[ 55.119726][ T4994] hfs_extend_file+0x31b/0x1440
[ 55.124575][ T4994] ? hfs_get_block+0xb60/0xb60
[ 55.129337][ T4994] ? find_lock_entries+0x10f0/0x10f0
[ 55.134629][ T4994] ? clean_bdev_aliases+0x7f9/0x920
[ 55.139822][ T4994] hfs_get_block+0x3e4/0xb60
[ 55.144411][ T4994] ? hfs_free_extents+0x420/0x420
[ 55.149431][ T4994] ? _raw_spin_unlock+0x28/0x40
[ 55.154278][ T4994] ? folio_create_buffers+0x132/0x250
[ 55.159668][ T4994] __block_write_begin_int+0x548/0x1a50
[ 55.165224][ T4994] ? folio_add_lru+0x353/0x6f0
[ 55.170004][ T4994] ? hfs_free_extents+0x420/0x420
[ 55.175017][ T4994] ? PageUptodate+0x290/0x290
[ 55.179681][ T4994] ? folio_test_hugetlb+0xa0/0x1d0
[ 55.184790][ T4994] ? pagecache_get_page+0xeb/0x220
[ 55.189894][ T4994] ? hfs_free_extents+0x420/0x420
[ 55.194928][ T4994] block_write_begin+0x9c/0x1f0
[ 55.199767][ T4994] ? cont_write_begin+0x626/0x880
[ 55.204800][ T4994] cont_write_begin+0x643/0x880
[ 55.209667][ T4994] ? fault_in_readable+0x1db/0x350
[ 55.214769][ T4994] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 55.220651][ T4994] ? fault_in_readable+0x21c/0x350
[ 55.225752][ T4994] ? fault_in_safe_writeable+0x260/0x260
[ 55.231375][ T4994] hfs_write_begin+0x8a/0xd0
[ 55.235962][ T4994] ? hfs_free_extents+0x420/0x420
[ 55.241000][ T4994] generic_perform_write+0x300/0x5e0
[ 55.246279][ T4994] ? generic_file_direct_write+0x460/0x460
[ 55.252083][ T4994] ? __file_remove_privs+0x640/0x640
[ 55.257387][ T4994] ? generic_write_checks+0x160/0x1c0
[ 55.262765][ T4994] __generic_file_write_iter+0x17a/0x400
[ 55.268418][ T4994] generic_file_write_iter+0xaf/0x310
[ 55.273812][ T4994] vfs_write+0x7ec/0xc10
[ 55.278064][ T4994] ? _raw_spin_lock_irqsave+0x120/0x120
[ 55.283600][ T4994] ? file_end_write+0x250/0x250
[ 55.288446][ T4994] ? lockdep_hardirqs_on+0x98/0x140
[ 55.293636][ T4994] ? __fdget_pos+0x265/0x2f0
[ 55.298228][ T4994] ksys_write+0x1a0/0x2c0
[ 55.302563][ T4994] ? __ia32_sys_read+0x90/0x90
[ 55.307315][ T4994] ? syscall_enter_from_user_mode+0x32/0x230
[ 55.313304][ T4994] ? syscall_enter_from_user_mode+0x8c/0x230
[ 55.319272][ T4994] do_syscall_64+0x41/0xc0
[ 55.323688][ T4994] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.329585][ T4994] RIP: 0033:0x7f345c0e09f9
[ 55.333991][ T4994] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.353581][ T4994] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 55.361983][ T4994] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 55.369940][ T4994] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 55.377897][ T4994] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 4994] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 4994] exit_group(0) = ?
[pid 4994] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4994, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/bus") = 0
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 4995
./strace-static-x86_64: Process 4995 attached
[pid 4995] chdir("./4") = 0
[pid 4995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4995] setpgid(0, 0) = 0
[pid 4995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4995] write(3, "1000", 4) = 4
[pid 4995] close(3) = 0
[pid 4995] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4995] memfd_create("syzkaller", 0) = 3
[pid 4995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 4995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 4995] munmap(0x7f3453c93000, 32768) = 0
[pid 4995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 55.385865][ T4994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 55.393843][ T4994] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000003
[ 55.401841][ T4994]
[pid 4995] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4995] close(3) = 0
[pid 4995] mkdir("./bus", 0777) = 0
[pid 4995] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 4995] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 4995] chdir("./bus") = 0
[pid 4995] ioctl(4, LOOP_CLR_FD) = 0
[pid 4995] close(4) = 0
[pid 4995] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 4995] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 4995] write(5, "9", 1) = 1
[pid 4995] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 4995] exit_group(0) = ?
[pid 4995] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4995, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/bus") = 0
[ 55.440212][ T4995] loop0: detected capacity change from 0 to 64
[ 55.449451][ T4995] hfs: unable to locate alternate MDB
[ 55.455338][ T4995] hfs: continuing without an alternate MDB
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 4996
./strace-static-x86_64: Process 4996 attached
[pid 4996] chdir("./5") = 0
[pid 4996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4996] setpgid(0, 0) = 0
[pid 4996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4996] write(3, "1000", 4) = 4
[pid 4996] close(3) = 0
[pid 4996] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4996] memfd_create("syzkaller", 0) = 3
[pid 4996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 4996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 4996] munmap(0x7f3453c93000, 32768) = 0
[pid 4996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4996] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4996] close(3) = 0
[pid 4996] mkdir("./bus", 0777) = 0
[pid 4996] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 4996] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 4996] chdir("./bus") = 0
[pid 4996] ioctl(4, LOOP_CLR_FD) = 0
[pid 4996] close(4) = 0
[pid 4996] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 4996] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 4996] write(5, "9", 1) = 1
[ 55.529602][ T4996] loop0: detected capacity change from 0 to 64
[ 55.538960][ T4996] hfs: unable to locate alternate MDB
[ 55.544585][ T4996] hfs: continuing without an alternate MDB
[ 55.557194][ T4996] FAULT_INJECTION: forcing a failure.
[ 55.557194][ T4996] name failslab, interval 1, probability 0, space 0, times 0
[ 55.570262][ T4996] CPU: 0 PID: 4996 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 55.580340][ T4996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 55.590385][ T4996] Call Trace:
[ 55.593651][ T4996]
[ 55.596569][ T4996] dump_stack_lvl+0x1e7/0x2d0
[ 55.601248][ T4996] ? nf_tcp_handle_invalid+0x650/0x650
[ 55.606697][ T4996] ? panic+0x770/0x770
[ 55.610751][ T4996] ? rcu_is_watching+0x15/0xb0
[ 55.615501][ T4996] ? trace_contention_end+0x3c/0xf0
[ 55.620683][ T4996] should_fail_ex+0x3aa/0x4e0
[ 55.625355][ T4996] should_failslab+0x9/0x20
[ 55.629852][ T4996] slab_pre_alloc_hook+0x59/0x2b0
[ 55.634870][ T4996] ? hfs_find_init+0x90/0x1f0
[ 55.639556][ T4996] __kmem_cache_alloc_node+0x4b/0x290
[ 55.644920][ T4996] ? hfs_find_init+0x90/0x1f0
[ 55.649590][ T4996] __kmalloc+0xa8/0x230
[ 55.653744][ T4996] hfs_find_init+0x90/0x1f0
[ 55.658239][ T4996] hfs_extend_file+0x31b/0x1440
[ 55.663088][ T4996] ? hfs_get_block+0xb60/0xb60
[ 55.667846][ T4996] ? find_lock_entries+0x10f0/0x10f0
[ 55.673133][ T4996] ? clean_bdev_aliases+0x7f9/0x920
[ 55.678338][ T4996] hfs_get_block+0x3e4/0xb60
[ 55.682931][ T4996] ? hfs_free_extents+0x420/0x420
[ 55.687953][ T4996] ? _raw_spin_unlock+0x28/0x40
[ 55.692793][ T4996] ? folio_create_buffers+0x132/0x250
[ 55.698172][ T4996] __block_write_begin_int+0x548/0x1a50
[ 55.703705][ T4996] ? folio_add_lru+0x353/0x6f0
[ 55.708477][ T4996] ? hfs_free_extents+0x420/0x420
[ 55.713493][ T4996] ? PageUptodate+0x290/0x290
[ 55.718159][ T4996] ? folio_test_hugetlb+0xa0/0x1d0
[ 55.723267][ T4996] ? pagecache_get_page+0xeb/0x220
[ 55.728369][ T4996] ? hfs_free_extents+0x420/0x420
[ 55.733385][ T4996] block_write_begin+0x9c/0x1f0
[ 55.738222][ T4996] ? cont_write_begin+0x626/0x880
[ 55.743240][ T4996] cont_write_begin+0x643/0x880
[ 55.748087][ T4996] ? fault_in_readable+0x1db/0x350
[ 55.753190][ T4996] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 55.759073][ T4996] ? fault_in_readable+0x21c/0x350
[ 55.764177][ T4996] ? fault_in_safe_writeable+0x260/0x260
[ 55.769808][ T4996] hfs_write_begin+0x8a/0xd0
[ 55.774393][ T4996] ? hfs_free_extents+0x420/0x420
[ 55.779426][ T4996] generic_perform_write+0x300/0x5e0
[ 55.784713][ T4996] ? generic_file_direct_write+0x460/0x460
[ 55.790509][ T4996] ? __file_remove_privs+0x640/0x640
[ 55.795791][ T4996] ? generic_write_checks+0x160/0x1c0
[ 55.801156][ T4996] __generic_file_write_iter+0x17a/0x400
[ 55.806785][ T4996] generic_file_write_iter+0xaf/0x310
[ 55.812152][ T4996] vfs_write+0x7ec/0xc10
[ 55.816395][ T4996] ? _raw_spin_lock_irqsave+0x120/0x120
[ 55.821947][ T4996] ? file_end_write+0x250/0x250
[ 55.826826][ T4996] ? lockdep_hardirqs_on+0x98/0x140
[ 55.832034][ T4996] ? __fdget_pos+0x265/0x2f0
[ 55.836617][ T4996] ksys_write+0x1a0/0x2c0
[ 55.840947][ T4996] ? __ia32_sys_read+0x90/0x90
[ 55.845718][ T4996] ? syscall_enter_from_user_mode+0x32/0x230
[ 55.851704][ T4996] ? syscall_enter_from_user_mode+0x8c/0x230
[ 55.857679][ T4996] do_syscall_64+0x41/0xc0
[ 55.862097][ T4996] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.867991][ T4996] RIP: 0033:0x7f345c0e09f9
[ 55.872399][ T4996] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 55.891999][ T4996] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 55.900408][ T4996] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 55.908374][ T4996] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 55.916336][ T4996] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 4996] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 4996] exit_group(0) = ?
[pid 4996] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4996, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/bus") = 0
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 4997
./strace-static-x86_64: Process 4997 attached
[pid 4997] chdir("./6") = 0
[pid 4997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4997] setpgid(0, 0) = 0
[pid 4997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4997] write(3, "1000", 4) = 4
[pid 4997] close(3) = 0
[pid 4997] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4997] memfd_create("syzkaller", 0) = 3
[pid 4997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 4997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 4997] munmap(0x7f3453c93000, 32768) = 0
[pid 4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 55.924299][ T4996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 55.932273][ T4996] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000005
[ 55.940268][ T4996]
[pid 4997] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4997] close(3) = 0
[pid 4997] mkdir("./bus", 0777) = 0
[pid 4997] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 4997] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 4997] chdir("./bus") = 0
[pid 4997] ioctl(4, LOOP_CLR_FD) = 0
[pid 4997] close(4) = 0
[pid 4997] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 4997] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 4997] write(5, "9", 1) = 1
[ 55.971622][ T4997] loop0: detected capacity change from 0 to 64
[ 55.982798][ T4997] hfs: unable to locate alternate MDB
[ 55.988275][ T4997] hfs: continuing without an alternate MDB
[ 56.005296][ T4997] FAULT_INJECTION: forcing a failure.
[ 56.005296][ T4997] name failslab, interval 1, probability 0, space 0, times 0
[ 56.018085][ T4997] CPU: 1 PID: 4997 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 56.028171][ T4997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 56.038229][ T4997] Call Trace:
[ 56.041497][ T4997]
[ 56.044422][ T4997] dump_stack_lvl+0x1e7/0x2d0
[ 56.049107][ T4997] ? nf_tcp_handle_invalid+0x650/0x650
[ 56.054573][ T4997] ? panic+0x770/0x770
[ 56.058663][ T4997] ? rcu_is_watching+0x15/0xb0
[ 56.063434][ T4997] ? trace_contention_end+0x3c/0xf0
[ 56.068625][ T4997] should_fail_ex+0x3aa/0x4e0
[ 56.073303][ T4997] should_failslab+0x9/0x20
[ 56.077799][ T4997] slab_pre_alloc_hook+0x59/0x2b0
[ 56.082815][ T4997] ? hfs_find_init+0x90/0x1f0
[ 56.087481][ T4997] __kmem_cache_alloc_node+0x4b/0x290
[ 56.092843][ T4997] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 56.098657][ T4997] ? hfs_find_init+0x90/0x1f0
[ 56.103334][ T4997] __kmalloc+0xa8/0x230
[ 56.107481][ T4997] hfs_find_init+0x90/0x1f0
[ 56.111992][ T4997] hfs_extend_file+0x31b/0x1440
[ 56.116859][ T4997] ? hfs_get_block+0xb60/0xb60
[ 56.121614][ T4997] ? lru_cache_disable+0x30/0x30
[ 56.126538][ T4997] ? __might_sleep+0xc0/0xc0
[ 56.131127][ T4997] ? clean_bdev_aliases+0x80a/0x920
[ 56.136334][ T4997] hfs_get_block+0x3e4/0xb60
[ 56.140936][ T4997] ? hfs_free_extents+0x420/0x420
[ 56.145957][ T4997] ? _raw_spin_unlock+0x28/0x40
[ 56.150796][ T4997] ? folio_create_buffers+0x132/0x250
[ 56.156157][ T4997] __block_write_begin_int+0x548/0x1a50
[ 56.161696][ T4997] ? folio_add_lru+0x353/0x6f0
[ 56.166503][ T4997] ? hfs_free_extents+0x420/0x420
[ 56.171539][ T4997] ? PageUptodate+0x290/0x290
[ 56.176205][ T4997] ? folio_test_hugetlb+0xa0/0x1d0
[ 56.181320][ T4997] ? pagecache_get_page+0xeb/0x220
[ 56.186433][ T4997] ? hfs_free_extents+0x420/0x420
[ 56.191453][ T4997] block_write_begin+0x9c/0x1f0
[ 56.196300][ T4997] ? cont_write_begin+0x626/0x880
[ 56.201326][ T4997] cont_write_begin+0x643/0x880
[ 56.206184][ T4997] ? fault_in_readable+0x1db/0x350
[ 56.211284][ T4997] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 56.217164][ T4997] ? fault_in_readable+0x21c/0x350
[ 56.222266][ T4997] ? fault_in_safe_writeable+0x260/0x260
[ 56.227888][ T4997] hfs_write_begin+0x8a/0xd0
[ 56.232489][ T4997] ? hfs_free_extents+0x420/0x420
[ 56.237528][ T4997] generic_perform_write+0x300/0x5e0
[ 56.242807][ T4997] ? generic_file_direct_write+0x460/0x460
[ 56.248617][ T4997] ? __file_remove_privs+0x640/0x640
[ 56.253918][ T4997] ? generic_write_checks+0x160/0x1c0
[ 56.259311][ T4997] __generic_file_write_iter+0x17a/0x400
[ 56.264977][ T4997] generic_file_write_iter+0xaf/0x310
[ 56.270353][ T4997] vfs_write+0x7ec/0xc10
[ 56.274591][ T4997] ? _raw_spin_lock_irqsave+0x120/0x120
[ 56.280128][ T4997] ? file_end_write+0x250/0x250
[ 56.284989][ T4997] ? lockdep_hardirqs_on+0x98/0x140
[ 56.290194][ T4997] ? __fdget_pos+0x265/0x2f0
[ 56.294772][ T4997] ksys_write+0x1a0/0x2c0
[ 56.299094][ T4997] ? __ia32_sys_read+0x90/0x90
[ 56.303859][ T4997] ? syscall_enter_from_user_mode+0x32/0x230
[ 56.309852][ T4997] ? syscall_enter_from_user_mode+0x8c/0x230
[ 56.315822][ T4997] do_syscall_64+0x41/0xc0
[ 56.320245][ T4997] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.326128][ T4997] RIP: 0033:0x7f345c0e09f9
[ 56.330531][ T4997] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 56.350122][ T4997] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 56.358523][ T4997] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[pid 4997] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 4997] exit_group(0) = ?
[pid 4997] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4997, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/bus") = 0
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 4998
./strace-static-x86_64: Process 4998 attached
[pid 4998] chdir("./7") = 0
[pid 4998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4998] setpgid(0, 0) = 0
[pid 4998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4998] write(3, "1000", 4) = 4
[pid 4998] close(3) = 0
[pid 4998] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4998] memfd_create("syzkaller", 0) = 3
[pid 4998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 4998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 4998] munmap(0x7f3453c93000, 32768) = 0
[pid 4998] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 56.366486][ T4997] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 56.374444][ T4997] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 56.382405][ T4997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 56.390361][ T4997] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000006
[ 56.398343][ T4997]
[pid 4998] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4998] close(3) = 0
[pid 4998] mkdir("./bus", 0777) = 0
[pid 4998] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 4998] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 4998] chdir("./bus") = 0
[pid 4998] ioctl(4, LOOP_CLR_FD) = 0
[pid 4998] close(4) = 0
[pid 4998] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 4998] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 4998] write(5, "9", 1) = 1
[pid 4998] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 4998] exit_group(0) = ?
[pid 4998] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4998, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/bus") = 0
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
[ 56.453384][ T4998] loop0: detected capacity change from 0 to 64
[ 56.462953][ T4998] hfs: unable to locate alternate MDB
[ 56.468357][ T4998] hfs: continuing without an alternate MDB
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 4999
./strace-static-x86_64: Process 4999 attached
[pid 4999] chdir("./8") = 0
[pid 4999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4999] setpgid(0, 0) = 0
[pid 4999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4999] write(3, "1000", 4) = 4
[pid 4999] close(3) = 0
[pid 4999] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4999] memfd_create("syzkaller", 0) = 3
[pid 4999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 4999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 4999] munmap(0x7f3453c93000, 32768) = 0
[pid 4999] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4999] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4999] close(3) = 0
[pid 4999] mkdir("./bus", 0777) = 0
[pid 4999] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 4999] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 4999] chdir("./bus") = 0
[pid 4999] ioctl(4, LOOP_CLR_FD) = 0
[pid 4999] close(4) = 0
[pid 4999] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 4999] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 4999] write(5, "9", 1) = 1
[ 56.528867][ T4999] loop0: detected capacity change from 0 to 64
[ 56.538003][ T4999] hfs: unable to locate alternate MDB
[ 56.543622][ T4999] hfs: continuing without an alternate MDB
[ 56.556422][ T4999] FAULT_INJECTION: forcing a failure.
[ 56.556422][ T4999] name failslab, interval 1, probability 0, space 0, times 0
[ 56.569500][ T4999] CPU: 0 PID: 4999 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 56.579583][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 56.589623][ T4999] Call Trace:
[ 56.592888][ T4999]
[ 56.595832][ T4999] dump_stack_lvl+0x1e7/0x2d0
[ 56.600516][ T4999] ? nf_tcp_handle_invalid+0x650/0x650
[ 56.605965][ T4999] ? panic+0x770/0x770
[ 56.610020][ T4999] ? rcu_is_watching+0x15/0xb0
[ 56.614788][ T4999] ? trace_contention_end+0x3c/0xf0
[ 56.619974][ T4999] should_fail_ex+0x3aa/0x4e0
[ 56.624655][ T4999] should_failslab+0x9/0x20
[ 56.629145][ T4999] slab_pre_alloc_hook+0x59/0x2b0
[ 56.634157][ T4999] ? hfs_find_init+0x90/0x1f0
[ 56.638816][ T4999] __kmem_cache_alloc_node+0x4b/0x290
[ 56.644176][ T4999] ? hfs_find_init+0x90/0x1f0
[ 56.648840][ T4999] __kmalloc+0xa8/0x230
[ 56.652988][ T4999] hfs_find_init+0x90/0x1f0
[ 56.657478][ T4999] hfs_extend_file+0x31b/0x1440
[ 56.662320][ T4999] ? hfs_get_block+0xb60/0xb60
[ 56.667068][ T4999] ? find_lock_entries+0x10f0/0x10f0
[ 56.672343][ T4999] ? clean_bdev_aliases+0x7f9/0x920
[ 56.677526][ T4999] hfs_get_block+0x3e4/0xb60
[ 56.682110][ T4999] ? hfs_free_extents+0x420/0x420
[ 56.687121][ T4999] ? _raw_spin_unlock+0x28/0x40
[ 56.691954][ T4999] ? folio_create_buffers+0x132/0x250
[ 56.697316][ T4999] __block_write_begin_int+0x548/0x1a50
[ 56.702841][ T4999] ? folio_add_lru+0x353/0x6f0
[ 56.707598][ T4999] ? hfs_free_extents+0x420/0x420
[ 56.712604][ T4999] ? PageUptodate+0x290/0x290
[ 56.717263][ T4999] ? folio_test_hugetlb+0xa0/0x1d0
[ 56.722387][ T4999] ? pagecache_get_page+0xeb/0x220
[ 56.727482][ T4999] ? hfs_free_extents+0x420/0x420
[ 56.732489][ T4999] block_write_begin+0x9c/0x1f0
[ 56.737322][ T4999] ? cont_write_begin+0x626/0x880
[ 56.742329][ T4999] cont_write_begin+0x643/0x880
[ 56.747167][ T4999] ? fault_in_readable+0x1db/0x350
[ 56.752265][ T4999] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 56.758156][ T4999] ? fault_in_readable+0x21c/0x350
[ 56.763254][ T4999] ? fault_in_safe_writeable+0x260/0x260
[ 56.768877][ T4999] hfs_write_begin+0x8a/0xd0
[ 56.773451][ T4999] ? hfs_free_extents+0x420/0x420
[ 56.778463][ T4999] generic_perform_write+0x300/0x5e0
[ 56.783740][ T4999] ? generic_file_direct_write+0x460/0x460
[ 56.789547][ T4999] ? __file_remove_privs+0x640/0x640
[ 56.794820][ T4999] ? generic_write_checks+0x160/0x1c0
[ 56.800180][ T4999] __generic_file_write_iter+0x17a/0x400
[ 56.805803][ T4999] generic_file_write_iter+0xaf/0x310
[ 56.811163][ T4999] vfs_write+0x7ec/0xc10
[ 56.815392][ T4999] ? _raw_spin_lock_irqsave+0x120/0x120
[ 56.820930][ T4999] ? file_end_write+0x250/0x250
[ 56.825772][ T4999] ? lockdep_hardirqs_on+0x98/0x140
[ 56.830957][ T4999] ? __fdget_pos+0x265/0x2f0
[ 56.835533][ T4999] ksys_write+0x1a0/0x2c0
[ 56.839851][ T4999] ? __ia32_sys_read+0x90/0x90
[ 56.844606][ T4999] ? syscall_enter_from_user_mode+0x32/0x230
[ 56.850573][ T4999] ? syscall_enter_from_user_mode+0x8c/0x230
[ 56.856536][ T4999] do_syscall_64+0x41/0xc0
[ 56.860956][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.866832][ T4999] RIP: 0033:0x7f345c0e09f9
[ 56.871236][ T4999] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 56.890825][ T4999] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 56.899244][ T4999] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 56.907201][ T4999] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 56.915168][ T4999] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 4999] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 4999] exit_group(0) = ?
[pid 4999] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4999, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/bus") = 0
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./8/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5000
./strace-static-x86_64: Process 5000 attached
[pid 5000] chdir("./9") = 0
[pid 5000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5000] setpgid(0, 0) = 0
[pid 5000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5000] write(3, "1000", 4) = 4
[pid 5000] close(3) = 0
[pid 5000] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5000] memfd_create("syzkaller", 0) = 3
[pid 5000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5000] munmap(0x7f3453c93000, 32768) = 0
[pid 5000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 56.923122][ T4999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 56.931078][ T4999] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000008
[ 56.939040][ T4999]
[pid 5000] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5000] close(3) = 0
[pid 5000] mkdir("./bus", 0777) = 0
[pid 5000] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5000] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5000] chdir("./bus") = 0
[pid 5000] ioctl(4, LOOP_CLR_FD) = 0
[pid 5000] close(4) = 0
[pid 5000] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5000] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5000] write(5, "9", 1) = 1
[ 56.972501][ T5000] loop0: detected capacity change from 0 to 64
[ 56.983046][ T5000] hfs: unable to locate alternate MDB
[ 56.988438][ T5000] hfs: continuing without an alternate MDB
[ 57.006630][ T5000] FAULT_INJECTION: forcing a failure.
[ 57.006630][ T5000] name failslab, interval 1, probability 0, space 0, times 0
[ 57.019308][ T5000] CPU: 1 PID: 5000 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 57.029359][ T5000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 57.039411][ T5000] Call Trace:
[ 57.042679][ T5000]
[ 57.045597][ T5000] dump_stack_lvl+0x1e7/0x2d0
[ 57.050277][ T5000] ? nf_tcp_handle_invalid+0x650/0x650
[ 57.055755][ T5000] ? panic+0x770/0x770
[ 57.059842][ T5000] ? rcu_is_watching+0x15/0xb0
[ 57.064606][ T5000] ? trace_contention_end+0x3c/0xf0
[ 57.069800][ T5000] should_fail_ex+0x3aa/0x4e0
[ 57.074475][ T5000] should_failslab+0x9/0x20
[ 57.078975][ T5000] slab_pre_alloc_hook+0x59/0x2b0
[ 57.083995][ T5000] ? hfs_find_init+0x90/0x1f0
[ 57.088664][ T5000] __kmem_cache_alloc_node+0x4b/0x290
[ 57.094031][ T5000] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 57.099854][ T5000] ? hfs_find_init+0x90/0x1f0
[ 57.104537][ T5000] __kmalloc+0xa8/0x230
[ 57.108695][ T5000] hfs_find_init+0x90/0x1f0
[ 57.113219][ T5000] hfs_extend_file+0x31b/0x1440
[ 57.118074][ T5000] ? hfs_get_block+0xb60/0xb60
[ 57.122835][ T5000] ? lru_cache_disable+0x30/0x30
[ 57.127770][ T5000] ? __might_sleep+0xc0/0xc0
[ 57.132370][ T5000] ? clean_bdev_aliases+0x80a/0x920
[ 57.137564][ T5000] hfs_get_block+0x3e4/0xb60
[ 57.142156][ T5000] ? hfs_free_extents+0x420/0x420
[ 57.147179][ T5000] ? _raw_spin_unlock+0x28/0x40
[ 57.152018][ T5000] ? folio_create_buffers+0x132/0x250
[ 57.157383][ T5000] __block_write_begin_int+0x548/0x1a50
[ 57.162917][ T5000] ? folio_add_lru+0x353/0x6f0
[ 57.167688][ T5000] ? hfs_free_extents+0x420/0x420
[ 57.172724][ T5000] ? PageUptodate+0x290/0x290
[ 57.177404][ T5000] ? folio_test_hugetlb+0xa0/0x1d0
[ 57.182513][ T5000] ? pagecache_get_page+0xeb/0x220
[ 57.187617][ T5000] ? hfs_free_extents+0x420/0x420
[ 57.192637][ T5000] block_write_begin+0x9c/0x1f0
[ 57.197481][ T5000] ? cont_write_begin+0x626/0x880
[ 57.203283][ T5000] cont_write_begin+0x643/0x880
[ 57.208133][ T5000] ? fault_in_readable+0x1db/0x350
[ 57.213236][ T5000] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 57.219119][ T5000] ? fault_in_readable+0x21c/0x350
[ 57.224228][ T5000] ? fault_in_safe_writeable+0x260/0x260
[ 57.229860][ T5000] hfs_write_begin+0x8a/0xd0
[ 57.234444][ T5000] ? hfs_free_extents+0x420/0x420
[ 57.239465][ T5000] generic_perform_write+0x300/0x5e0
[ 57.244747][ T5000] ? generic_file_direct_write+0x460/0x460
[ 57.250544][ T5000] ? __file_remove_privs+0x640/0x640
[ 57.255824][ T5000] ? generic_write_checks+0x160/0x1c0
[ 57.261198][ T5000] __generic_file_write_iter+0x17a/0x400
[ 57.266830][ T5000] generic_file_write_iter+0xaf/0x310
[ 57.272197][ T5000] vfs_write+0x7ec/0xc10
[ 57.276433][ T5000] ? _raw_spin_lock_irqsave+0x120/0x120
[ 57.281976][ T5000] ? file_end_write+0x250/0x250
[ 57.286829][ T5000] ? lockdep_hardirqs_on+0x98/0x140
[ 57.292035][ T5000] ? __fdget_pos+0x265/0x2f0
[ 57.296618][ T5000] ksys_write+0x1a0/0x2c0
[ 57.300949][ T5000] ? __ia32_sys_read+0x90/0x90
[ 57.305708][ T5000] ? syscall_enter_from_user_mode+0x32/0x230
[ 57.311685][ T5000] ? syscall_enter_from_user_mode+0x8c/0x230
[ 57.317658][ T5000] do_syscall_64+0x41/0xc0
[ 57.322073][ T5000] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.327959][ T5000] RIP: 0033:0x7f345c0e09f9
[ 57.332365][ T5000] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.351958][ T5000] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 57.360361][ T5000] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[pid 5000] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5000] exit_group(0) = ?
[pid 5000] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5000, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/bus") = 0
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5001 attached
[pid 5001] chdir("./10") = 0
[pid 5001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5001] setpgid(0, 0) = 0
[pid 5001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5001] write(3, "1000", 4) = 4
[pid 5001] close(3) = 0
[ 57.368322][ T5000] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 57.376284][ T5000] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 57.384245][ T5000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 57.392204][ T5000] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000009
[ 57.400177][ T5000]
[pid 5001] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5001] memfd_create("syzkaller", 0) = 3
[pid 5001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5001] munmap(0x7f3453c93000, 32768) = 0
[pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5001] ioctl(4, LOOP_SET_FD, 3
[pid 4989] <... clone resumed>, child_tidptr=0x5555571ac5d0) = 5001
[pid 5001] <... ioctl resumed>) = 0
[pid 5001] close(3) = 0
[pid 5001] mkdir("./bus", 0777) = 0
[pid 5001] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5001] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5001] chdir("./bus") = 0
[pid 5001] ioctl(4, LOOP_CLR_FD) = 0
[pid 5001] close(4) = 0
[pid 5001] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5001] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5001] write(5, "9", 1) = 1
[ 57.442126][ T5001] loop0: detected capacity change from 0 to 64
[ 57.451262][ T5001] hfs: unable to locate alternate MDB
[ 57.456895][ T5001] hfs: continuing without an alternate MDB
[ 57.472420][ T5001] FAULT_INJECTION: forcing a failure.
[ 57.472420][ T5001] name failslab, interval 1, probability 0, space 0, times 0
[ 57.485264][ T5001] CPU: 1 PID: 5001 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 57.495347][ T5001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 57.505391][ T5001] Call Trace:
[ 57.508655][ T5001]
[ 57.511582][ T5001] dump_stack_lvl+0x1e7/0x2d0
[ 57.516275][ T5001] ? nf_tcp_handle_invalid+0x650/0x650
[ 57.521730][ T5001] ? panic+0x770/0x770
[ 57.525792][ T5001] ? rcu_is_watching+0x15/0xb0
[ 57.530546][ T5001] ? trace_contention_end+0x3c/0xf0
[ 57.535735][ T5001] should_fail_ex+0x3aa/0x4e0
[ 57.540402][ T5001] should_failslab+0x9/0x20
[ 57.544900][ T5001] slab_pre_alloc_hook+0x59/0x2b0
[ 57.549935][ T5001] ? hfs_find_init+0x90/0x1f0
[ 57.554603][ T5001] __kmem_cache_alloc_node+0x4b/0x290
[ 57.559963][ T5001] ? hfs_find_init+0x90/0x1f0
[ 57.564629][ T5001] __kmalloc+0xa8/0x230
[ 57.568773][ T5001] hfs_find_init+0x90/0x1f0
[ 57.573280][ T5001] hfs_extend_file+0x31b/0x1440
[ 57.578143][ T5001] ? hfs_get_block+0xb60/0xb60
[ 57.582898][ T5001] ? find_lock_entries+0x10f0/0x10f0
[ 57.588184][ T5001] ? clean_bdev_aliases+0x7f9/0x920
[ 57.593386][ T5001] hfs_get_block+0x3e4/0xb60
[ 57.597990][ T5001] ? hfs_free_extents+0x420/0x420
[ 57.603008][ T5001] ? _raw_spin_unlock+0x28/0x40
[ 57.607845][ T5001] ? folio_create_buffers+0x132/0x250
[ 57.613211][ T5001] __block_write_begin_int+0x548/0x1a50
[ 57.618745][ T5001] ? folio_add_lru+0x353/0x6f0
[ 57.623517][ T5001] ? hfs_free_extents+0x420/0x420
[ 57.628538][ T5001] ? PageUptodate+0x290/0x290
[ 57.633222][ T5001] ? folio_test_hugetlb+0xa0/0x1d0
[ 57.638328][ T5001] ? pagecache_get_page+0xeb/0x220
[ 57.643430][ T5001] ? hfs_free_extents+0x420/0x420
[ 57.648452][ T5001] block_write_begin+0x9c/0x1f0
[ 57.653329][ T5001] ? cont_write_begin+0x626/0x880
[ 57.658344][ T5001] cont_write_begin+0x643/0x880
[ 57.663201][ T5001] ? fault_in_readable+0x1db/0x350
[ 57.668318][ T5001] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 57.674209][ T5001] ? fault_in_readable+0x21c/0x350
[ 57.679335][ T5001] ? fault_in_safe_writeable+0x260/0x260
[ 57.684993][ T5001] hfs_write_begin+0x8a/0xd0
[ 57.689612][ T5001] ? hfs_free_extents+0x420/0x420
[ 57.694632][ T5001] generic_perform_write+0x300/0x5e0
[ 57.699920][ T5001] ? generic_file_direct_write+0x460/0x460
[ 57.705728][ T5001] ? __file_remove_privs+0x640/0x640
[ 57.711010][ T5001] ? generic_write_checks+0x160/0x1c0
[ 57.716388][ T5001] __generic_file_write_iter+0x17a/0x400
[ 57.722021][ T5001] generic_file_write_iter+0xaf/0x310
[ 57.727393][ T5001] vfs_write+0x7ec/0xc10
[ 57.731625][ T5001] ? _raw_spin_lock_irqsave+0x120/0x120
[ 57.737166][ T5001] ? file_end_write+0x250/0x250
[ 57.742015][ T5001] ? lockdep_hardirqs_on+0x98/0x140
[ 57.747211][ T5001] ? __fdget_pos+0x265/0x2f0
[ 57.751805][ T5001] ksys_write+0x1a0/0x2c0
[ 57.756130][ T5001] ? __ia32_sys_read+0x90/0x90
[ 57.760883][ T5001] ? syscall_enter_from_user_mode+0x32/0x230
[ 57.766850][ T5001] ? syscall_enter_from_user_mode+0x8c/0x230
[ 57.772826][ T5001] do_syscall_64+0x41/0xc0
[ 57.777234][ T5001] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.783114][ T5001] RIP: 0033:0x7f345c0e09f9
[ 57.787525][ T5001] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 57.807140][ T5001] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 57.815546][ T5001] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 57.823506][ T5001] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 57.831471][ T5001] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5001] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5001] exit_group(0) = ?
[pid 5001] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5001, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/bus") = 0
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./10/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5002
./strace-static-x86_64: Process 5002 attached
[pid 5002] chdir("./11") = 0
[pid 5002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5002] setpgid(0, 0) = 0
[pid 5002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5002] write(3, "1000", 4) = 4
[pid 5002] close(3) = 0
[pid 5002] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5002] memfd_create("syzkaller", 0) = 3
[pid 5002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5002] munmap(0x7f3453c93000, 32768) = 0
[pid 5002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 57.839435][ T5001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 57.847404][ T5001] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000000a
[ 57.855393][ T5001]
[pid 5002] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5002] close(3) = 0
[pid 5002] mkdir("./bus", 0777) = 0
[pid 5002] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5002] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5002] chdir("./bus") = 0
[pid 5002] ioctl(4, LOOP_CLR_FD) = 0
[pid 5002] close(4) = 0
[pid 5002] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5002] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5002] write(5, "9", 1) = 1
[ 57.904906][ T5002] loop0: detected capacity change from 0 to 64
[ 57.914272][ T5002] hfs: unable to locate alternate MDB
[ 57.919646][ T5002] hfs: continuing without an alternate MDB
[ 57.935459][ T5002] FAULT_INJECTION: forcing a failure.
[ 57.935459][ T5002] name failslab, interval 1, probability 0, space 0, times 0
[ 57.948253][ T5002] CPU: 1 PID: 5002 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 57.958329][ T5002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 57.968372][ T5002] Call Trace:
[ 57.971640][ T5002]
[ 57.974572][ T5002] dump_stack_lvl+0x1e7/0x2d0
[ 57.979264][ T5002] ? nf_tcp_handle_invalid+0x650/0x650
[ 57.984720][ T5002] ? panic+0x770/0x770
[ 57.988785][ T5002] ? rcu_is_watching+0x15/0xb0
[ 57.993561][ T5002] ? trace_contention_end+0x3c/0xf0
[ 57.998756][ T5002] should_fail_ex+0x3aa/0x4e0
[ 58.003426][ T5002] should_failslab+0x9/0x20
[ 58.007929][ T5002] slab_pre_alloc_hook+0x59/0x2b0
[ 58.012960][ T5002] ? hfs_find_init+0x90/0x1f0
[ 58.017644][ T5002] __kmem_cache_alloc_node+0x4b/0x290
[ 58.023007][ T5002] ? hfs_find_init+0x90/0x1f0
[ 58.027673][ T5002] __kmalloc+0xa8/0x230
[ 58.031842][ T5002] hfs_find_init+0x90/0x1f0
[ 58.036349][ T5002] hfs_extend_file+0x31b/0x1440
[ 58.041216][ T5002] ? hfs_get_block+0xb60/0xb60
[ 58.045984][ T5002] ? find_lock_entries+0x10f0/0x10f0
[ 58.051294][ T5002] ? clean_bdev_aliases+0x7f9/0x920
[ 58.056515][ T5002] hfs_get_block+0x3e4/0xb60
[ 58.061131][ T5002] ? hfs_free_extents+0x420/0x420
[ 58.066154][ T5002] ? _raw_spin_unlock+0x28/0x40
[ 58.070995][ T5002] ? folio_create_buffers+0x132/0x250
[ 58.076358][ T5002] __block_write_begin_int+0x548/0x1a50
[ 58.081978][ T5002] ? folio_add_lru+0x353/0x6f0
[ 58.086739][ T5002] ? hfs_free_extents+0x420/0x420
[ 58.091758][ T5002] ? PageUptodate+0x290/0x290
[ 58.096447][ T5002] ? folio_test_hugetlb+0xa0/0x1d0
[ 58.101567][ T5002] ? pagecache_get_page+0xeb/0x220
[ 58.106667][ T5002] ? hfs_free_extents+0x420/0x420
[ 58.111692][ T5002] block_write_begin+0x9c/0x1f0
[ 58.116545][ T5002] ? cont_write_begin+0x626/0x880
[ 58.121576][ T5002] cont_write_begin+0x643/0x880
[ 58.126420][ T5002] ? fault_in_readable+0x1db/0x350
[ 58.131525][ T5002] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 58.137431][ T5002] ? fault_in_readable+0x21c/0x350
[ 58.142551][ T5002] ? fault_in_safe_writeable+0x260/0x260
[ 58.148193][ T5002] hfs_write_begin+0x8a/0xd0
[ 58.152772][ T5002] ? hfs_free_extents+0x420/0x420
[ 58.157788][ T5002] generic_perform_write+0x300/0x5e0
[ 58.163067][ T5002] ? generic_file_direct_write+0x460/0x460
[ 58.168963][ T5002] ? __file_remove_privs+0x640/0x640
[ 58.174243][ T5002] ? generic_write_checks+0x160/0x1c0
[ 58.179607][ T5002] __generic_file_write_iter+0x17a/0x400
[ 58.185240][ T5002] generic_file_write_iter+0xaf/0x310
[ 58.190607][ T5002] vfs_write+0x7ec/0xc10
[ 58.194842][ T5002] ? _raw_spin_lock_irqsave+0x120/0x120
[ 58.200380][ T5002] ? file_end_write+0x250/0x250
[ 58.205249][ T5002] ? lockdep_hardirqs_on+0x98/0x140
[ 58.210464][ T5002] ? __fdget_pos+0x265/0x2f0
[ 58.215060][ T5002] ksys_write+0x1a0/0x2c0
[ 58.219388][ T5002] ? __ia32_sys_read+0x90/0x90
[ 58.224152][ T5002] ? syscall_enter_from_user_mode+0x32/0x230
[ 58.230143][ T5002] ? syscall_enter_from_user_mode+0x8c/0x230
[ 58.236112][ T5002] do_syscall_64+0x41/0xc0
[ 58.240529][ T5002] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.246430][ T5002] RIP: 0033:0x7f345c0e09f9
[ 58.250831][ T5002] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.270423][ T5002] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 58.278824][ T5002] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 58.286784][ T5002] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 58.294749][ T5002] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5002] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5002] exit_group(0) = ?
[pid 5002] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5002, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/bus") = 0
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./11/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5003
./strace-static-x86_64: Process 5003 attached
[pid 5003] chdir("./12") = 0
[pid 5003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5003] setpgid(0, 0) = 0
[pid 5003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5003] write(3, "1000", 4) = 4
[pid 5003] close(3) = 0
[pid 5003] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5003] memfd_create("syzkaller", 0) = 3
[pid 5003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5003] munmap(0x7f3453c93000, 32768) = 0
[pid 5003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 58.302717][ T5002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 58.310705][ T5002] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000000b
[ 58.318727][ T5002]
[pid 5003] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5003] close(3) = 0
[pid 5003] mkdir("./bus", 0777) = 0
[pid 5003] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5003] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5003] chdir("./bus") = 0
[pid 5003] ioctl(4, LOOP_CLR_FD) = 0
[pid 5003] close(4) = 0
[pid 5003] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5003] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5003] write(5, "9", 1) = 1
[ 58.359799][ T5003] loop0: detected capacity change from 0 to 64
[ 58.369081][ T5003] hfs: unable to locate alternate MDB
[ 58.374899][ T5003] hfs: continuing without an alternate MDB
[ 58.386919][ T5003] FAULT_INJECTION: forcing a failure.
[ 58.386919][ T5003] name failslab, interval 1, probability 0, space 0, times 0
[ 58.399982][ T5003] CPU: 0 PID: 5003 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 58.410061][ T5003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 58.420102][ T5003] Call Trace:
[ 58.423368][ T5003]
[ 58.426284][ T5003] dump_stack_lvl+0x1e7/0x2d0
[ 58.430952][ T5003] ? nf_tcp_handle_invalid+0x650/0x650
[ 58.436402][ T5003] ? panic+0x770/0x770
[ 58.440458][ T5003] ? rcu_is_watching+0x15/0xb0
[ 58.445208][ T5003] ? trace_contention_end+0x3c/0xf0
[ 58.450393][ T5003] should_fail_ex+0x3aa/0x4e0
[ 58.455058][ T5003] should_failslab+0x9/0x20
[ 58.459546][ T5003] slab_pre_alloc_hook+0x59/0x2b0
[ 58.464560][ T5003] ? hfs_find_init+0x90/0x1f0
[ 58.469222][ T5003] __kmem_cache_alloc_node+0x4b/0x290
[ 58.474587][ T5003] ? hfs_find_init+0x90/0x1f0
[ 58.479251][ T5003] __kmalloc+0xa8/0x230
[ 58.483411][ T5003] hfs_find_init+0x90/0x1f0
[ 58.487902][ T5003] hfs_extend_file+0x31b/0x1440
[ 58.492745][ T5003] ? hfs_get_block+0xb60/0xb60
[ 58.497498][ T5003] ? find_lock_entries+0x10f0/0x10f0
[ 58.502792][ T5003] ? clean_bdev_aliases+0x7f9/0x920
[ 58.507976][ T5003] hfs_get_block+0x3e4/0xb60
[ 58.512558][ T5003] ? hfs_free_extents+0x420/0x420
[ 58.517575][ T5003] ? _raw_spin_unlock+0x28/0x40
[ 58.522409][ T5003] ? folio_create_buffers+0x132/0x250
[ 58.527765][ T5003] __block_write_begin_int+0x548/0x1a50
[ 58.533295][ T5003] ? folio_add_lru+0x353/0x6f0
[ 58.538055][ T5003] ? hfs_free_extents+0x420/0x420
[ 58.543083][ T5003] ? PageUptodate+0x290/0x290
[ 58.547743][ T5003] ? folio_test_hugetlb+0xa0/0x1d0
[ 58.552839][ T5003] ? pagecache_get_page+0xeb/0x220
[ 58.557935][ T5003] ? hfs_free_extents+0x420/0x420
[ 58.562942][ T5003] block_write_begin+0x9c/0x1f0
[ 58.567773][ T5003] ? cont_write_begin+0x626/0x880
[ 58.572782][ T5003] cont_write_begin+0x643/0x880
[ 58.577619][ T5003] ? fault_in_readable+0x1db/0x350
[ 58.582712][ T5003] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 58.588587][ T5003] ? fault_in_readable+0x21c/0x350
[ 58.593681][ T5003] ? fault_in_safe_writeable+0x260/0x260
[ 58.599302][ T5003] hfs_write_begin+0x8a/0xd0
[ 58.603877][ T5003] ? hfs_free_extents+0x420/0x420
[ 58.608887][ T5003] generic_perform_write+0x300/0x5e0
[ 58.614163][ T5003] ? generic_file_direct_write+0x460/0x460
[ 58.619951][ T5003] ? __file_remove_privs+0x640/0x640
[ 58.625228][ T5003] ? generic_write_checks+0x160/0x1c0
[ 58.630586][ T5003] __generic_file_write_iter+0x17a/0x400
[ 58.636205][ T5003] generic_file_write_iter+0xaf/0x310
[ 58.641572][ T5003] vfs_write+0x7ec/0xc10
[ 58.645801][ T5003] ? _raw_spin_lock_irqsave+0x120/0x120
[ 58.651337][ T5003] ? file_end_write+0x250/0x250
[ 58.656178][ T5003] ? lockdep_hardirqs_on+0x98/0x140
[ 58.661364][ T5003] ? __fdget_pos+0x265/0x2f0
[ 58.665948][ T5003] ksys_write+0x1a0/0x2c0
[ 58.670285][ T5003] ? __ia32_sys_read+0x90/0x90
[ 58.675051][ T5003] ? syscall_enter_from_user_mode+0x32/0x230
[ 58.681021][ T5003] ? syscall_enter_from_user_mode+0x8c/0x230
[ 58.686989][ T5003] do_syscall_64+0x41/0xc0
[ 58.691392][ T5003] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.697270][ T5003] RIP: 0033:0x7f345c0e09f9
[ 58.701675][ T5003] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 58.721278][ T5003] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 58.729675][ T5003] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 58.737630][ T5003] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 58.745586][ T5003] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 58.753538][ T5003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5003] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5003] exit_group(0) = ?
[pid 5003] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5003, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/bus") = 0
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./12/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5004
./strace-static-x86_64: Process 5004 attached
[pid 5004] chdir("./13") = 0
[pid 5004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5004] setpgid(0, 0) = 0
[pid 5004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5004] write(3, "1000", 4) = 4
[pid 5004] close(3) = 0
[pid 5004] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5004] memfd_create("syzkaller", 0) = 3
[pid 5004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5004] munmap(0x7f3453c93000, 32768) = 0
[pid 5004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 58.761495][ T5003] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000000c
[ 58.769456][ T5003]
[pid 5004] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5004] close(3) = 0
[pid 5004] mkdir("./bus", 0777) = 0
[pid 5004] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5004] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5004] chdir("./bus") = 0
[pid 5004] ioctl(4, LOOP_CLR_FD) = 0
[pid 5004] close(4) = 0
[pid 5004] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5004] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5004] write(5, "9", 1) = 1
[ 58.812512][ T5004] loop0: detected capacity change from 0 to 64
[ 58.822973][ T5004] hfs: unable to locate alternate MDB
[ 58.828605][ T5004] hfs: continuing without an alternate MDB
[ 58.852049][ T5004] FAULT_INJECTION: forcing a failure.
[ 58.852049][ T5004] name failslab, interval 1, probability 0, space 0, times 0
[ 58.864787][ T5004] CPU: 1 PID: 5004 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 58.874870][ T5004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 58.884930][ T5004] Call Trace:
[ 58.888214][ T5004]
[ 58.891147][ T5004] dump_stack_lvl+0x1e7/0x2d0
[ 58.895822][ T5004] ? nf_tcp_handle_invalid+0x650/0x650
[ 58.901272][ T5004] ? panic+0x770/0x770
[ 58.905351][ T5004] ? rcu_is_watching+0x15/0xb0
[ 58.910104][ T5004] ? trace_contention_end+0x3c/0xf0
[ 58.915307][ T5004] should_fail_ex+0x3aa/0x4e0
[ 58.919992][ T5004] should_failslab+0x9/0x20
[ 58.924489][ T5004] slab_pre_alloc_hook+0x59/0x2b0
[ 58.929507][ T5004] ? hfs_find_init+0x90/0x1f0
[ 58.934179][ T5004] __kmem_cache_alloc_node+0x4b/0x290
[ 58.939579][ T5004] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 58.945393][ T5004] ? hfs_find_init+0x90/0x1f0
[ 58.950058][ T5004] __kmalloc+0xa8/0x230
[ 58.954223][ T5004] hfs_find_init+0x90/0x1f0
[ 58.958735][ T5004] hfs_extend_file+0x31b/0x1440
[ 58.963580][ T5004] ? hfs_get_block+0xb60/0xb60
[ 58.968335][ T5004] ? lru_cache_disable+0x30/0x30
[ 58.973281][ T5004] ? __might_sleep+0xc0/0xc0
[ 58.977891][ T5004] ? clean_bdev_aliases+0x80a/0x920
[ 58.983081][ T5004] hfs_get_block+0x3e4/0xb60
[ 58.987671][ T5004] ? hfs_free_extents+0x420/0x420
[ 58.992692][ T5004] ? _raw_spin_unlock+0x28/0x40
[ 58.997537][ T5004] ? folio_create_buffers+0x132/0x250
[ 59.002930][ T5004] __block_write_begin_int+0x548/0x1a50
[ 59.008501][ T5004] ? folio_add_lru+0x353/0x6f0
[ 59.013289][ T5004] ? hfs_free_extents+0x420/0x420
[ 59.018329][ T5004] ? PageUptodate+0x290/0x290
[ 59.023011][ T5004] ? folio_test_hugetlb+0xa0/0x1d0
[ 59.028133][ T5004] ? pagecache_get_page+0xeb/0x220
[ 59.033248][ T5004] ? hfs_free_extents+0x420/0x420
[ 59.038262][ T5004] block_write_begin+0x9c/0x1f0
[ 59.043105][ T5004] ? cont_write_begin+0x626/0x880
[ 59.048122][ T5004] cont_write_begin+0x643/0x880
[ 59.052975][ T5004] ? fault_in_readable+0x1db/0x350
[ 59.058090][ T5004] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 59.063987][ T5004] ? fault_in_readable+0x21c/0x350
[ 59.069099][ T5004] ? fault_in_safe_writeable+0x260/0x260
[ 59.074741][ T5004] hfs_write_begin+0x8a/0xd0
[ 59.079322][ T5004] ? hfs_free_extents+0x420/0x420
[ 59.084339][ T5004] generic_perform_write+0x300/0x5e0
[ 59.089618][ T5004] ? generic_file_direct_write+0x460/0x460
[ 59.095414][ T5004] ? __file_remove_privs+0x640/0x640
[ 59.100692][ T5004] ? generic_write_checks+0x160/0x1c0
[ 59.106054][ T5004] __generic_file_write_iter+0x17a/0x400
[ 59.111690][ T5004] generic_file_write_iter+0xaf/0x310
[ 59.117061][ T5004] vfs_write+0x7ec/0xc10
[ 59.121292][ T5004] ? _raw_spin_lock_irqsave+0x120/0x120
[ 59.126831][ T5004] ? file_end_write+0x250/0x250
[ 59.131690][ T5004] ? lockdep_hardirqs_on+0x98/0x140
[ 59.136887][ T5004] ? __fdget_pos+0x265/0x2f0
[ 59.141462][ T5004] ksys_write+0x1a0/0x2c0
[ 59.145785][ T5004] ? __ia32_sys_read+0x90/0x90
[ 59.150543][ T5004] ? syscall_enter_from_user_mode+0x32/0x230
[ 59.156511][ T5004] ? syscall_enter_from_user_mode+0x8c/0x230
[ 59.162483][ T5004] do_syscall_64+0x41/0xc0
[ 59.166909][ T5004] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.172789][ T5004] RIP: 0033:0x7f345c0e09f9
[ 59.177211][ T5004] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.196820][ T5004] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 59.205222][ T5004] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[pid 5004] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5004] exit_group(0) = ?
[pid 5004] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5004, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/bus") = 0
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./13/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 59.213182][ T5004] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 59.221140][ T5004] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 59.229108][ T5004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 59.237088][ T5004] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000000d
[ 59.245057][ T5004]
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5005
./strace-static-x86_64: Process 5005 attached
[pid 5005] chdir("./14") = 0
[pid 5005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5005] setpgid(0, 0) = 0
[pid 5005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5005] write(3, "1000", 4) = 4
[pid 5005] close(3) = 0
[pid 5005] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5005] memfd_create("syzkaller", 0) = 3
[pid 5005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5005] munmap(0x7f3453c93000, 32768) = 0
[pid 5005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5005] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5005] close(3) = 0
[pid 5005] mkdir("./bus", 0777) = 0
[pid 5005] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5005] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5005] chdir("./bus") = 0
[pid 5005] ioctl(4, LOOP_CLR_FD) = 0
[pid 5005] close(4) = 0
[pid 5005] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5005] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5005] write(5, "9", 1) = 1
[ 59.287367][ T5005] loop0: detected capacity change from 0 to 64
[ 59.297535][ T5005] hfs: unable to locate alternate MDB
[ 59.303378][ T5005] hfs: continuing without an alternate MDB
[ 59.314933][ T5005] FAULT_INJECTION: forcing a failure.
[ 59.314933][ T5005] name failslab, interval 1, probability 0, space 0, times 0
[ 59.327702][ T5005] CPU: 0 PID: 5005 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 59.337780][ T5005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 59.347833][ T5005] Call Trace:
[ 59.351104][ T5005]
[ 59.354030][ T5005] dump_stack_lvl+0x1e7/0x2d0
[ 59.358709][ T5005] ? nf_tcp_handle_invalid+0x650/0x650
[ 59.364172][ T5005] ? panic+0x770/0x770
[ 59.368254][ T5005] ? rcu_is_watching+0x15/0xb0
[ 59.373013][ T5005] ? trace_contention_end+0x3c/0xf0
[ 59.378220][ T5005] should_fail_ex+0x3aa/0x4e0
[ 59.382891][ T5005] should_failslab+0x9/0x20
[ 59.387389][ T5005] slab_pre_alloc_hook+0x59/0x2b0
[ 59.392404][ T5005] ? hfs_find_init+0x90/0x1f0
[ 59.397071][ T5005] __kmem_cache_alloc_node+0x4b/0x290
[ 59.402437][ T5005] ? hfs_find_init+0x90/0x1f0
[ 59.407108][ T5005] __kmalloc+0xa8/0x230
[ 59.411260][ T5005] hfs_find_init+0x90/0x1f0
[ 59.415779][ T5005] hfs_extend_file+0x31b/0x1440
[ 59.420629][ T5005] ? hfs_get_block+0xb60/0xb60
[ 59.425392][ T5005] ? find_lock_entries+0x10f0/0x10f0
[ 59.430683][ T5005] ? clean_bdev_aliases+0x7f9/0x920
[ 59.435875][ T5005] hfs_get_block+0x3e4/0xb60
[ 59.440467][ T5005] ? hfs_free_extents+0x420/0x420
[ 59.445490][ T5005] ? _raw_spin_unlock+0x28/0x40
[ 59.450333][ T5005] ? folio_create_buffers+0x132/0x250
[ 59.455702][ T5005] __block_write_begin_int+0x548/0x1a50
[ 59.461237][ T5005] ? folio_add_lru+0x353/0x6f0
[ 59.466008][ T5005] ? hfs_free_extents+0x420/0x420
[ 59.471028][ T5005] ? PageUptodate+0x290/0x290
[ 59.475696][ T5005] ? folio_test_hugetlb+0xa0/0x1d0
[ 59.480802][ T5005] ? pagecache_get_page+0xeb/0x220
[ 59.485923][ T5005] ? hfs_free_extents+0x420/0x420
[ 59.490940][ T5005] block_write_begin+0x9c/0x1f0
[ 59.495780][ T5005] ? cont_write_begin+0x626/0x880
[ 59.500802][ T5005] cont_write_begin+0x643/0x880
[ 59.505652][ T5005] ? fault_in_readable+0x1db/0x350
[ 59.510753][ T5005] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 59.516639][ T5005] ? fault_in_readable+0x21c/0x350
[ 59.521741][ T5005] ? fault_in_safe_writeable+0x260/0x260
[ 59.527368][ T5005] hfs_write_begin+0x8a/0xd0
[ 59.531965][ T5005] ? hfs_free_extents+0x420/0x420
[ 59.536983][ T5005] generic_perform_write+0x300/0x5e0
[ 59.542269][ T5005] ? generic_file_direct_write+0x460/0x460
[ 59.548069][ T5005] ? __file_remove_privs+0x640/0x640
[ 59.553348][ T5005] ? generic_write_checks+0x160/0x1c0
[ 59.558713][ T5005] __generic_file_write_iter+0x17a/0x400
[ 59.564341][ T5005] generic_file_write_iter+0xaf/0x310
[ 59.569704][ T5005] vfs_write+0x7ec/0xc10
[ 59.573942][ T5005] ? _raw_spin_lock_irqsave+0x120/0x120
[ 59.579485][ T5005] ? file_end_write+0x250/0x250
[ 59.584339][ T5005] ? lockdep_hardirqs_on+0x98/0x140
[ 59.589530][ T5005] ? __fdget_pos+0x265/0x2f0
[ 59.594114][ T5005] ksys_write+0x1a0/0x2c0
[ 59.598445][ T5005] ? __ia32_sys_read+0x90/0x90
[ 59.603216][ T5005] ? syscall_enter_from_user_mode+0x32/0x230
[ 59.609193][ T5005] ? syscall_enter_from_user_mode+0x8c/0x230
[ 59.615163][ T5005] do_syscall_64+0x41/0xc0
[ 59.619576][ T5005] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.625461][ T5005] RIP: 0033:0x7f345c0e09f9
[ 59.629868][ T5005] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 59.649465][ T5005] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 59.657883][ T5005] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 59.665842][ T5005] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 59.673804][ T5005] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5005] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5005] exit_group(0) = ?
[pid 5005] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5005, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/bus") = 0
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./14/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5006
./strace-static-x86_64: Process 5006 attached
[pid 5006] chdir("./15") = 0
[pid 5006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5006] setpgid(0, 0) = 0
[pid 5006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5006] write(3, "1000", 4) = 4
[pid 5006] close(3) = 0
[pid 5006] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5006] memfd_create("syzkaller", 0) = 3
[pid 5006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5006] munmap(0x7f3453c93000, 32768) = 0
[pid 5006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 59.681772][ T5005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 59.689730][ T5005] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000000e
[ 59.697703][ T5005]
[pid 5006] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5006] close(3) = 0
[pid 5006] mkdir("./bus", 0777) = 0
[pid 5006] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5006] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5006] chdir("./bus") = 0
[pid 5006] ioctl(4, LOOP_CLR_FD) = 0
[pid 5006] close(4) = 0
[pid 5006] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5006] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5006] write(5, "9", 1) = 1
[ 59.739495][ T5006] loop0: detected capacity change from 0 to 64
[ 59.748962][ T5006] hfs: unable to locate alternate MDB
[ 59.754579][ T5006] hfs: continuing without an alternate MDB
[ 59.765754][ T5006] FAULT_INJECTION: forcing a failure.
[ 59.765754][ T5006] name failslab, interval 1, probability 0, space 0, times 0
[ 59.778614][ T5006] CPU: 0 PID: 5006 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 59.788690][ T5006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 59.798733][ T5006] Call Trace:
[ 59.802010][ T5006]
[ 59.804949][ T5006] dump_stack_lvl+0x1e7/0x2d0
[ 59.809634][ T5006] ? nf_tcp_handle_invalid+0x650/0x650
[ 59.815083][ T5006] ? panic+0x770/0x770
[ 59.819144][ T5006] ? rcu_is_watching+0x15/0xb0
[ 59.823898][ T5006] ? trace_contention_end+0x3c/0xf0
[ 59.829084][ T5006] should_fail_ex+0x3aa/0x4e0
[ 59.833762][ T5006] should_failslab+0x9/0x20
[ 59.838270][ T5006] slab_pre_alloc_hook+0x59/0x2b0
[ 59.843289][ T5006] ? hfs_find_init+0x90/0x1f0
[ 59.847974][ T5006] __kmem_cache_alloc_node+0x4b/0x290
[ 59.853349][ T5006] ? hfs_find_init+0x90/0x1f0
[ 59.858025][ T5006] __kmalloc+0xa8/0x230
[ 59.862183][ T5006] hfs_find_init+0x90/0x1f0
[ 59.866696][ T5006] hfs_extend_file+0x31b/0x1440
[ 59.871567][ T5006] ? hfs_get_block+0xb60/0xb60
[ 59.876341][ T5006] ? find_lock_entries+0x10f0/0x10f0
[ 59.881660][ T5006] ? clean_bdev_aliases+0x7f9/0x920
[ 59.886865][ T5006] hfs_get_block+0x3e4/0xb60
[ 59.891450][ T5006] ? hfs_free_extents+0x420/0x420
[ 59.896479][ T5006] ? _raw_spin_unlock+0x28/0x40
[ 59.901335][ T5006] ? folio_create_buffers+0x132/0x250
[ 59.906693][ T5006] __block_write_begin_int+0x548/0x1a50
[ 59.912227][ T5006] ? folio_add_lru+0x353/0x6f0
[ 59.916998][ T5006] ? hfs_free_extents+0x420/0x420
[ 59.922013][ T5006] ? PageUptodate+0x290/0x290
[ 59.926679][ T5006] ? folio_test_hugetlb+0xa0/0x1d0
[ 59.931804][ T5006] ? pagecache_get_page+0xeb/0x220
[ 59.936924][ T5006] ? hfs_free_extents+0x420/0x420
[ 59.941942][ T5006] block_write_begin+0x9c/0x1f0
[ 59.946791][ T5006] ? cont_write_begin+0x626/0x880
[ 59.951838][ T5006] cont_write_begin+0x643/0x880
[ 59.956682][ T5006] ? fault_in_readable+0x1db/0x350
[ 59.961782][ T5006] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 59.967659][ T5006] ? fault_in_readable+0x21c/0x350
[ 59.972760][ T5006] ? fault_in_safe_writeable+0x260/0x260
[ 59.978395][ T5006] hfs_write_begin+0x8a/0xd0
[ 59.982981][ T5006] ? hfs_free_extents+0x420/0x420
[ 59.988004][ T5006] generic_perform_write+0x300/0x5e0
[ 59.993288][ T5006] ? generic_file_direct_write+0x460/0x460
[ 59.999084][ T5006] ? __file_remove_privs+0x640/0x640
[ 60.004361][ T5006] ? generic_write_checks+0x160/0x1c0
[ 60.009723][ T5006] __generic_file_write_iter+0x17a/0x400
[ 60.015359][ T5006] generic_file_write_iter+0xaf/0x310
[ 60.020750][ T5006] vfs_write+0x7ec/0xc10
[ 60.024987][ T5006] ? _raw_spin_lock_irqsave+0x120/0x120
[ 60.030528][ T5006] ? file_end_write+0x250/0x250
[ 60.035378][ T5006] ? lockdep_hardirqs_on+0x98/0x140
[ 60.040592][ T5006] ? __fdget_pos+0x265/0x2f0
[ 60.045193][ T5006] ksys_write+0x1a0/0x2c0
[ 60.049520][ T5006] ? __ia32_sys_read+0x90/0x90
[ 60.054288][ T5006] ? syscall_enter_from_user_mode+0x32/0x230
[ 60.060296][ T5006] ? syscall_enter_from_user_mode+0x8c/0x230
[ 60.066300][ T5006] do_syscall_64+0x41/0xc0
[ 60.070746][ T5006] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.076627][ T5006] RIP: 0033:0x7f345c0e09f9
[ 60.081028][ T5006] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.100706][ T5006] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 60.109107][ T5006] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 60.117087][ T5006] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 60.125068][ T5006] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 60.133028][ T5006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5006] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5006] exit_group(0) = ?
[pid 5006] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5006, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/bus") = 0
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./15/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5007
./strace-static-x86_64: Process 5007 attached
[pid 5007] chdir("./16") = 0
[pid 5007] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5007] setpgid(0, 0) = 0
[pid 5007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5007] write(3, "1000", 4) = 4
[pid 5007] close(3) = 0
[pid 5007] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5007] memfd_create("syzkaller", 0) = 3
[pid 5007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5007] munmap(0x7f3453c93000, 32768) = 0
[pid 5007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 60.140987][ T5006] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000000f
[ 60.148964][ T5006]
[pid 5007] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5007] close(3) = 0
[pid 5007] mkdir("./bus", 0777) = 0
[pid 5007] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5007] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5007] chdir("./bus") = 0
[pid 5007] ioctl(4, LOOP_CLR_FD) = 0
[pid 5007] close(4) = 0
[pid 5007] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5007] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5007] write(5, "9", 1) = 1
[pid 5007] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5007] exit_group(0) = ?
[pid 5007] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5007, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/bus") = 0
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./16/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 60.196224][ T5007] loop0: detected capacity change from 0 to 64
[ 60.206022][ T5007] hfs: unable to locate alternate MDB
[ 60.211392][ T5007] hfs: continuing without an alternate MDB
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5008
./strace-static-x86_64: Process 5008 attached
[pid 5008] chdir("./17") = 0
[pid 5008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5008] setpgid(0, 0) = 0
[pid 5008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5008] write(3, "1000", 4) = 4
[pid 5008] close(3) = 0
[pid 5008] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5008] memfd_create("syzkaller", 0) = 3
[pid 5008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5008] munmap(0x7f3453c93000, 32768) = 0
[pid 5008] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5008] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5008] close(3) = 0
[pid 5008] mkdir("./bus", 0777) = 0
[pid 5008] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5008] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5008] chdir("./bus") = 0
[pid 5008] ioctl(4, LOOP_CLR_FD) = 0
[pid 5008] close(4) = 0
[pid 5008] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5008] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5008] write(5, "9", 1) = 1
[ 60.274764][ T5008] loop0: detected capacity change from 0 to 64
[ 60.284415][ T5008] hfs: unable to locate alternate MDB
[ 60.289808][ T5008] hfs: continuing without an alternate MDB
[ 60.305468][ T5008] FAULT_INJECTION: forcing a failure.
[ 60.305468][ T5008] name failslab, interval 1, probability 0, space 0, times 0
[ 60.318253][ T5008] CPU: 1 PID: 5008 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 60.328346][ T5008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 60.338384][ T5008] Call Trace:
[ 60.341661][ T5008]
[ 60.344598][ T5008] dump_stack_lvl+0x1e7/0x2d0
[ 60.349286][ T5008] ? nf_tcp_handle_invalid+0x650/0x650
[ 60.354736][ T5008] ? panic+0x770/0x770
[ 60.358794][ T5008] ? rcu_is_watching+0x15/0xb0
[ 60.363546][ T5008] ? trace_contention_end+0x3c/0xf0
[ 60.368733][ T5008] should_fail_ex+0x3aa/0x4e0
[ 60.373409][ T5008] should_failslab+0x9/0x20
[ 60.377918][ T5008] slab_pre_alloc_hook+0x59/0x2b0
[ 60.382945][ T5008] ? hfs_find_init+0x90/0x1f0
[ 60.387610][ T5008] __kmem_cache_alloc_node+0x4b/0x290
[ 60.392970][ T5008] ? hfs_find_init+0x90/0x1f0
[ 60.397634][ T5008] __kmalloc+0xa8/0x230
[ 60.401780][ T5008] hfs_find_init+0x90/0x1f0
[ 60.406280][ T5008] hfs_extend_file+0x31b/0x1440
[ 60.411136][ T5008] ? hfs_get_block+0xb60/0xb60
[ 60.415898][ T5008] ? find_lock_entries+0x10f0/0x10f0
[ 60.421190][ T5008] ? clean_bdev_aliases+0x7f9/0x920
[ 60.426385][ T5008] hfs_get_block+0x3e4/0xb60
[ 60.430978][ T5008] ? hfs_free_extents+0x420/0x420
[ 60.436003][ T5008] ? _raw_spin_unlock+0x28/0x40
[ 60.440848][ T5008] ? folio_create_buffers+0x132/0x250
[ 60.446212][ T5008] __block_write_begin_int+0x548/0x1a50
[ 60.451749][ T5008] ? folio_add_lru+0x353/0x6f0
[ 60.456516][ T5008] ? hfs_free_extents+0x420/0x420
[ 60.461532][ T5008] ? PageUptodate+0x290/0x290
[ 60.466215][ T5008] ? folio_test_hugetlb+0xa0/0x1d0
[ 60.471322][ T5008] ? pagecache_get_page+0xeb/0x220
[ 60.476422][ T5008] ? hfs_free_extents+0x420/0x420
[ 60.481440][ T5008] block_write_begin+0x9c/0x1f0
[ 60.486280][ T5008] ? cont_write_begin+0x626/0x880
[ 60.491310][ T5008] cont_write_begin+0x643/0x880
[ 60.496159][ T5008] ? fault_in_readable+0x1db/0x350
[ 60.501261][ T5008] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 60.507143][ T5008] ? fault_in_readable+0x21c/0x350
[ 60.512246][ T5008] ? fault_in_safe_writeable+0x260/0x260
[ 60.517893][ T5008] hfs_write_begin+0x8a/0xd0
[ 60.522476][ T5008] ? hfs_free_extents+0x420/0x420
[ 60.527495][ T5008] generic_perform_write+0x300/0x5e0
[ 60.532780][ T5008] ? generic_file_direct_write+0x460/0x460
[ 60.538575][ T5008] ? __file_remove_privs+0x640/0x640
[ 60.543854][ T5008] ? generic_write_checks+0x160/0x1c0
[ 60.549222][ T5008] __generic_file_write_iter+0x17a/0x400
[ 60.554849][ T5008] generic_file_write_iter+0xaf/0x310
[ 60.560214][ T5008] vfs_write+0x7ec/0xc10
[ 60.564453][ T5008] ? _raw_spin_lock_irqsave+0x120/0x120
[ 60.569992][ T5008] ? file_end_write+0x250/0x250
[ 60.574845][ T5008] ? lockdep_hardirqs_on+0x98/0x140
[ 60.580048][ T5008] ? __fdget_pos+0x265/0x2f0
[ 60.584629][ T5008] ksys_write+0x1a0/0x2c0
[ 60.588959][ T5008] ? __ia32_sys_read+0x90/0x90
[ 60.593716][ T5008] ? syscall_enter_from_user_mode+0x32/0x230
[ 60.599687][ T5008] ? syscall_enter_from_user_mode+0x8c/0x230
[ 60.605660][ T5008] do_syscall_64+0x41/0xc0
[ 60.610071][ T5008] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.615957][ T5008] RIP: 0033:0x7f345c0e09f9
[ 60.620363][ T5008] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.639970][ T5008] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 60.648372][ T5008] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 60.656335][ T5008] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 60.664292][ T5008] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5008] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5008] exit_group(0) = ?
[pid 5008] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5008, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/bus") = 0
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./17/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5009
./strace-static-x86_64: Process 5009 attached
[pid 5009] chdir("./18") = 0
[pid 5009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5009] setpgid(0, 0) = 0
[pid 5009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5009] write(3, "1000", 4) = 4
[pid 5009] close(3) = 0
[pid 5009] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5009] memfd_create("syzkaller", 0) = 3
[pid 5009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5009] munmap(0x7f3453c93000, 32768) = 0
[ 60.672256][ T5008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 60.680219][ T5008] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000011
[ 60.688207][ T5008]
[pid 5009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5009] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5009] close(3) = 0
[pid 5009] mkdir("./bus", 0777) = 0
[pid 5009] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5009] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5009] chdir("./bus") = 0
[pid 5009] ioctl(4, LOOP_CLR_FD) = 0
[pid 5009] close(4) = 0
[pid 5009] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5009] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5009] write(5, "9", 1) = 1
[ 60.732190][ T5009] loop0: detected capacity change from 0 to 64
[ 60.741463][ T5009] hfs: unable to locate alternate MDB
[ 60.747264][ T5009] hfs: continuing without an alternate MDB
[ 60.759946][ T5009] FAULT_INJECTION: forcing a failure.
[ 60.759946][ T5009] name failslab, interval 1, probability 0, space 0, times 0
[ 60.773292][ T5009] CPU: 0 PID: 5009 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 60.783368][ T5009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 60.793409][ T5009] Call Trace:
[ 60.796672][ T5009]
[ 60.799589][ T5009] dump_stack_lvl+0x1e7/0x2d0
[ 60.804264][ T5009] ? nf_tcp_handle_invalid+0x650/0x650
[ 60.809737][ T5009] ? panic+0x770/0x770
[ 60.813817][ T5009] ? rcu_is_watching+0x15/0xb0
[ 60.818590][ T5009] ? trace_contention_end+0x3c/0xf0
[ 60.823786][ T5009] should_fail_ex+0x3aa/0x4e0
[ 60.828463][ T5009] should_failslab+0x9/0x20
[ 60.832964][ T5009] slab_pre_alloc_hook+0x59/0x2b0
[ 60.837988][ T5009] ? hfs_find_init+0x90/0x1f0
[ 60.842660][ T5009] __kmem_cache_alloc_node+0x4b/0x290
[ 60.848041][ T5009] ? hfs_find_init+0x90/0x1f0
[ 60.852715][ T5009] __kmalloc+0xa8/0x230
[ 60.856876][ T5009] hfs_find_init+0x90/0x1f0
[ 60.861380][ T5009] hfs_extend_file+0x31b/0x1440
[ 60.866237][ T5009] ? hfs_get_block+0xb60/0xb60
[ 60.871103][ T5009] ? find_lock_entries+0x10f0/0x10f0
[ 60.876416][ T5009] ? clean_bdev_aliases+0x7f9/0x920
[ 60.881629][ T5009] hfs_get_block+0x3e4/0xb60
[ 60.886236][ T5009] ? hfs_free_extents+0x420/0x420
[ 60.891266][ T5009] ? _raw_spin_unlock+0x28/0x40
[ 60.896108][ T5009] ? folio_create_buffers+0x132/0x250
[ 60.901476][ T5009] __block_write_begin_int+0x548/0x1a50
[ 60.907015][ T5009] ? folio_add_lru+0x353/0x6f0
[ 60.911790][ T5009] ? hfs_free_extents+0x420/0x420
[ 60.916811][ T5009] ? PageUptodate+0x290/0x290
[ 60.921486][ T5009] ? folio_test_hugetlb+0xa0/0x1d0
[ 60.926598][ T5009] ? pagecache_get_page+0xeb/0x220
[ 60.931717][ T5009] ? hfs_free_extents+0x420/0x420
[ 60.936747][ T5009] block_write_begin+0x9c/0x1f0
[ 60.941589][ T5009] ? cont_write_begin+0x626/0x880
[ 60.946609][ T5009] cont_write_begin+0x643/0x880
[ 60.951462][ T5009] ? fault_in_readable+0x1db/0x350
[ 60.956570][ T5009] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 60.962455][ T5009] ? fault_in_readable+0x21c/0x350
[ 60.967562][ T5009] ? fault_in_safe_writeable+0x260/0x260
[ 60.973191][ T5009] hfs_write_begin+0x8a/0xd0
[ 60.977777][ T5009] ? hfs_free_extents+0x420/0x420
[ 60.982801][ T5009] generic_perform_write+0x300/0x5e0
[ 60.988090][ T5009] ? generic_file_direct_write+0x460/0x460
[ 60.993886][ T5009] ? __file_remove_privs+0x640/0x640
[ 60.999168][ T5009] ? generic_write_checks+0x160/0x1c0
[ 61.004556][ T5009] __generic_file_write_iter+0x17a/0x400
[ 61.010195][ T5009] generic_file_write_iter+0xaf/0x310
[ 61.015563][ T5009] vfs_write+0x7ec/0xc10
[ 61.019805][ T5009] ? _raw_spin_lock_irqsave+0x120/0x120
[ 61.025348][ T5009] ? file_end_write+0x250/0x250
[ 61.030202][ T5009] ? lockdep_hardirqs_on+0x98/0x140
[ 61.035393][ T5009] ? __fdget_pos+0x265/0x2f0
[ 61.039975][ T5009] ksys_write+0x1a0/0x2c0
[ 61.044318][ T5009] ? __ia32_sys_read+0x90/0x90
[ 61.049089][ T5009] ? syscall_enter_from_user_mode+0x32/0x230
[ 61.055066][ T5009] ? syscall_enter_from_user_mode+0x8c/0x230
[ 61.061042][ T5009] do_syscall_64+0x41/0xc0
[ 61.065455][ T5009] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.071340][ T5009] RIP: 0033:0x7f345c0e09f9
[ 61.075747][ T5009] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.095343][ T5009] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 61.103752][ T5009] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 61.111717][ T5009] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 61.119677][ T5009] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5009] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5009] exit_group(0) = ?
[pid 5009] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5009, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/bus") = 0
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./18/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5010
./strace-static-x86_64: Process 5010 attached
[pid 5010] chdir("./19") = 0
[pid 5010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5010] setpgid(0, 0) = 0
[pid 5010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5010] write(3, "1000", 4) = 4
[pid 5010] close(3) = 0
[pid 5010] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5010] memfd_create("syzkaller", 0) = 3
[pid 5010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5010] munmap(0x7f3453c93000, 32768) = 0
[pid 5010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 61.127642][ T5009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 61.135617][ T5009] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000012
[ 61.143598][ T5009]
[pid 5010] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5010] close(3) = 0
[pid 5010] mkdir("./bus", 0777) = 0
[pid 5010] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5010] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5010] chdir("./bus") = 0
[pid 5010] ioctl(4, LOOP_CLR_FD) = 0
[pid 5010] close(4) = 0
[pid 5010] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5010] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5010] write(5, "9", 1) = 1
[ 61.175679][ T5010] loop0: detected capacity change from 0 to 64
[ 61.186676][ T5010] hfs: unable to locate alternate MDB
[ 61.192521][ T5010] hfs: continuing without an alternate MDB
[ 61.214152][ T5010] FAULT_INJECTION: forcing a failure.
[ 61.214152][ T5010] name failslab, interval 1, probability 0, space 0, times 0
[ 61.226892][ T5010] CPU: 0 PID: 5010 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 61.236945][ T5010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 61.247006][ T5010] Call Trace:
[ 61.250282][ T5010]
[ 61.253205][ T5010] dump_stack_lvl+0x1e7/0x2d0
[ 61.257887][ T5010] ? nf_tcp_handle_invalid+0x650/0x650
[ 61.263344][ T5010] ? panic+0x770/0x770
[ 61.267410][ T5010] ? rcu_is_watching+0x15/0xb0
[ 61.272176][ T5010] ? trace_contention_end+0x3c/0xf0
[ 61.277368][ T5010] should_fail_ex+0x3aa/0x4e0
[ 61.282040][ T5010] should_failslab+0x9/0x20
[ 61.286535][ T5010] slab_pre_alloc_hook+0x59/0x2b0
[ 61.291553][ T5010] ? hfs_find_init+0x90/0x1f0
[ 61.296220][ T5010] __kmem_cache_alloc_node+0x4b/0x290
[ 61.301587][ T5010] ? hfs_find_init+0x90/0x1f0
[ 61.306258][ T5010] __kmalloc+0xa8/0x230
[ 61.310485][ T5010] hfs_find_init+0x90/0x1f0
[ 61.314995][ T5010] hfs_extend_file+0x31b/0x1440
[ 61.319851][ T5010] ? hfs_get_block+0xb60/0xb60
[ 61.324613][ T5010] ? find_lock_entries+0x10f0/0x10f0
[ 61.329903][ T5010] ? clean_bdev_aliases+0x7f9/0x920
[ 61.335095][ T5010] hfs_get_block+0x3e4/0xb60
[ 61.339694][ T5010] ? hfs_free_extents+0x420/0x420
[ 61.344725][ T5010] ? _raw_spin_unlock+0x28/0x40
[ 61.349569][ T5010] ? folio_create_buffers+0x132/0x250
[ 61.354933][ T5010] __block_write_begin_int+0x548/0x1a50
[ 61.360478][ T5010] ? folio_add_lru+0x353/0x6f0
[ 61.365252][ T5010] ? hfs_free_extents+0x420/0x420
[ 61.370273][ T5010] ? PageUptodate+0x290/0x290
[ 61.374942][ T5010] ? folio_test_hugetlb+0xa0/0x1d0
[ 61.380055][ T5010] ? pagecache_get_page+0xeb/0x220
[ 61.385161][ T5010] ? hfs_free_extents+0x420/0x420
[ 61.390192][ T5010] block_write_begin+0x9c/0x1f0
[ 61.395035][ T5010] ? cont_write_begin+0x626/0x880
[ 61.400053][ T5010] cont_write_begin+0x643/0x880
[ 61.404918][ T5010] ? fault_in_readable+0x1db/0x350
[ 61.410039][ T5010] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 61.415924][ T5010] ? fault_in_readable+0x21c/0x350
[ 61.421043][ T5010] ? fault_in_safe_writeable+0x260/0x260
[ 61.426693][ T5010] hfs_write_begin+0x8a/0xd0
[ 61.431285][ T5010] ? hfs_free_extents+0x420/0x420
[ 61.436309][ T5010] generic_perform_write+0x300/0x5e0
[ 61.441596][ T5010] ? generic_file_direct_write+0x460/0x460
[ 61.447394][ T5010] ? __file_remove_privs+0x640/0x640
[ 61.452675][ T5010] ? generic_write_checks+0x160/0x1c0
[ 61.458041][ T5010] __generic_file_write_iter+0x17a/0x400
[ 61.463669][ T5010] generic_file_write_iter+0xaf/0x310
[ 61.469034][ T5010] vfs_write+0x7ec/0xc10
[ 61.473272][ T5010] ? _raw_spin_lock_irqsave+0x120/0x120
[ 61.478815][ T5010] ? file_end_write+0x250/0x250
[ 61.483669][ T5010] ? lockdep_hardirqs_on+0x98/0x140
[ 61.488864][ T5010] ? __fdget_pos+0x265/0x2f0
[ 61.493452][ T5010] ksys_write+0x1a0/0x2c0
[ 61.497797][ T5010] ? __ia32_sys_read+0x90/0x90
[ 61.502555][ T5010] ? syscall_enter_from_user_mode+0x32/0x230
[ 61.508527][ T5010] ? syscall_enter_from_user_mode+0x8c/0x230
[ 61.514503][ T5010] do_syscall_64+0x41/0xc0
[ 61.518918][ T5010] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.524810][ T5010] RIP: 0033:0x7f345c0e09f9
[ 61.529219][ T5010] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.548818][ T5010] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 61.557227][ T5010] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 61.565188][ T5010] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5010] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5010] exit_group(0) = ?
[pid 5010] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5010, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/bus") = 0
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./19/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5011
./strace-static-x86_64: Process 5011 attached
[pid 5011] chdir("./20") = 0
[pid 5011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[ 61.573148][ T5010] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 61.581108][ T5010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 61.589069][ T5010] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000013
[ 61.597042][ T5010]
[pid 5011] setpgid(0, 0) = 0
[pid 5011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5011] write(3, "1000", 4) = 4
[pid 5011] close(3) = 0
[pid 5011] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5011] memfd_create("syzkaller", 0) = 3
[pid 5011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5011] munmap(0x7f3453c93000, 32768) = 0
[pid 5011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5011] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5011] close(3) = 0
[pid 5011] mkdir("./bus", 0777) = 0
[pid 5011] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5011] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5011] chdir("./bus") = 0
[pid 5011] ioctl(4, LOOP_CLR_FD) = 0
[pid 5011] close(4) = 0
[pid 5011] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5011] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5011] write(5, "9", 1) = 1
[ 61.647053][ T5011] loop0: detected capacity change from 0 to 64
[ 61.657192][ T5011] hfs: unable to locate alternate MDB
[ 61.662821][ T5011] hfs: continuing without an alternate MDB
[ 61.686966][ T5011] FAULT_INJECTION: forcing a failure.
[ 61.686966][ T5011] name failslab, interval 1, probability 0, space 0, times 0
[ 61.699639][ T5011] CPU: 1 PID: 5011 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 61.709695][ T5011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 61.719736][ T5011] Call Trace:
[ 61.723012][ T5011]
[ 61.725933][ T5011] dump_stack_lvl+0x1e7/0x2d0
[ 61.730605][ T5011] ? nf_tcp_handle_invalid+0x650/0x650
[ 61.736053][ T5011] ? panic+0x770/0x770
[ 61.740109][ T5011] ? rcu_is_watching+0x15/0xb0
[ 61.744861][ T5011] ? trace_contention_end+0x3c/0xf0
[ 61.750049][ T5011] should_fail_ex+0x3aa/0x4e0
[ 61.754724][ T5011] should_failslab+0x9/0x20
[ 61.759224][ T5011] slab_pre_alloc_hook+0x59/0x2b0
[ 61.764244][ T5011] ? hfs_find_init+0x90/0x1f0
[ 61.768918][ T5011] __kmem_cache_alloc_node+0x4b/0x290
[ 61.774283][ T5011] ? hfs_find_init+0x90/0x1f0
[ 61.778954][ T5011] __kmalloc+0xa8/0x230
[ 61.783102][ T5011] hfs_find_init+0x90/0x1f0
[ 61.787599][ T5011] hfs_extend_file+0x31b/0x1440
[ 61.792452][ T5011] ? hfs_get_block+0xb60/0xb60
[ 61.797210][ T5011] ? find_lock_entries+0x10f0/0x10f0
[ 61.802501][ T5011] ? clean_bdev_aliases+0x7f9/0x920
[ 61.807691][ T5011] hfs_get_block+0x3e4/0xb60
[ 61.812286][ T5011] ? hfs_free_extents+0x420/0x420
[ 61.817322][ T5011] ? _raw_spin_unlock+0x28/0x40
[ 61.822161][ T5011] ? folio_create_buffers+0x132/0x250
[ 61.827523][ T5011] __block_write_begin_int+0x548/0x1a50
[ 61.833076][ T5011] ? folio_add_lru+0x353/0x6f0
[ 61.837856][ T5011] ? hfs_free_extents+0x420/0x420
[ 61.842882][ T5011] ? PageUptodate+0x290/0x290
[ 61.847556][ T5011] ? folio_test_hugetlb+0xa0/0x1d0
[ 61.852663][ T5011] ? pagecache_get_page+0xeb/0x220
[ 61.857771][ T5011] ? hfs_free_extents+0x420/0x420
[ 61.862789][ T5011] block_write_begin+0x9c/0x1f0
[ 61.867630][ T5011] ? cont_write_begin+0x626/0x880
[ 61.872650][ T5011] cont_write_begin+0x643/0x880
[ 61.877523][ T5011] ? fault_in_readable+0x1db/0x350
[ 61.882637][ T5011] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 61.888527][ T5011] ? fault_in_readable+0x21c/0x350
[ 61.893648][ T5011] ? fault_in_safe_writeable+0x260/0x260
[ 61.899280][ T5011] hfs_write_begin+0x8a/0xd0
[ 61.903863][ T5011] ? hfs_free_extents+0x420/0x420
[ 61.908891][ T5011] generic_perform_write+0x300/0x5e0
[ 61.914176][ T5011] ? generic_file_direct_write+0x460/0x460
[ 61.919973][ T5011] ? __file_remove_privs+0x640/0x640
[ 61.925251][ T5011] ? generic_write_checks+0x160/0x1c0
[ 61.930616][ T5011] __generic_file_write_iter+0x17a/0x400
[ 61.936244][ T5011] generic_file_write_iter+0xaf/0x310
[ 61.941612][ T5011] vfs_write+0x7ec/0xc10
[ 61.945855][ T5011] ? _raw_spin_lock_irqsave+0x120/0x120
[ 61.951419][ T5011] ? file_end_write+0x250/0x250
[ 61.956281][ T5011] ? lockdep_hardirqs_on+0x98/0x140
[ 61.961474][ T5011] ? __fdget_pos+0x265/0x2f0
[ 61.966058][ T5011] ksys_write+0x1a0/0x2c0
[ 61.970387][ T5011] ? __ia32_sys_read+0x90/0x90
[ 61.975147][ T5011] ? syscall_enter_from_user_mode+0x32/0x230
[ 61.981125][ T5011] ? syscall_enter_from_user_mode+0x8c/0x230
[ 61.987096][ T5011] do_syscall_64+0x41/0xc0
[ 61.991507][ T5011] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.997399][ T5011] RIP: 0033:0x7f345c0e09f9
[ 62.001807][ T5011] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 62.021407][ T5011] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 62.029826][ T5011] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 62.037801][ T5011] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5011] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5011] exit_group(0) = ?
[pid 5011] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5011, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/bus") = 0
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./20/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5012 attached
, child_tidptr=0x5555571ac5d0) = 5012
[pid 5012] chdir("./21") = 0
[pid 5012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5012] setpgid(0, 0) = 0
[pid 5012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5012] write(3, "1000", 4) = 4
[pid 5012] close(3) = 0
[pid 5012] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5012] memfd_create("syzkaller", 0) = 3
[ 62.045775][ T5011] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 62.053745][ T5011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 62.061707][ T5011] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000014
[ 62.069683][ T5011]
[pid 5012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5012] munmap(0x7f3453c93000, 32768) = 0
[pid 5012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5012] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5012] close(3) = 0
[pid 5012] mkdir("./bus", 0777) = 0
[pid 5012] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5012] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5012] chdir("./bus") = 0
[pid 5012] ioctl(4, LOOP_CLR_FD) = 0
[pid 5012] close(4) = 0
[pid 5012] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5012] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5012] write(5, "9", 1) = 1
[ 62.113688][ T5012] loop0: detected capacity change from 0 to 64
[ 62.123596][ T5012] hfs: unable to locate alternate MDB
[ 62.129212][ T5012] hfs: continuing without an alternate MDB
[ 62.140499][ T5012] FAULT_INJECTION: forcing a failure.
[ 62.140499][ T5012] name failslab, interval 1, probability 0, space 0, times 0
[ 62.153265][ T5012] CPU: 0 PID: 5012 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 62.163349][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 62.173407][ T5012] Call Trace:
[ 62.176676][ T5012]
[ 62.179593][ T5012] dump_stack_lvl+0x1e7/0x2d0
[ 62.184270][ T5012] ? nf_tcp_handle_invalid+0x650/0x650
[ 62.189730][ T5012] ? panic+0x770/0x770
[ 62.193795][ T5012] ? rcu_is_watching+0x15/0xb0
[ 62.198549][ T5012] ? trace_contention_end+0x3c/0xf0
[ 62.203743][ T5012] should_fail_ex+0x3aa/0x4e0
[ 62.208423][ T5012] should_failslab+0x9/0x20
[ 62.212916][ T5012] slab_pre_alloc_hook+0x59/0x2b0
[ 62.217934][ T5012] ? hfs_find_init+0x90/0x1f0
[ 62.222600][ T5012] __kmem_cache_alloc_node+0x4b/0x290
[ 62.227961][ T5012] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 62.233765][ T5012] ? hfs_find_init+0x90/0x1f0
[ 62.238432][ T5012] __kmalloc+0xa8/0x230
[ 62.242583][ T5012] hfs_find_init+0x90/0x1f0
[ 62.247082][ T5012] hfs_extend_file+0x31b/0x1440
[ 62.251933][ T5012] ? hfs_get_block+0xb60/0xb60
[ 62.256699][ T5012] ? lru_cache_disable+0x30/0x30
[ 62.261629][ T5012] ? __might_sleep+0xc0/0xc0
[ 62.266226][ T5012] ? clean_bdev_aliases+0x80a/0x920
[ 62.271418][ T5012] hfs_get_block+0x3e4/0xb60
[ 62.276012][ T5012] ? hfs_free_extents+0x420/0x420
[ 62.281037][ T5012] ? _raw_spin_unlock+0x28/0x40
[ 62.285885][ T5012] ? folio_create_buffers+0x132/0x250
[ 62.291250][ T5012] __block_write_begin_int+0x548/0x1a50
[ 62.296785][ T5012] ? folio_add_lru+0x353/0x6f0
[ 62.301558][ T5012] ? hfs_free_extents+0x420/0x420
[ 62.306578][ T5012] ? PageUptodate+0x290/0x290
[ 62.311245][ T5012] ? folio_test_hugetlb+0xa0/0x1d0
[ 62.316354][ T5012] ? pagecache_get_page+0xeb/0x220
[ 62.321456][ T5012] ? hfs_free_extents+0x420/0x420
[ 62.326471][ T5012] block_write_begin+0x9c/0x1f0
[ 62.331308][ T5012] ? cont_write_begin+0x626/0x880
[ 62.336322][ T5012] cont_write_begin+0x643/0x880
[ 62.341171][ T5012] ? fault_in_readable+0x1db/0x350
[ 62.346292][ T5012] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 62.352190][ T5012] ? fault_in_readable+0x21c/0x350
[ 62.357296][ T5012] ? fault_in_safe_writeable+0x260/0x260
[ 62.362927][ T5012] hfs_write_begin+0x8a/0xd0
[ 62.367510][ T5012] ? hfs_free_extents+0x420/0x420
[ 62.372532][ T5012] generic_perform_write+0x300/0x5e0
[ 62.377821][ T5012] ? generic_file_direct_write+0x460/0x460
[ 62.383620][ T5012] ? __file_remove_privs+0x640/0x640
[ 62.388897][ T5012] ? generic_write_checks+0x160/0x1c0
[ 62.394264][ T5012] __generic_file_write_iter+0x17a/0x400
[ 62.399890][ T5012] generic_file_write_iter+0xaf/0x310
[ 62.405257][ T5012] vfs_write+0x7ec/0xc10
[ 62.409497][ T5012] ? _raw_spin_lock_irqsave+0x120/0x120
[ 62.415036][ T5012] ? file_end_write+0x250/0x250
[ 62.419889][ T5012] ? lockdep_hardirqs_on+0x98/0x140
[ 62.425079][ T5012] ? __fdget_pos+0x265/0x2f0
[ 62.429663][ T5012] ksys_write+0x1a0/0x2c0
[ 62.433989][ T5012] ? __ia32_sys_read+0x90/0x90
[ 62.438746][ T5012] ? syscall_enter_from_user_mode+0x32/0x230
[ 62.444722][ T5012] ? syscall_enter_from_user_mode+0x8c/0x230
[ 62.450692][ T5012] do_syscall_64+0x41/0xc0
[ 62.455105][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.460990][ T5012] RIP: 0033:0x7f345c0e09f9
[ 62.465395][ T5012] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 62.484986][ T5012] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 62.493390][ T5012] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 62.501351][ T5012] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5012] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5012] exit_group(0) = ?
[pid 5012] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5012, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/bus") = 0
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./21/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5013
./strace-static-x86_64: Process 5013 attached
[pid 5013] chdir("./22") = 0
[pid 5013] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5013] setpgid(0, 0) = 0
[ 62.509315][ T5012] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 62.517279][ T5012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 62.525240][ T5012] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000015
[ 62.533215][ T5012]
[pid 5013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5013] write(3, "1000", 4) = 4
[pid 5013] close(3) = 0
[pid 5013] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5013] memfd_create("syzkaller", 0) = 3
[pid 5013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5013] munmap(0x7f3453c93000, 32768) = 0
[pid 5013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5013] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5013] close(3) = 0
[pid 5013] mkdir("./bus", 0777) = 0
[pid 5013] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5013] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5013] chdir("./bus") = 0
[pid 5013] ioctl(4, LOOP_CLR_FD) = 0
[pid 5013] close(4) = 0
[pid 5013] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5013] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5013] write(5, "9", 1) = 1
[pid 5013] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5013] exit_group(0) = ?
[pid 5013] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5013, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/bus") = 0
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./22/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5014
./strace-static-x86_64: Process 5014 attached
[ 62.584541][ T5013] loop0: detected capacity change from 0 to 64
[ 62.594077][ T5013] hfs: unable to locate alternate MDB
[ 62.599739][ T5013] hfs: continuing without an alternate MDB
[pid 5014] chdir("./23") = 0
[pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5014] setpgid(0, 0) = 0
[pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5014] write(3, "1000", 4) = 4
[pid 5014] close(3) = 0
[pid 5014] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5014] memfd_create("syzkaller", 0) = 3
[pid 5014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5014] munmap(0x7f3453c93000, 32768) = 0
[pid 5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5014] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5014] close(3) = 0
[pid 5014] mkdir("./bus", 0777) = 0
[pid 5014] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5014] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5014] chdir("./bus") = 0
[pid 5014] ioctl(4, LOOP_CLR_FD) = 0
[pid 5014] close(4) = 0
[pid 5014] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5014] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5014] write(5, "9", 1) = 1
[pid 5014] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5014] exit_group(0) = ?
[pid 5014] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/bus") = 0
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./23/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5015
[ 62.658415][ T5014] loop0: detected capacity change from 0 to 64
[ 62.667900][ T5014] hfs: unable to locate alternate MDB
[ 62.673733][ T5014] hfs: continuing without an alternate MDB
./strace-static-x86_64: Process 5015 attached
[pid 5015] chdir("./24") = 0
[pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5015] setpgid(0, 0) = 0
[pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5015] write(3, "1000", 4) = 4
[pid 5015] close(3) = 0
[pid 5015] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5015] memfd_create("syzkaller", 0) = 3
[pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5015] munmap(0x7f3453c93000, 32768) = 0
[pid 5015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5015] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5015] close(3) = 0
[pid 5015] mkdir("./bus", 0777) = 0
[pid 5015] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5015] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5015] chdir("./bus") = 0
[pid 5015] ioctl(4, LOOP_CLR_FD) = 0
[pid 5015] close(4) = 0
[pid 5015] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5015] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5015] write(5, "9", 1) = 1
[ 62.738425][ T5015] loop0: detected capacity change from 0 to 64
[ 62.748126][ T5015] hfs: unable to locate alternate MDB
[ 62.753769][ T5015] hfs: continuing without an alternate MDB
[ 62.768099][ T5015] FAULT_INJECTION: forcing a failure.
[ 62.768099][ T5015] name failslab, interval 1, probability 0, space 0, times 0
[ 62.781435][ T5015] CPU: 1 PID: 5015 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 62.791523][ T5015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 62.801566][ T5015] Call Trace:
[ 62.804832][ T5015]
[ 62.807753][ T5015] dump_stack_lvl+0x1e7/0x2d0
[ 62.812424][ T5015] ? nf_tcp_handle_invalid+0x650/0x650
[ 62.817870][ T5015] ? panic+0x770/0x770
[ 62.821944][ T5015] ? rcu_is_watching+0x15/0xb0
[ 62.826695][ T5015] ? trace_contention_end+0x3c/0xf0
[ 62.831894][ T5015] should_fail_ex+0x3aa/0x4e0
[ 62.836580][ T5015] should_failslab+0x9/0x20
[ 62.841070][ T5015] slab_pre_alloc_hook+0x59/0x2b0
[ 62.846086][ T5015] ? hfs_find_init+0x90/0x1f0
[ 62.850769][ T5015] __kmem_cache_alloc_node+0x4b/0x290
[ 62.856128][ T5015] ? hfs_find_init+0x90/0x1f0
[ 62.860805][ T5015] __kmalloc+0xa8/0x230
[ 62.864962][ T5015] hfs_find_init+0x90/0x1f0
[ 62.869457][ T5015] hfs_extend_file+0x31b/0x1440
[ 62.874301][ T5015] ? hfs_get_block+0xb60/0xb60
[ 62.879068][ T5015] ? find_lock_entries+0x10f0/0x10f0
[ 62.884372][ T5015] ? clean_bdev_aliases+0x7f9/0x920
[ 62.889560][ T5015] hfs_get_block+0x3e4/0xb60
[ 62.894161][ T5015] ? hfs_free_extents+0x420/0x420
[ 62.899178][ T5015] ? _raw_spin_unlock+0x28/0x40
[ 62.904014][ T5015] ? folio_create_buffers+0x132/0x250
[ 62.909375][ T5015] __block_write_begin_int+0x548/0x1a50
[ 62.914907][ T5015] ? folio_add_lru+0x353/0x6f0
[ 62.919677][ T5015] ? hfs_free_extents+0x420/0x420
[ 62.924710][ T5015] ? PageUptodate+0x290/0x290
[ 62.929374][ T5015] ? folio_test_hugetlb+0xa0/0x1d0
[ 62.934475][ T5015] ? pagecache_get_page+0xeb/0x220
[ 62.939586][ T5015] ? hfs_free_extents+0x420/0x420
[ 62.944604][ T5015] block_write_begin+0x9c/0x1f0
[ 62.949439][ T5015] ? cont_write_begin+0x626/0x880
[ 62.954451][ T5015] cont_write_begin+0x643/0x880
[ 62.959292][ T5015] ? fault_in_readable+0x1db/0x350
[ 62.964402][ T5015] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 62.970287][ T5015] ? fault_in_readable+0x21c/0x350
[ 62.975386][ T5015] ? fault_in_safe_writeable+0x260/0x260
[ 62.981009][ T5015] hfs_write_begin+0x8a/0xd0
[ 62.985599][ T5015] ? hfs_free_extents+0x420/0x420
[ 62.990624][ T5015] generic_perform_write+0x300/0x5e0
[ 62.995915][ T5015] ? generic_file_direct_write+0x460/0x460
[ 63.001718][ T5015] ? __file_remove_privs+0x640/0x640
[ 63.007030][ T5015] ? generic_write_checks+0x160/0x1c0
[ 63.012392][ T5015] __generic_file_write_iter+0x17a/0x400
[ 63.018022][ T5015] generic_file_write_iter+0xaf/0x310
[ 63.023383][ T5015] vfs_write+0x7ec/0xc10
[ 63.027637][ T5015] ? _raw_spin_lock_irqsave+0x120/0x120
[ 63.033181][ T5015] ? file_end_write+0x250/0x250
[ 63.038028][ T5015] ? lockdep_hardirqs_on+0x98/0x140
[ 63.043215][ T5015] ? __fdget_pos+0x265/0x2f0
[ 63.047821][ T5015] ksys_write+0x1a0/0x2c0
[ 63.052142][ T5015] ? __ia32_sys_read+0x90/0x90
[ 63.056895][ T5015] ? syscall_enter_from_user_mode+0x32/0x230
[ 63.062863][ T5015] ? syscall_enter_from_user_mode+0x8c/0x230
[ 63.068831][ T5015] do_syscall_64+0x41/0xc0
[ 63.073238][ T5015] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.079118][ T5015] RIP: 0033:0x7f345c0e09f9
[ 63.083522][ T5015] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.103198][ T5015] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 63.111597][ T5015] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 63.119565][ T5015] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 63.127526][ T5015] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5015] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5015] exit_group(0) = ?
[pid 5015] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5015, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/bus") = 0
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./24/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5016
./strace-static-x86_64: Process 5016 attached
[pid 5016] chdir("./25") = 0
[pid 5016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5016] setpgid(0, 0) = 0
[pid 5016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5016] write(3, "1000", 4) = 4
[ 63.135489][ T5015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 63.143449][ T5015] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000018
[ 63.151439][ T5015]
[pid 5016] close(3) = 0
[pid 5016] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5016] memfd_create("syzkaller", 0) = 3
[pid 5016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5016] munmap(0x7f3453c93000, 32768) = 0
[pid 5016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5016] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5016] close(3) = 0
[pid 5016] mkdir("./bus", 0777) = 0
[pid 5016] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5016] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5016] chdir("./bus") = 0
[pid 5016] ioctl(4, LOOP_CLR_FD) = 0
[pid 5016] close(4) = 0
[pid 5016] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5016] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5016] write(5, "9", 1) = 1
[ 63.200809][ T5016] loop0: detected capacity change from 0 to 64
[ 63.210139][ T5016] hfs: unable to locate alternate MDB
[ 63.215759][ T5016] hfs: continuing without an alternate MDB
[ 63.237703][ T5016] FAULT_INJECTION: forcing a failure.
[ 63.237703][ T5016] name failslab, interval 1, probability 0, space 0, times 0
[ 63.250420][ T5016] CPU: 1 PID: 5016 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 63.260492][ T5016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 63.270550][ T5016] Call Trace:
[ 63.273825][ T5016]
[ 63.276755][ T5016] dump_stack_lvl+0x1e7/0x2d0
[ 63.281448][ T5016] ? nf_tcp_handle_invalid+0x650/0x650
[ 63.286906][ T5016] ? panic+0x770/0x770
[ 63.290966][ T5016] ? rcu_is_watching+0x15/0xb0
[ 63.295742][ T5016] ? trace_contention_end+0x3c/0xf0
[ 63.300933][ T5016] should_fail_ex+0x3aa/0x4e0
[ 63.305607][ T5016] should_failslab+0x9/0x20
[ 63.310110][ T5016] slab_pre_alloc_hook+0x59/0x2b0
[ 63.315168][ T5016] ? hfs_find_init+0x90/0x1f0
[ 63.319856][ T5016] __kmem_cache_alloc_node+0x4b/0x290
[ 63.325219][ T5016] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 63.331021][ T5016] ? hfs_find_init+0x90/0x1f0
[ 63.335698][ T5016] __kmalloc+0xa8/0x230
[ 63.339877][ T5016] hfs_find_init+0x90/0x1f0
[ 63.344392][ T5016] hfs_extend_file+0x31b/0x1440
[ 63.349253][ T5016] ? hfs_get_block+0xb60/0xb60
[ 63.354031][ T5016] ? lru_cache_disable+0x30/0x30
[ 63.358959][ T5016] ? __might_sleep+0xc0/0xc0
[ 63.363553][ T5016] ? clean_bdev_aliases+0x80a/0x920
[ 63.368741][ T5016] hfs_get_block+0x3e4/0xb60
[ 63.373347][ T5016] ? hfs_free_extents+0x420/0x420
[ 63.378383][ T5016] ? _raw_spin_unlock+0x28/0x40
[ 63.383223][ T5016] ? folio_create_buffers+0x132/0x250
[ 63.388586][ T5016] __block_write_begin_int+0x548/0x1a50
[ 63.394118][ T5016] ? folio_add_lru+0x353/0x6f0
[ 63.398900][ T5016] ? hfs_free_extents+0x420/0x420
[ 63.403931][ T5016] ? PageUptodate+0x290/0x290
[ 63.408609][ T5016] ? folio_test_hugetlb+0xa0/0x1d0
[ 63.413736][ T5016] ? pagecache_get_page+0xeb/0x220
[ 63.418848][ T5016] ? hfs_free_extents+0x420/0x420
[ 63.423860][ T5016] block_write_begin+0x9c/0x1f0
[ 63.428704][ T5016] ? cont_write_begin+0x626/0x880
[ 63.433733][ T5016] cont_write_begin+0x643/0x880
[ 63.438609][ T5016] ? fault_in_readable+0x1db/0x350
[ 63.443731][ T5016] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 63.449612][ T5016] ? fault_in_readable+0x21c/0x350
[ 63.454712][ T5016] ? fault_in_safe_writeable+0x260/0x260
[ 63.460340][ T5016] hfs_write_begin+0x8a/0xd0
[ 63.464919][ T5016] ? hfs_free_extents+0x420/0x420
[ 63.469935][ T5016] generic_perform_write+0x300/0x5e0
[ 63.475215][ T5016] ? generic_file_direct_write+0x460/0x460
[ 63.481009][ T5016] ? __file_remove_privs+0x640/0x640
[ 63.486286][ T5016] ? generic_write_checks+0x160/0x1c0
[ 63.491682][ T5016] __generic_file_write_iter+0x17a/0x400
[ 63.497333][ T5016] generic_file_write_iter+0xaf/0x310
[ 63.502724][ T5016] vfs_write+0x7ec/0xc10
[ 63.506989][ T5016] ? _raw_spin_lock_irqsave+0x120/0x120
[ 63.512537][ T5016] ? file_end_write+0x250/0x250
[ 63.517413][ T5016] ? lockdep_hardirqs_on+0x98/0x140
[ 63.522617][ T5016] ? __fdget_pos+0x265/0x2f0
[ 63.527207][ T5016] ksys_write+0x1a0/0x2c0
[ 63.531543][ T5016] ? __ia32_sys_read+0x90/0x90
[ 63.536301][ T5016] ? syscall_enter_from_user_mode+0x32/0x230
[ 63.542284][ T5016] ? syscall_enter_from_user_mode+0x8c/0x230
[ 63.548282][ T5016] do_syscall_64+0x41/0xc0
[ 63.552703][ T5016] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.558603][ T5016] RIP: 0033:0x7f345c0e09f9
[ 63.563007][ T5016] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.582601][ T5016] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 63.591003][ T5016] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[pid 5016] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5016] exit_group(0) = ?
[pid 5016] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5016, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/bus") = 0
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./25/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5017
./strace-static-x86_64: Process 5017 attached
[pid 5017] chdir("./26") = 0
[pid 5017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5017] setpgid(0, 0) = 0
[pid 5017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5017] write(3, "1000", 4) = 4
[pid 5017] close(3) = 0
[pid 5017] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5017] memfd_create("syzkaller", 0) = 3
[pid 5017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5017] munmap(0x7f3453c93000, 32768) = 0
[ 63.598962][ T5016] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 63.606926][ T5016] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 63.614887][ T5016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 63.622851][ T5016] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000019
[ 63.630822][ T5016]
[pid 5017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5017] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5017] close(3) = 0
[pid 5017] mkdir("./bus", 0777) = 0
[pid 5017] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5017] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5017] chdir("./bus") = 0
[pid 5017] ioctl(4, LOOP_CLR_FD) = 0
[pid 5017] close(4) = 0
[pid 5017] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5017] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5017] write(5, "9", 1) = 1
[pid 5017] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5017] exit_group(0) = ?
[pid 5017] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5017, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/bus") = 0
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./26/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5018
./strace-static-x86_64: Process 5018 attached
[pid 5018] chdir("./27") = 0
[pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5018] setpgid(0, 0) = 0
[pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 63.684814][ T5017] loop0: detected capacity change from 0 to 64
[ 63.694091][ T5017] hfs: unable to locate alternate MDB
[ 63.699696][ T5017] hfs: continuing without an alternate MDB
[pid 5018] write(3, "1000", 4) = 4
[pid 5018] close(3) = 0
[pid 5018] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5018] memfd_create("syzkaller", 0) = 3
[pid 5018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5018] munmap(0x7f3453c93000, 32768) = 0
[pid 5018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5018] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5018] close(3) = 0
[pid 5018] mkdir("./bus", 0777) = 0
[pid 5018] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5018] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5018] chdir("./bus") = 0
[pid 5018] ioctl(4, LOOP_CLR_FD) = 0
[pid 5018] close(4) = 0
[pid 5018] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5018] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5018] write(5, "9", 1) = 1
[ 63.753579][ T5018] loop0: detected capacity change from 0 to 64
[ 63.763350][ T5018] hfs: unable to locate alternate MDB
[ 63.768793][ T5018] hfs: continuing without an alternate MDB
[ 63.785908][ T5018] FAULT_INJECTION: forcing a failure.
[ 63.785908][ T5018] name failslab, interval 1, probability 0, space 0, times 0
[ 63.798683][ T5018] CPU: 1 PID: 5018 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 63.808759][ T5018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 63.818813][ T5018] Call Trace:
[ 63.822084][ T5018]
[ 63.825008][ T5018] dump_stack_lvl+0x1e7/0x2d0
[ 63.829685][ T5018] ? nf_tcp_handle_invalid+0x650/0x650
[ 63.835142][ T5018] ? panic+0x770/0x770
[ 63.839212][ T5018] ? rcu_is_watching+0x15/0xb0
[ 63.843978][ T5018] ? trace_contention_end+0x3c/0xf0
[ 63.849169][ T5018] should_fail_ex+0x3aa/0x4e0
[ 63.853839][ T5018] should_failslab+0x9/0x20
[ 63.858338][ T5018] slab_pre_alloc_hook+0x59/0x2b0
[ 63.863400][ T5018] ? hfs_find_init+0x90/0x1f0
[ 63.868076][ T5018] __kmem_cache_alloc_node+0x4b/0x290
[ 63.873460][ T5018] ? hfs_find_init+0x90/0x1f0
[ 63.878133][ T5018] __kmalloc+0xa8/0x230
[ 63.882279][ T5018] hfs_find_init+0x90/0x1f0
[ 63.886788][ T5018] hfs_extend_file+0x31b/0x1440
[ 63.891683][ T5018] ? hfs_get_block+0xb60/0xb60
[ 63.896454][ T5018] ? find_lock_entries+0x10f0/0x10f0
[ 63.901754][ T5018] ? clean_bdev_aliases+0x7f9/0x920
[ 63.906976][ T5018] hfs_get_block+0x3e4/0xb60
[ 63.911578][ T5018] ? hfs_free_extents+0x420/0x420
[ 63.916609][ T5018] ? _raw_spin_unlock+0x28/0x40
[ 63.921459][ T5018] ? folio_create_buffers+0x132/0x250
[ 63.926821][ T5018] __block_write_begin_int+0x548/0x1a50
[ 63.932443][ T5018] ? folio_add_lru+0x353/0x6f0
[ 63.937247][ T5018] ? hfs_free_extents+0x420/0x420
[ 63.942263][ T5018] ? PageUptodate+0x290/0x290
[ 63.946929][ T5018] ? folio_test_hugetlb+0xa0/0x1d0
[ 63.952031][ T5018] ? pagecache_get_page+0xeb/0x220
[ 63.957130][ T5018] ? hfs_free_extents+0x420/0x420
[ 63.962153][ T5018] block_write_begin+0x9c/0x1f0
[ 63.967009][ T5018] ? cont_write_begin+0x626/0x880
[ 63.972022][ T5018] cont_write_begin+0x643/0x880
[ 63.976864][ T5018] ? fault_in_readable+0x1db/0x350
[ 63.981963][ T5018] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 63.987852][ T5018] ? fault_in_readable+0x21c/0x350
[ 63.992974][ T5018] ? fault_in_safe_writeable+0x260/0x260
[ 63.998614][ T5018] hfs_write_begin+0x8a/0xd0
[ 64.003212][ T5018] ? hfs_free_extents+0x420/0x420
[ 64.008248][ T5018] generic_perform_write+0x300/0x5e0
[ 64.013563][ T5018] ? generic_file_direct_write+0x460/0x460
[ 64.019381][ T5018] ? __file_remove_privs+0x640/0x640
[ 64.024667][ T5018] ? generic_write_checks+0x160/0x1c0
[ 64.030061][ T5018] __generic_file_write_iter+0x17a/0x400
[ 64.035695][ T5018] generic_file_write_iter+0xaf/0x310
[ 64.041059][ T5018] vfs_write+0x7ec/0xc10
[ 64.045296][ T5018] ? _raw_spin_lock_irqsave+0x120/0x120
[ 64.050839][ T5018] ? file_end_write+0x250/0x250
[ 64.055716][ T5018] ? lockdep_hardirqs_on+0x98/0x140
[ 64.060923][ T5018] ? __fdget_pos+0x265/0x2f0
[ 64.065532][ T5018] ksys_write+0x1a0/0x2c0
[ 64.069884][ T5018] ? __ia32_sys_read+0x90/0x90
[ 64.074656][ T5018] ? syscall_enter_from_user_mode+0x32/0x230
[ 64.080649][ T5018] ? syscall_enter_from_user_mode+0x8c/0x230
[ 64.086631][ T5018] do_syscall_64+0x41/0xc0
[ 64.091058][ T5018] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.096959][ T5018] RIP: 0033:0x7f345c0e09f9
[ 64.101370][ T5018] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.120976][ T5018] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 64.129395][ T5018] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 64.137361][ T5018] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 64.145334][ T5018] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5018] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5018] exit_group(0) = ?
[pid 5018] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/bus") = 0
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./27/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5019
./strace-static-x86_64: Process 5019 attached
[pid 5019] chdir("./28") = 0
[pid 5019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5019] setpgid(0, 0) = 0
[pid 5019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5019] write(3, "1000", 4) = 4
[pid 5019] close(3) = 0
[pid 5019] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5019] memfd_create("syzkaller", 0) = 3
[pid 5019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[ 64.153319][ T5018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 64.161301][ T5018] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000001b
[ 64.169301][ T5018]
[pid 5019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5019] munmap(0x7f3453c93000, 32768) = 0
[pid 5019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5019] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5019] close(3) = 0
[pid 5019] mkdir("./bus", 0777) = 0
[pid 5019] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5019] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5019] chdir("./bus") = 0
[pid 5019] ioctl(4, LOOP_CLR_FD) = 0
[pid 5019] close(4) = 0
[pid 5019] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5019] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5019] write(5, "9", 1) = 1
[ 64.221385][ T5019] loop0: detected capacity change from 0 to 64
[ 64.230374][ T5019] hfs: unable to locate alternate MDB
[ 64.236034][ T5019] hfs: continuing without an alternate MDB
[ 64.256266][ T5019] FAULT_INJECTION: forcing a failure.
[ 64.256266][ T5019] name failslab, interval 1, probability 0, space 0, times 0
[ 64.269311][ T5019] CPU: 1 PID: 5019 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 64.279370][ T5019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 64.289411][ T5019] Call Trace:
[ 64.292691][ T5019]
[ 64.295626][ T5019] dump_stack_lvl+0x1e7/0x2d0
[ 64.300316][ T5019] ? nf_tcp_handle_invalid+0x650/0x650
[ 64.305762][ T5019] ? panic+0x770/0x770
[ 64.309817][ T5019] ? rcu_is_watching+0x15/0xb0
[ 64.314566][ T5019] ? trace_contention_end+0x3c/0xf0
[ 64.319752][ T5019] should_fail_ex+0x3aa/0x4e0
[ 64.324423][ T5019] should_failslab+0x9/0x20
[ 64.328931][ T5019] slab_pre_alloc_hook+0x59/0x2b0
[ 64.333960][ T5019] ? hfs_find_init+0x90/0x1f0
[ 64.338637][ T5019] __kmem_cache_alloc_node+0x4b/0x290
[ 64.344031][ T5019] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 64.349915][ T5019] ? hfs_find_init+0x90/0x1f0
[ 64.354579][ T5019] __kmalloc+0xa8/0x230
[ 64.358727][ T5019] hfs_find_init+0x90/0x1f0
[ 64.363219][ T5019] hfs_extend_file+0x31b/0x1440
[ 64.368069][ T5019] ? hfs_get_block+0xb60/0xb60
[ 64.372820][ T5019] ? lru_cache_disable+0x30/0x30
[ 64.377744][ T5019] ? __might_sleep+0xc0/0xc0
[ 64.382330][ T5019] ? clean_bdev_aliases+0x80a/0x920
[ 64.387514][ T5019] hfs_get_block+0x3e4/0xb60
[ 64.392095][ T5019] ? hfs_free_extents+0x420/0x420
[ 64.397110][ T5019] ? _raw_spin_unlock+0x28/0x40
[ 64.401947][ T5019] ? folio_create_buffers+0x132/0x250
[ 64.407307][ T5019] __block_write_begin_int+0x548/0x1a50
[ 64.412835][ T5019] ? folio_add_lru+0x353/0x6f0
[ 64.417597][ T5019] ? hfs_free_extents+0x420/0x420
[ 64.422608][ T5019] ? PageUptodate+0x290/0x290
[ 64.427273][ T5019] ? folio_test_hugetlb+0xa0/0x1d0
[ 64.432370][ T5019] ? pagecache_get_page+0xeb/0x220
[ 64.437467][ T5019] ? hfs_free_extents+0x420/0x420
[ 64.442480][ T5019] block_write_begin+0x9c/0x1f0
[ 64.447315][ T5019] ? cont_write_begin+0x626/0x880
[ 64.452350][ T5019] cont_write_begin+0x643/0x880
[ 64.457194][ T5019] ? fault_in_readable+0x1db/0x350
[ 64.462292][ T5019] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 64.468170][ T5019] ? fault_in_readable+0x21c/0x350
[ 64.473265][ T5019] ? fault_in_safe_writeable+0x260/0x260
[ 64.478887][ T5019] hfs_write_begin+0x8a/0xd0
[ 64.483468][ T5019] ? hfs_free_extents+0x420/0x420
[ 64.488484][ T5019] generic_perform_write+0x300/0x5e0
[ 64.493786][ T5019] ? generic_file_direct_write+0x460/0x460
[ 64.499579][ T5019] ? __file_remove_privs+0x640/0x640
[ 64.504852][ T5019] ? generic_write_checks+0x160/0x1c0
[ 64.510216][ T5019] __generic_file_write_iter+0x17a/0x400
[ 64.515839][ T5019] generic_file_write_iter+0xaf/0x310
[ 64.521199][ T5019] vfs_write+0x7ec/0xc10
[ 64.525432][ T5019] ? _raw_spin_lock_irqsave+0x120/0x120
[ 64.530972][ T5019] ? file_end_write+0x250/0x250
[ 64.535836][ T5019] ? lockdep_hardirqs_on+0x98/0x140
[ 64.541022][ T5019] ? __fdget_pos+0x265/0x2f0
[ 64.545596][ T5019] ksys_write+0x1a0/0x2c0
[ 64.549915][ T5019] ? __ia32_sys_read+0x90/0x90
[ 64.554668][ T5019] ? syscall_enter_from_user_mode+0x32/0x230
[ 64.560633][ T5019] ? syscall_enter_from_user_mode+0x8c/0x230
[ 64.566600][ T5019] do_syscall_64+0x41/0xc0
[ 64.571006][ T5019] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.576888][ T5019] RIP: 0033:0x7f345c0e09f9
[ 64.581294][ T5019] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.600882][ T5019] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 64.609278][ T5019] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[pid 5019] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5019] exit_group(0) = ?
[pid 5019] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5019, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/bus") = 0
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./28/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5020
./strace-static-x86_64: Process 5020 attached
[pid 5020] chdir("./29") = 0
[pid 5020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5020] setpgid(0, 0) = 0
[ 64.617235][ T5019] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 64.625192][ T5019] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 64.633150][ T5019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 64.641103][ T5019] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000001c
[ 64.649069][ T5019]
[pid 5020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5020] write(3, "1000", 4) = 4
[pid 5020] close(3) = 0
[pid 5020] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5020] memfd_create("syzkaller", 0) = 3
[pid 5020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5020] munmap(0x7f3453c93000, 32768) = 0
[pid 5020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5020] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5020] close(3) = 0
[pid 5020] mkdir("./bus", 0777) = 0
[pid 5020] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5020] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5020] chdir("./bus") = 0
[pid 5020] ioctl(4, LOOP_CLR_FD) = 0
[pid 5020] close(4) = 0
[pid 5020] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5020] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5020] write(5, "9", 1) = 1
[ 64.690067][ T5020] loop0: detected capacity change from 0 to 64
[ 64.702768][ T5020] hfs: unable to locate alternate MDB
[ 64.708157][ T5020] hfs: continuing without an alternate MDB
[ 64.719461][ T5020] FAULT_INJECTION: forcing a failure.
[ 64.719461][ T5020] name failslab, interval 1, probability 0, space 0, times 0
[ 64.732652][ T5020] CPU: 0 PID: 5020 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 64.742738][ T5020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 64.752836][ T5020] Call Trace:
[ 64.756105][ T5020]
[ 64.759035][ T5020] dump_stack_lvl+0x1e7/0x2d0
[ 64.763730][ T5020] ? nf_tcp_handle_invalid+0x650/0x650
[ 64.769183][ T5020] ? panic+0x770/0x770
[ 64.773243][ T5020] ? rcu_is_watching+0x15/0xb0
[ 64.777996][ T5020] ? trace_contention_end+0x3c/0xf0
[ 64.783187][ T5020] should_fail_ex+0x3aa/0x4e0
[ 64.787856][ T5020] should_failslab+0x9/0x20
[ 64.792355][ T5020] slab_pre_alloc_hook+0x59/0x2b0
[ 64.797386][ T5020] ? hfs_find_init+0x90/0x1f0
[ 64.802061][ T5020] __kmem_cache_alloc_node+0x4b/0x290
[ 64.807449][ T5020] ? hfs_find_init+0x90/0x1f0
[ 64.812135][ T5020] __kmalloc+0xa8/0x230
[ 64.816314][ T5020] hfs_find_init+0x90/0x1f0
[ 64.820825][ T5020] hfs_extend_file+0x31b/0x1440
[ 64.825688][ T5020] ? hfs_get_block+0xb60/0xb60
[ 64.830453][ T5020] ? find_lock_entries+0x10f0/0x10f0
[ 64.835753][ T5020] ? clean_bdev_aliases+0x7f9/0x920
[ 64.840979][ T5020] hfs_get_block+0x3e4/0xb60
[ 64.845599][ T5020] ? hfs_free_extents+0x420/0x420
[ 64.850661][ T5020] ? _raw_spin_unlock+0x28/0x40
[ 64.855536][ T5020] ? folio_create_buffers+0x132/0x250
[ 64.860903][ T5020] __block_write_begin_int+0x548/0x1a50
[ 64.866440][ T5020] ? folio_add_lru+0x353/0x6f0
[ 64.871225][ T5020] ? hfs_free_extents+0x420/0x420
[ 64.876258][ T5020] ? PageUptodate+0x290/0x290
[ 64.880926][ T5020] ? folio_test_hugetlb+0xa0/0x1d0
[ 64.886044][ T5020] ? pagecache_get_page+0xeb/0x220
[ 64.891162][ T5020] ? hfs_free_extents+0x420/0x420
[ 64.896180][ T5020] block_write_begin+0x9c/0x1f0
[ 64.901022][ T5020] ? cont_write_begin+0x626/0x880
[ 64.906040][ T5020] cont_write_begin+0x643/0x880
[ 64.910915][ T5020] ? fault_in_readable+0x1db/0x350
[ 64.916027][ T5020] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 64.921910][ T5020] ? fault_in_readable+0x21c/0x350
[ 64.927011][ T5020] ? fault_in_safe_writeable+0x260/0x260
[ 64.932639][ T5020] hfs_write_begin+0x8a/0xd0
[ 64.937223][ T5020] ? hfs_free_extents+0x420/0x420
[ 64.942247][ T5020] generic_perform_write+0x300/0x5e0
[ 64.947527][ T5020] ? generic_file_direct_write+0x460/0x460
[ 64.953347][ T5020] ? __file_remove_privs+0x640/0x640
[ 64.958624][ T5020] ? generic_write_checks+0x160/0x1c0
[ 64.964013][ T5020] __generic_file_write_iter+0x17a/0x400
[ 64.969646][ T5020] generic_file_write_iter+0xaf/0x310
[ 64.975027][ T5020] vfs_write+0x7ec/0xc10
[ 64.979291][ T5020] ? _raw_spin_lock_irqsave+0x120/0x120
[ 64.984853][ T5020] ? file_end_write+0x250/0x250
[ 64.989707][ T5020] ? lockdep_hardirqs_on+0x98/0x140
[ 64.994897][ T5020] ? __fdget_pos+0x265/0x2f0
[ 64.999487][ T5020] ksys_write+0x1a0/0x2c0
[ 65.003830][ T5020] ? __ia32_sys_read+0x90/0x90
[ 65.008585][ T5020] ? syscall_enter_from_user_mode+0x32/0x230
[ 65.014565][ T5020] ? syscall_enter_from_user_mode+0x8c/0x230
[ 65.020540][ T5020] do_syscall_64+0x41/0xc0
[ 65.024972][ T5020] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.030864][ T5020] RIP: 0033:0x7f345c0e09f9
[ 65.035275][ T5020] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.054875][ T5020] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 65.063292][ T5020] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 65.071280][ T5020] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 65.079257][ T5020] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5020] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5020] exit_group(0) = ?
[pid 5020] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5020, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/bus") = 0
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./29/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5021
./strace-static-x86_64: Process 5021 attached
[pid 5021] chdir("./30") = 0
[pid 5021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5021] setpgid(0, 0) = 0
[ 65.087230][ T5020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 65.095194][ T5020] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000001d
[ 65.103172][ T5020]
[pid 5021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5021] write(3, "1000", 4) = 4
[pid 5021] close(3) = 0
[pid 5021] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5021] memfd_create("syzkaller", 0) = 3
[pid 5021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5021] munmap(0x7f3453c93000, 32768) = 0
[pid 5021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5021] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5021] close(3) = 0
[pid 5021] mkdir("./bus", 0777) = 0
[pid 5021] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5021] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5021] chdir("./bus") = 0
[pid 5021] ioctl(4, LOOP_CLR_FD) = 0
[pid 5021] close(4) = 0
[pid 5021] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5021] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5021] write(5, "9", 1) = 1
[ 65.163995][ T5021] loop0: detected capacity change from 0 to 64
[ 65.174527][ T5021] hfs: unable to locate alternate MDB
[ 65.180158][ T5021] hfs: continuing without an alternate MDB
[ 65.197542][ T5021] FAULT_INJECTION: forcing a failure.
[ 65.197542][ T5021] name failslab, interval 1, probability 0, space 0, times 0
[ 65.210386][ T5021] CPU: 1 PID: 5021 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 65.220477][ T5021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 65.230539][ T5021] Call Trace:
[ 65.233818][ T5021]
[ 65.236744][ T5021] dump_stack_lvl+0x1e7/0x2d0
[ 65.241455][ T5021] ? nf_tcp_handle_invalid+0x650/0x650
[ 65.246928][ T5021] ? panic+0x770/0x770
[ 65.251017][ T5021] ? rcu_is_watching+0x15/0xb0
[ 65.255799][ T5021] ? trace_contention_end+0x3c/0xf0
[ 65.261001][ T5021] should_fail_ex+0x3aa/0x4e0
[ 65.265680][ T5021] should_failslab+0x9/0x20
[ 65.270182][ T5021] slab_pre_alloc_hook+0x59/0x2b0
[ 65.275206][ T5021] ? hfs_find_init+0x90/0x1f0
[ 65.279877][ T5021] __kmem_cache_alloc_node+0x4b/0x290
[ 65.285250][ T5021] ? hfs_find_init+0x90/0x1f0
[ 65.290710][ T5021] __kmalloc+0xa8/0x230
[ 65.294868][ T5021] hfs_find_init+0x90/0x1f0
[ 65.299369][ T5021] hfs_extend_file+0x31b/0x1440
[ 65.304223][ T5021] ? hfs_get_block+0xb60/0xb60
[ 65.308992][ T5021] ? find_lock_entries+0x10f0/0x10f0
[ 65.314287][ T5021] ? clean_bdev_aliases+0x7f9/0x920
[ 65.319480][ T5021] hfs_get_block+0x3e4/0xb60
[ 65.324076][ T5021] ? hfs_free_extents+0x420/0x420
[ 65.329102][ T5021] ? _raw_spin_unlock+0x28/0x40
[ 65.333946][ T5021] ? folio_create_buffers+0x132/0x250
[ 65.339315][ T5021] __block_write_begin_int+0x548/0x1a50
[ 65.344853][ T5021] ? folio_add_lru+0x353/0x6f0
[ 65.349625][ T5021] ? hfs_free_extents+0x420/0x420
[ 65.354644][ T5021] ? PageUptodate+0x290/0x290
[ 65.359314][ T5021] ? folio_test_hugetlb+0xa0/0x1d0
[ 65.364452][ T5021] ? pagecache_get_page+0xeb/0x220
[ 65.369645][ T5021] ? hfs_free_extents+0x420/0x420
[ 65.374662][ T5021] block_write_begin+0x9c/0x1f0
[ 65.379506][ T5021] ? cont_write_begin+0x626/0x880
[ 65.384541][ T5021] cont_write_begin+0x643/0x880
[ 65.389394][ T5021] ? fault_in_readable+0x1db/0x350
[ 65.394500][ T5021] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 65.400385][ T5021] ? fault_in_readable+0x21c/0x350
[ 65.405489][ T5021] ? fault_in_safe_writeable+0x260/0x260
[ 65.411138][ T5021] hfs_write_begin+0x8a/0xd0
[ 65.415724][ T5021] ? hfs_free_extents+0x420/0x420
[ 65.420743][ T5021] generic_perform_write+0x300/0x5e0
[ 65.426028][ T5021] ? generic_file_direct_write+0x460/0x460
[ 65.431844][ T5021] ? __file_remove_privs+0x640/0x640
[ 65.437126][ T5021] ? generic_write_checks+0x160/0x1c0
[ 65.442497][ T5021] __generic_file_write_iter+0x17a/0x400
[ 65.448131][ T5021] generic_file_write_iter+0xaf/0x310
[ 65.453497][ T5021] vfs_write+0x7ec/0xc10
[ 65.457737][ T5021] ? _raw_spin_lock_irqsave+0x120/0x120
[ 65.463282][ T5021] ? file_end_write+0x250/0x250
[ 65.468136][ T5021] ? lockdep_hardirqs_on+0x98/0x140
[ 65.473331][ T5021] ? __fdget_pos+0x265/0x2f0
[ 65.477913][ T5021] ksys_write+0x1a0/0x2c0
[ 65.482246][ T5021] ? __ia32_sys_read+0x90/0x90
[ 65.487010][ T5021] ? syscall_enter_from_user_mode+0x32/0x230
[ 65.492984][ T5021] ? syscall_enter_from_user_mode+0x8c/0x230
[ 65.498958][ T5021] do_syscall_64+0x41/0xc0
[ 65.503375][ T5021] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.509262][ T5021] RIP: 0033:0x7f345c0e09f9
[ 65.513692][ T5021] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.533306][ T5021] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 65.541719][ T5021] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 65.549701][ T5021] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 65.557665][ T5021] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5021] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5021] exit_group(0) = ?
[pid 5021] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5021, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/bus") = 0
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./30/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5022
./strace-static-x86_64: Process 5022 attached
[pid 5022] chdir("./31") = 0
[pid 5022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5022] setpgid(0, 0) = 0
[pid 5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5022] write(3, "1000", 4) = 4
[pid 5022] close(3) = 0
[ 65.565645][ T5021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 65.573609][ T5021] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000001e
[ 65.581582][ T5021]
[pid 5022] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5022] memfd_create("syzkaller", 0) = 3
[pid 5022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5022] munmap(0x7f3453c93000, 32768) = 0
[pid 5022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5022] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5022] close(3) = 0
[pid 5022] mkdir("./bus", 0777) = 0
[pid 5022] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5022] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5022] chdir("./bus") = 0
[pid 5022] ioctl(4, LOOP_CLR_FD) = 0
[pid 5022] close(4) = 0
[pid 5022] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5022] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5022] write(5, "9", 1) = 1
[ 65.631465][ T5022] loop0: detected capacity change from 0 to 64
[ 65.640454][ T5022] hfs: unable to locate alternate MDB
[ 65.646255][ T5022] hfs: continuing without an alternate MDB
[ 65.664337][ T5022] FAULT_INJECTION: forcing a failure.
[ 65.664337][ T5022] name failslab, interval 1, probability 0, space 0, times 0
[ 65.677071][ T5022] CPU: 0 PID: 5022 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 65.687129][ T5022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 65.697183][ T5022] Call Trace:
[ 65.700465][ T5022]
[ 65.703387][ T5022] dump_stack_lvl+0x1e7/0x2d0
[ 65.708080][ T5022] ? nf_tcp_handle_invalid+0x650/0x650
[ 65.713558][ T5022] ? panic+0x770/0x770
[ 65.717622][ T5022] ? rcu_is_watching+0x15/0xb0
[ 65.722375][ T5022] ? trace_contention_end+0x3c/0xf0
[ 65.727574][ T5022] should_fail_ex+0x3aa/0x4e0
[ 65.732261][ T5022] should_failslab+0x9/0x20
[ 65.736756][ T5022] slab_pre_alloc_hook+0x59/0x2b0
[ 65.741777][ T5022] ? hfs_find_init+0x90/0x1f0
[ 65.746453][ T5022] __kmem_cache_alloc_node+0x4b/0x290
[ 65.751843][ T5022] ? hfs_find_init+0x90/0x1f0
[ 65.756527][ T5022] __kmalloc+0xa8/0x230
[ 65.760697][ T5022] hfs_find_init+0x90/0x1f0
[ 65.765203][ T5022] hfs_extend_file+0x31b/0x1440
[ 65.770053][ T5022] ? hfs_get_block+0xb60/0xb60
[ 65.774821][ T5022] ? find_lock_entries+0x10f0/0x10f0
[ 65.780136][ T5022] ? clean_bdev_aliases+0x7f9/0x920
[ 65.785345][ T5022] hfs_get_block+0x3e4/0xb60
[ 65.789949][ T5022] ? hfs_free_extents+0x420/0x420
[ 65.795000][ T5022] ? _raw_spin_unlock+0x28/0x40
[ 65.799864][ T5022] ? folio_create_buffers+0x132/0x250
[ 65.805253][ T5022] __block_write_begin_int+0x548/0x1a50
[ 65.810789][ T5022] ? folio_add_lru+0x353/0x6f0
[ 65.815572][ T5022] ? hfs_free_extents+0x420/0x420
[ 65.820606][ T5022] ? PageUptodate+0x290/0x290
[ 65.825274][ T5022] ? folio_test_hugetlb+0xa0/0x1d0
[ 65.830392][ T5022] ? pagecache_get_page+0xeb/0x220
[ 65.835520][ T5022] ? hfs_free_extents+0x420/0x420
[ 65.840561][ T5022] block_write_begin+0x9c/0x1f0
[ 65.845403][ T5022] ? cont_write_begin+0x626/0x880
[ 65.850430][ T5022] cont_write_begin+0x643/0x880
[ 65.855315][ T5022] ? fault_in_readable+0x1db/0x350
[ 65.860418][ T5022] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 65.866307][ T5022] ? fault_in_readable+0x21c/0x350
[ 65.871420][ T5022] ? fault_in_safe_writeable+0x260/0x260
[ 65.877050][ T5022] hfs_write_begin+0x8a/0xd0
[ 65.881633][ T5022] ? hfs_free_extents+0x420/0x420
[ 65.886666][ T5022] generic_perform_write+0x300/0x5e0
[ 65.891956][ T5022] ? generic_file_direct_write+0x460/0x460
[ 65.897751][ T5022] ? __file_remove_privs+0x640/0x640
[ 65.903051][ T5022] ? generic_write_checks+0x160/0x1c0
[ 65.908419][ T5022] __generic_file_write_iter+0x17a/0x400
[ 65.914048][ T5022] generic_file_write_iter+0xaf/0x310
[ 65.919413][ T5022] vfs_write+0x7ec/0xc10
[ 65.923650][ T5022] ? _raw_spin_lock_irqsave+0x120/0x120
[ 65.929193][ T5022] ? file_end_write+0x250/0x250
[ 65.934049][ T5022] ? lockdep_hardirqs_on+0x98/0x140
[ 65.939254][ T5022] ? __fdget_pos+0x265/0x2f0
[ 65.943874][ T5022] ksys_write+0x1a0/0x2c0
[ 65.948250][ T5022] ? __ia32_sys_read+0x90/0x90
[ 65.953026][ T5022] ? syscall_enter_from_user_mode+0x32/0x230
[ 65.959020][ T5022] ? syscall_enter_from_user_mode+0x8c/0x230
[ 65.965012][ T5022] do_syscall_64+0x41/0xc0
[ 65.969438][ T5022] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.975342][ T5022] RIP: 0033:0x7f345c0e09f9
[ 65.979779][ T5022] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.999388][ T5022] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 66.007812][ T5022] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 66.015786][ T5022] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 66.023762][ T5022] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5022] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5022] exit_group(0) = ?
[pid 5022] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5022, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/bus") = 0
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./31/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5023
./strace-static-x86_64: Process 5023 attached
[pid 5023] chdir("./32") = 0
[pid 5023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5023] setpgid(0, 0) = 0
[pid 5023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5023] write(3, "1000", 4) = 4
[pid 5023] close(3) = 0
[pid 5023] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5023] memfd_create("syzkaller", 0) = 3
[pid 5023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5023] munmap(0x7f3453c93000, 32768) = 0
[pid 5023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 66.031727][ T5022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 66.039720][ T5022] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000001f
[ 66.047699][ T5022]
[pid 5023] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5023] close(3) = 0
[pid 5023] mkdir("./bus", 0777) = 0
[pid 5023] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5023] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5023] chdir("./bus") = 0
[pid 5023] ioctl(4, LOOP_CLR_FD) = 0
[pid 5023] close(4) = 0
[pid 5023] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5023] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5023] write(5, "9", 1) = 1
[ 66.091540][ T5023] loop0: detected capacity change from 0 to 64
[ 66.100095][ T5023] hfs: unable to locate alternate MDB
[ 66.105587][ T5023] hfs: continuing without an alternate MDB
[ 66.122466][ T5023] FAULT_INJECTION: forcing a failure.
[ 66.122466][ T5023] name failslab, interval 1, probability 0, space 0, times 0
[ 66.135358][ T5023] CPU: 0 PID: 5023 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 66.145448][ T5023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 66.155509][ T5023] Call Trace:
[ 66.158778][ T5023]
[ 66.161709][ T5023] dump_stack_lvl+0x1e7/0x2d0
[ 66.166406][ T5023] ? nf_tcp_handle_invalid+0x650/0x650
[ 66.171866][ T5023] ? panic+0x770/0x770
[ 66.175941][ T5023] ? rcu_is_watching+0x15/0xb0
[ 66.180697][ T5023] ? trace_contention_end+0x3c/0xf0
[ 66.185894][ T5023] should_fail_ex+0x3aa/0x4e0
[ 66.190570][ T5023] should_failslab+0x9/0x20
[ 66.195069][ T5023] slab_pre_alloc_hook+0x59/0x2b0
[ 66.200108][ T5023] ? hfs_find_init+0x90/0x1f0
[ 66.204784][ T5023] __kmem_cache_alloc_node+0x4b/0x290
[ 66.210155][ T5023] ? hfs_find_init+0x90/0x1f0
[ 66.214828][ T5023] __kmalloc+0xa8/0x230
[ 66.218983][ T5023] hfs_find_init+0x90/0x1f0
[ 66.223485][ T5023] hfs_extend_file+0x31b/0x1440
[ 66.228345][ T5023] ? hfs_get_block+0xb60/0xb60
[ 66.233105][ T5023] ? find_lock_entries+0x10f0/0x10f0
[ 66.238395][ T5023] ? clean_bdev_aliases+0x7f9/0x920
[ 66.243588][ T5023] hfs_get_block+0x3e4/0xb60
[ 66.248184][ T5023] ? hfs_free_extents+0x420/0x420
[ 66.253230][ T5023] ? __block_write_begin_int+0x751/0x1a50
[ 66.258955][ T5023] ? kasan_check_range+0x1af/0x290
[ 66.264092][ T5023] __block_write_begin_int+0x548/0x1a50
[ 66.269629][ T5023] ? folio_add_lru+0x353/0x6f0
[ 66.274400][ T5023] ? hfs_free_extents+0x420/0x420
[ 66.279418][ T5023] ? PageUptodate+0x290/0x290
[ 66.284087][ T5023] ? folio_test_hugetlb+0xa0/0x1d0
[ 66.289195][ T5023] ? pagecache_get_page+0xeb/0x220
[ 66.294314][ T5023] ? hfs_free_extents+0x420/0x420
[ 66.299332][ T5023] block_write_begin+0x9c/0x1f0
[ 66.304173][ T5023] ? cont_write_begin+0x626/0x880
[ 66.309189][ T5023] cont_write_begin+0x643/0x880
[ 66.314037][ T5023] ? fault_in_readable+0x1db/0x350
[ 66.319143][ T5023] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 66.325044][ T5023] ? fault_in_readable+0x21c/0x350
[ 66.330149][ T5023] ? fault_in_safe_writeable+0x260/0x260
[ 66.335780][ T5023] hfs_write_begin+0x8a/0xd0
[ 66.340363][ T5023] ? hfs_free_extents+0x420/0x420
[ 66.345385][ T5023] generic_perform_write+0x300/0x5e0
[ 66.350670][ T5023] ? generic_file_direct_write+0x460/0x460
[ 66.356468][ T5023] ? __file_remove_privs+0x640/0x640
[ 66.361774][ T5023] ? generic_write_checks+0x160/0x1c0
[ 66.367142][ T5023] __generic_file_write_iter+0x17a/0x400
[ 66.372771][ T5023] generic_file_write_iter+0xaf/0x310
[ 66.378164][ T5023] vfs_write+0x7ec/0xc10
[ 66.382404][ T5023] ? _raw_spin_lock_irqsave+0x120/0x120
[ 66.387965][ T5023] ? file_end_write+0x250/0x250
[ 66.392822][ T5023] ? lockdep_hardirqs_on+0x98/0x140
[ 66.398017][ T5023] ? __fdget_pos+0x265/0x2f0
[ 66.402599][ T5023] ksys_write+0x1a0/0x2c0
[ 66.406947][ T5023] ? __ia32_sys_read+0x90/0x90
[ 66.411708][ T5023] ? syscall_enter_from_user_mode+0x32/0x230
[ 66.417683][ T5023] ? syscall_enter_from_user_mode+0x8c/0x230
[ 66.423655][ T5023] do_syscall_64+0x41/0xc0
[ 66.428068][ T5023] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.433956][ T5023] RIP: 0033:0x7f345c0e09f9
[ 66.438369][ T5023] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.457966][ T5023] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 66.466372][ T5023] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 66.474334][ T5023] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 66.482297][ T5023] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5023] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5023] exit_group(0) = ?
[pid 5023] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5023, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/bus") = 0
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./32/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5024
./strace-static-x86_64: Process 5024 attached
[pid 5024] chdir("./33") = 0
[pid 5024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5024] setpgid(0, 0) = 0
[pid 5024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5024] write(3, "1000", 4) = 4
[ 66.490259][ T5023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 66.498222][ T5023] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000020
[ 66.506234][ T5023]
[pid 5024] close(3) = 0
[pid 5024] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5024] memfd_create("syzkaller", 0) = 3
[pid 5024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5024] munmap(0x7f3453c93000, 32768) = 0
[pid 5024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5024] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5024] close(3) = 0
[pid 5024] mkdir("./bus", 0777) = 0
[pid 5024] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5024] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5024] chdir("./bus") = 0
[pid 5024] ioctl(4, LOOP_CLR_FD) = 0
[pid 5024] close(4) = 0
[pid 5024] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5024] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5024] write(5, "9", 1) = 1
[ 66.561497][ T5024] loop0: detected capacity change from 0 to 64
[ 66.570496][ T5024] hfs: unable to locate alternate MDB
[ 66.576057][ T5024] hfs: continuing without an alternate MDB
[ 66.589669][ T5024] FAULT_INJECTION: forcing a failure.
[ 66.589669][ T5024] name failslab, interval 1, probability 0, space 0, times 0
[ 66.602648][ T5024] CPU: 0 PID: 5024 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 66.612721][ T5024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 66.624362][ T5024] Call Trace:
[ 66.627633][ T5024]
[ 66.630576][ T5024] dump_stack_lvl+0x1e7/0x2d0
[ 66.635257][ T5024] ? nf_tcp_handle_invalid+0x650/0x650
[ 66.640712][ T5024] ? panic+0x770/0x770
[ 66.644775][ T5024] ? rcu_is_watching+0x15/0xb0
[ 66.649534][ T5024] ? trace_contention_end+0x3c/0xf0
[ 66.654751][ T5024] should_fail_ex+0x3aa/0x4e0
[ 66.659427][ T5024] should_failslab+0x9/0x20
[ 66.663927][ T5024] slab_pre_alloc_hook+0x59/0x2b0
[ 66.668948][ T5024] ? hfs_find_init+0x90/0x1f0
[ 66.673620][ T5024] __kmem_cache_alloc_node+0x4b/0x290
[ 66.678986][ T5024] ? hfs_find_init+0x90/0x1f0
[ 66.683659][ T5024] __kmalloc+0xa8/0x230
[ 66.687812][ T5024] hfs_find_init+0x90/0x1f0
[ 66.692312][ T5024] hfs_extend_file+0x31b/0x1440
[ 66.697180][ T5024] ? hfs_get_block+0xb60/0xb60
[ 66.701940][ T5024] ? find_lock_entries+0x10f0/0x10f0
[ 66.707230][ T5024] ? clean_bdev_aliases+0x7f9/0x920
[ 66.712421][ T5024] hfs_get_block+0x3e4/0xb60
[ 66.717019][ T5024] ? hfs_free_extents+0x420/0x420
[ 66.722043][ T5024] ? _raw_spin_unlock+0x28/0x40
[ 66.726887][ T5024] ? folio_create_buffers+0x132/0x250
[ 66.732260][ T5024] __block_write_begin_int+0x548/0x1a50
[ 66.737796][ T5024] ? folio_add_lru+0x353/0x6f0
[ 66.742569][ T5024] ? hfs_free_extents+0x420/0x420
[ 66.747587][ T5024] ? PageUptodate+0x290/0x290
[ 66.752260][ T5024] ? folio_test_hugetlb+0xa0/0x1d0
[ 66.757365][ T5024] ? pagecache_get_page+0xeb/0x220
[ 66.762469][ T5024] ? hfs_free_extents+0x420/0x420
[ 66.767489][ T5024] block_write_begin+0x9c/0x1f0
[ 66.772329][ T5024] ? cont_write_begin+0x626/0x880
[ 66.777349][ T5024] cont_write_begin+0x643/0x880
[ 66.782196][ T5024] ? fault_in_readable+0x1db/0x350
[ 66.787297][ T5024] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 66.793180][ T5024] ? fault_in_readable+0x21c/0x350
[ 66.798289][ T5024] ? fault_in_safe_writeable+0x260/0x260
[ 66.803917][ T5024] hfs_write_begin+0x8a/0xd0
[ 66.808504][ T5024] ? hfs_free_extents+0x420/0x420
[ 66.813526][ T5024] generic_perform_write+0x300/0x5e0
[ 66.818811][ T5024] ? generic_file_direct_write+0x460/0x460
[ 66.824627][ T5024] ? __file_remove_privs+0x640/0x640
[ 66.829952][ T5024] ? generic_write_checks+0x160/0x1c0
[ 66.835331][ T5024] __generic_file_write_iter+0x17a/0x400
[ 66.840965][ T5024] generic_file_write_iter+0xaf/0x310
[ 66.846332][ T5024] vfs_write+0x7ec/0xc10
[ 66.850571][ T5024] ? _raw_spin_lock_irqsave+0x120/0x120
[ 66.856114][ T5024] ? file_end_write+0x250/0x250
[ 66.860972][ T5024] ? lockdep_hardirqs_on+0x98/0x140
[ 66.866164][ T5024] ? __fdget_pos+0x265/0x2f0
[ 66.870747][ T5024] ksys_write+0x1a0/0x2c0
[ 66.875081][ T5024] ? __ia32_sys_read+0x90/0x90
[ 66.879843][ T5024] ? syscall_enter_from_user_mode+0x32/0x230
[ 66.885845][ T5024] ? syscall_enter_from_user_mode+0x8c/0x230
[ 66.891832][ T5024] do_syscall_64+0x41/0xc0
[ 66.896260][ T5024] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.902157][ T5024] RIP: 0033:0x7f345c0e09f9
[ 66.906569][ T5024] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.926174][ T5024] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 66.934582][ T5024] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 66.942549][ T5024] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 66.950513][ T5024] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5024] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5024] exit_group(0) = ?
[pid 5024] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5024, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/bus") = 0
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./33/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 66.958476][ T5024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 66.966438][ T5024] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000021
[ 66.974415][ T5024]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5025
./strace-static-x86_64: Process 5025 attached
[pid 5025] chdir("./34") = 0
[pid 5025] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5025] setpgid(0, 0) = 0
[pid 5025] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5025] write(3, "1000", 4) = 4
[pid 5025] close(3) = 0
[pid 5025] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5025] memfd_create("syzkaller", 0) = 3
[pid 5025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5025] munmap(0x7f3453c93000, 32768) = 0
[pid 5025] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5025] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5025] close(3) = 0
[pid 5025] mkdir("./bus", 0777) = 0
[pid 5025] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5025] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5025] chdir("./bus") = 0
[pid 5025] ioctl(4, LOOP_CLR_FD) = 0
[pid 5025] close(4) = 0
[pid 5025] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5025] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5025] write(5, "9", 1) = 1
[pid 5025] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5025] exit_group(0) = ?
[pid 5025] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5025, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/bus") = 0
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./34/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5026
./strace-static-x86_64: Process 5026 attached
[pid 5026] chdir("./35") = 0
[pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5026] setpgid(0, 0) = 0
[pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5026] write(3, "1000", 4) = 4
[pid 5026] close(3) = 0
[pid 5026] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5026] memfd_create("syzkaller", 0) = 3
[pid 5026] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5026] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5026] munmap(0x7f3453c93000, 32768) = 0
[ 67.025659][ T5025] loop0: detected capacity change from 0 to 64
[ 67.036219][ T5025] hfs: unable to locate alternate MDB
[ 67.041747][ T5025] hfs: continuing without an alternate MDB
[pid 5026] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5026] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5026] close(3) = 0
[pid 5026] mkdir("./bus", 0777) = 0
[pid 5026] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5026] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5026] chdir("./bus") = 0
[pid 5026] ioctl(4, LOOP_CLR_FD) = 0
[pid 5026] close(4) = 0
[pid 5026] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5026] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5026] write(5, "9", 1) = 1
[ 67.086167][ T5026] loop0: detected capacity change from 0 to 64
[ 67.095895][ T5026] hfs: unable to locate alternate MDB
[ 67.101318][ T5026] hfs: continuing without an alternate MDB
[ 67.115277][ T5026] FAULT_INJECTION: forcing a failure.
[ 67.115277][ T5026] name failslab, interval 1, probability 0, space 0, times 0
[ 67.128060][ T5026] CPU: 0 PID: 5026 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 67.138117][ T5026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 67.148164][ T5026] Call Trace:
[ 67.151445][ T5026]
[ 67.154376][ T5026] dump_stack_lvl+0x1e7/0x2d0
[ 67.159052][ T5026] ? nf_tcp_handle_invalid+0x650/0x650
[ 67.164504][ T5026] ? panic+0x770/0x770
[ 67.168568][ T5026] ? rcu_is_watching+0x15/0xb0
[ 67.173332][ T5026] ? trace_contention_end+0x3c/0xf0
[ 67.178540][ T5026] should_fail_ex+0x3aa/0x4e0
[ 67.183237][ T5026] should_failslab+0x9/0x20
[ 67.187730][ T5026] slab_pre_alloc_hook+0x59/0x2b0
[ 67.192746][ T5026] ? hfs_find_init+0x90/0x1f0
[ 67.197415][ T5026] __kmem_cache_alloc_node+0x4b/0x290
[ 67.202775][ T5026] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 67.208580][ T5026] ? hfs_find_init+0x90/0x1f0
[ 67.213251][ T5026] __kmalloc+0xa8/0x230
[ 67.217407][ T5026] hfs_find_init+0x90/0x1f0
[ 67.221910][ T5026] hfs_extend_file+0x31b/0x1440
[ 67.226763][ T5026] ? hfs_get_block+0xb60/0xb60
[ 67.231525][ T5026] ? lru_cache_disable+0x30/0x30
[ 67.236454][ T5026] ? __might_sleep+0xc0/0xc0
[ 67.241052][ T5026] ? clean_bdev_aliases+0x80a/0x920
[ 67.246246][ T5026] hfs_get_block+0x3e4/0xb60
[ 67.250840][ T5026] ? hfs_free_extents+0x420/0x420
[ 67.255864][ T5026] ? _raw_spin_unlock+0x28/0x40
[ 67.260707][ T5026] ? folio_create_buffers+0x132/0x250
[ 67.266073][ T5026] __block_write_begin_int+0x548/0x1a50
[ 67.271614][ T5026] ? folio_add_lru+0x353/0x6f0
[ 67.276405][ T5026] ? hfs_free_extents+0x420/0x420
[ 67.281424][ T5026] ? PageUptodate+0x290/0x290
[ 67.286110][ T5026] ? folio_test_hugetlb+0xa0/0x1d0
[ 67.291217][ T5026] ? pagecache_get_page+0xeb/0x220
[ 67.296321][ T5026] ? hfs_free_extents+0x420/0x420
[ 67.301337][ T5026] block_write_begin+0x9c/0x1f0
[ 67.306180][ T5026] ? cont_write_begin+0x626/0x880
[ 67.311197][ T5026] cont_write_begin+0x643/0x880
[ 67.316048][ T5026] ? fault_in_readable+0x1db/0x350
[ 67.321154][ T5026] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 67.327036][ T5026] ? fault_in_readable+0x21c/0x350
[ 67.332140][ T5026] ? fault_in_safe_writeable+0x260/0x260
[ 67.337771][ T5026] hfs_write_begin+0x8a/0xd0
[ 67.342354][ T5026] ? hfs_free_extents+0x420/0x420
[ 67.347384][ T5026] generic_perform_write+0x300/0x5e0
[ 67.352671][ T5026] ? generic_file_direct_write+0x460/0x460
[ 67.358471][ T5026] ? __file_remove_privs+0x640/0x640
[ 67.363753][ T5026] ? generic_write_checks+0x160/0x1c0
[ 67.369129][ T5026] __generic_file_write_iter+0x17a/0x400
[ 67.374760][ T5026] generic_file_write_iter+0xaf/0x310
[ 67.380139][ T5026] vfs_write+0x7ec/0xc10
[ 67.384382][ T5026] ? _raw_spin_lock_irqsave+0x120/0x120
[ 67.389932][ T5026] ? file_end_write+0x250/0x250
[ 67.394785][ T5026] ? lockdep_hardirqs_on+0x98/0x140
[ 67.399978][ T5026] ? __fdget_pos+0x265/0x2f0
[ 67.404559][ T5026] ksys_write+0x1a0/0x2c0
[ 67.408893][ T5026] ? __ia32_sys_read+0x90/0x90
[ 67.413654][ T5026] ? syscall_enter_from_user_mode+0x32/0x230
[ 67.419650][ T5026] ? syscall_enter_from_user_mode+0x8c/0x230
[ 67.425623][ T5026] do_syscall_64+0x41/0xc0
[ 67.430036][ T5026] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.436009][ T5026] RIP: 0033:0x7f345c0e09f9
[ 67.440467][ T5026] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 67.460065][ T5026] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 67.468481][ T5026] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 67.476444][ T5026] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5026] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5026] exit_group(0) = ?
[pid 5026] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5026, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/bus") = 0
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./35/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5027
./strace-static-x86_64: Process 5027 attached
[pid 5027] chdir("./36") = 0
[pid 5027] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5027] setpgid(0, 0) = 0
[ 67.484423][ T5026] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 67.492391][ T5026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 67.500352][ T5026] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000023
[ 67.508346][ T5026]
[pid 5027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5027] write(3, "1000", 4) = 4
[pid 5027] close(3) = 0
[pid 5027] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5027] memfd_create("syzkaller", 0) = 3
[pid 5027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5027] munmap(0x7f3453c93000, 32768) = 0
[pid 5027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5027] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5027] close(3) = 0
[pid 5027] mkdir("./bus", 0777) = 0
[pid 5027] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5027] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5027] chdir("./bus") = 0
[pid 5027] ioctl(4, LOOP_CLR_FD) = 0
[pid 5027] close(4) = 0
[pid 5027] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5027] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5027] write(5, "9", 1) = 1
[ 67.554733][ T5027] loop0: detected capacity change from 0 to 64
[ 67.563999][ T5027] hfs: unable to locate alternate MDB
[ 67.569375][ T5027] hfs: continuing without an alternate MDB
[ 67.582813][ T5027] FAULT_INJECTION: forcing a failure.
[ 67.582813][ T5027] name failslab, interval 1, probability 0, space 0, times 0
[ 67.595568][ T5027] CPU: 0 PID: 5027 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 67.605640][ T5027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 67.615690][ T5027] Call Trace:
[ 67.618960][ T5027]
[ 67.621889][ T5027] dump_stack_lvl+0x1e7/0x2d0
[ 67.626572][ T5027] ? nf_tcp_handle_invalid+0x650/0x650
[ 67.632032][ T5027] ? panic+0x770/0x770
[ 67.636097][ T5027] ? rcu_is_watching+0x15/0xb0
[ 67.640857][ T5027] ? trace_contention_end+0x3c/0xf0
[ 67.646052][ T5027] should_fail_ex+0x3aa/0x4e0
[ 67.650725][ T5027] should_failslab+0x9/0x20
[ 67.655220][ T5027] slab_pre_alloc_hook+0x59/0x2b0
[ 67.660239][ T5027] ? hfs_find_init+0x90/0x1f0
[ 67.664909][ T5027] __kmem_cache_alloc_node+0x4b/0x290
[ 67.670278][ T5027] ? hfs_find_init+0x90/0x1f0
[ 67.674949][ T5027] __kmalloc+0xa8/0x230
[ 67.679104][ T5027] hfs_find_init+0x90/0x1f0
[ 67.683601][ T5027] hfs_extend_file+0x31b/0x1440
[ 67.688457][ T5027] ? hfs_get_block+0xb60/0xb60
[ 67.693217][ T5027] ? find_lock_entries+0x10f0/0x10f0
[ 67.698507][ T5027] ? clean_bdev_aliases+0x7f9/0x920
[ 67.703698][ T5027] hfs_get_block+0x3e4/0xb60
[ 67.708292][ T5027] ? hfs_free_extents+0x420/0x420
[ 67.713317][ T5027] ? _raw_spin_unlock+0x28/0x40
[ 67.718163][ T5027] ? folio_create_buffers+0x132/0x250
[ 67.723529][ T5027] __block_write_begin_int+0x548/0x1a50
[ 67.729067][ T5027] ? folio_add_lru+0x353/0x6f0
[ 67.733862][ T5027] ? hfs_free_extents+0x420/0x420
[ 67.738883][ T5027] ? PageUptodate+0x290/0x290
[ 67.743553][ T5027] ? folio_test_hugetlb+0xa0/0x1d0
[ 67.748662][ T5027] ? pagecache_get_page+0xeb/0x220
[ 67.753764][ T5027] ? hfs_free_extents+0x420/0x420
[ 67.758780][ T5027] block_write_begin+0x9c/0x1f0
[ 67.763623][ T5027] ? cont_write_begin+0x626/0x880
[ 67.768666][ T5027] cont_write_begin+0x643/0x880
[ 67.773526][ T5027] ? fault_in_readable+0x1db/0x350
[ 67.778629][ T5027] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 67.784511][ T5027] ? fault_in_readable+0x21c/0x350
[ 67.789615][ T5027] ? fault_in_safe_writeable+0x260/0x260
[ 67.795243][ T5027] hfs_write_begin+0x8a/0xd0
[ 67.799829][ T5027] ? hfs_free_extents+0x420/0x420
[ 67.804857][ T5027] generic_perform_write+0x300/0x5e0
[ 67.810147][ T5027] ? generic_file_direct_write+0x460/0x460
[ 67.815951][ T5027] ? __file_remove_privs+0x640/0x640
[ 67.821254][ T5027] ? generic_write_checks+0x160/0x1c0
[ 67.826622][ T5027] __generic_file_write_iter+0x17a/0x400
[ 67.832252][ T5027] generic_file_write_iter+0xaf/0x310
[ 67.837619][ T5027] vfs_write+0x7ec/0xc10
[ 67.841863][ T5027] ? _raw_spin_lock_irqsave+0x120/0x120
[ 67.847408][ T5027] ? file_end_write+0x250/0x250
[ 67.852262][ T5027] ? lockdep_hardirqs_on+0x98/0x140
[ 67.857455][ T5027] ? __fdget_pos+0x265/0x2f0
[ 67.862042][ T5027] ksys_write+0x1a0/0x2c0
[ 67.866373][ T5027] ? __ia32_sys_read+0x90/0x90
[ 67.871147][ T5027] ? syscall_enter_from_user_mode+0x32/0x230
[ 67.877124][ T5027] ? syscall_enter_from_user_mode+0x8c/0x230
[ 67.883121][ T5027] do_syscall_64+0x41/0xc0
[ 67.887535][ T5027] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.893421][ T5027] RIP: 0033:0x7f345c0e09f9
[ 67.897831][ T5027] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 67.917430][ T5027] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 67.925843][ T5027] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 67.933805][ T5027] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 67.941770][ T5027] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5027] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5027] exit_group(0) = ?
[pid 5027] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5027, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/bus") = 0
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./36/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5028
./strace-static-x86_64: Process 5028 attached
[pid 5028] chdir("./37") = 0
[pid 5028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5028] setpgid(0, 0) = 0
[pid 5028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5028] write(3, "1000", 4) = 4
[pid 5028] close(3) = 0
[pid 5028] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5028] memfd_create("syzkaller", 0) = 3
[pid 5028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5028] munmap(0x7f3453c93000, 32768) = 0
[pid 5028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 67.949730][ T5027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 67.957692][ T5027] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000024
[ 67.965684][ T5027]
[pid 5028] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5028] close(3) = 0
[pid 5028] mkdir("./bus", 0777) = 0
[pid 5028] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5028] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5028] chdir("./bus") = 0
[pid 5028] ioctl(4, LOOP_CLR_FD) = 0
[pid 5028] close(4) = 0
[pid 5028] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5028] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5028] write(5, "9", 1) = 1
[ 68.006942][ T5028] loop0: detected capacity change from 0 to 64
[ 68.016521][ T5028] hfs: unable to locate alternate MDB
[ 68.022233][ T5028] hfs: continuing without an alternate MDB
[ 68.035493][ T5028] FAULT_INJECTION: forcing a failure.
[ 68.035493][ T5028] name failslab, interval 1, probability 0, space 0, times 0
[ 68.048899][ T5028] CPU: 0 PID: 5028 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 68.058979][ T5028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 68.069024][ T5028] Call Trace:
[ 68.072294][ T5028]
[ 68.075225][ T5028] dump_stack_lvl+0x1e7/0x2d0
[ 68.079906][ T5028] ? nf_tcp_handle_invalid+0x650/0x650
[ 68.085362][ T5028] ? panic+0x770/0x770
[ 68.089430][ T5028] ? rcu_is_watching+0x15/0xb0
[ 68.094186][ T5028] ? trace_contention_end+0x3c/0xf0
[ 68.099381][ T5028] should_fail_ex+0x3aa/0x4e0
[ 68.104074][ T5028] should_failslab+0x9/0x20
[ 68.108583][ T5028] slab_pre_alloc_hook+0x59/0x2b0
[ 68.113605][ T5028] ? hfs_find_init+0x90/0x1f0
[ 68.118283][ T5028] __kmem_cache_alloc_node+0x4b/0x290
[ 68.123662][ T5028] ? hfs_find_init+0x90/0x1f0
[ 68.128342][ T5028] __kmalloc+0xa8/0x230
[ 68.132508][ T5028] hfs_find_init+0x90/0x1f0
[ 68.137014][ T5028] hfs_extend_file+0x31b/0x1440
[ 68.141895][ T5028] ? hfs_get_block+0xb60/0xb60
[ 68.146658][ T5028] ? find_lock_entries+0x10f0/0x10f0
[ 68.151949][ T5028] ? clean_bdev_aliases+0x7f9/0x920
[ 68.157145][ T5028] hfs_get_block+0x3e4/0xb60
[ 68.161742][ T5028] ? hfs_free_extents+0x420/0x420
[ 68.166772][ T5028] ? _raw_spin_unlock+0x28/0x40
[ 68.171636][ T5028] ? folio_create_buffers+0x132/0x250
[ 68.177009][ T5028] __block_write_begin_int+0x548/0x1a50
[ 68.182548][ T5028] ? folio_add_lru+0x353/0x6f0
[ 68.187321][ T5028] ? hfs_free_extents+0x420/0x420
[ 68.192344][ T5028] ? PageUptodate+0x290/0x290
[ 68.197016][ T5028] ? folio_test_hugetlb+0xa0/0x1d0
[ 68.202149][ T5028] ? pagecache_get_page+0xeb/0x220
[ 68.207277][ T5028] ? hfs_free_extents+0x420/0x420
[ 68.212314][ T5028] block_write_begin+0x9c/0x1f0
[ 68.217163][ T5028] ? cont_write_begin+0x626/0x880
[ 68.222186][ T5028] cont_write_begin+0x643/0x880
[ 68.227051][ T5028] ? fault_in_readable+0x1db/0x350
[ 68.232164][ T5028] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 68.238054][ T5028] ? fault_in_readable+0x21c/0x350
[ 68.243159][ T5028] ? fault_in_safe_writeable+0x260/0x260
[ 68.248802][ T5028] hfs_write_begin+0x8a/0xd0
[ 68.253395][ T5028] ? hfs_free_extents+0x420/0x420
[ 68.258420][ T5028] generic_perform_write+0x300/0x5e0
[ 68.263726][ T5028] ? generic_file_direct_write+0x460/0x460
[ 68.269529][ T5028] ? __file_remove_privs+0x640/0x640
[ 68.274812][ T5028] ? generic_write_checks+0x160/0x1c0
[ 68.280182][ T5028] __generic_file_write_iter+0x17a/0x400
[ 68.285813][ T5028] generic_file_write_iter+0xaf/0x310
[ 68.291185][ T5028] vfs_write+0x7ec/0xc10
[ 68.295435][ T5028] ? _raw_spin_lock_irqsave+0x120/0x120
[ 68.300981][ T5028] ? file_end_write+0x250/0x250
[ 68.305839][ T5028] ? lockdep_hardirqs_on+0x98/0x140
[ 68.311036][ T5028] ? __fdget_pos+0x265/0x2f0
[ 68.315624][ T5028] ksys_write+0x1a0/0x2c0
[ 68.319958][ T5028] ? __ia32_sys_read+0x90/0x90
[ 68.324724][ T5028] ? syscall_enter_from_user_mode+0x32/0x230
[ 68.330719][ T5028] ? syscall_enter_from_user_mode+0x8c/0x230
[ 68.336704][ T5028] do_syscall_64+0x41/0xc0
[ 68.341126][ T5028] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.347014][ T5028] RIP: 0033:0x7f345c0e09f9
[ 68.351427][ T5028] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 68.371027][ T5028] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 68.379437][ T5028] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 68.387491][ T5028] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 68.395457][ T5028] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5028] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5028] exit_group(0) = ?
[pid 5028] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5028, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/bus") = 0
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./37/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5029
./strace-static-x86_64: Process 5029 attached
[pid 5029] chdir("./38") = 0
[pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5029] setpgid(0, 0) = 0
[pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5029] write(3, "1000", 4) = 4
[pid 5029] close(3) = 0
[pid 5029] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5029] memfd_create("syzkaller", 0) = 3
[pid 5029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5029] munmap(0x7f3453c93000, 32768) = 0
[pid 5029] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 68.403425][ T5028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 68.411390][ T5028] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000025
[ 68.419367][ T5028]
[pid 5029] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5029] close(3) = 0
[pid 5029] mkdir("./bus", 0777) = 0
[pid 5029] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5029] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5029] chdir("./bus") = 0
[pid 5029] ioctl(4, LOOP_CLR_FD) = 0
[pid 5029] close(4) = 0
[pid 5029] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5029] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5029] write(5, "9", 1) = 1
[ 68.460395][ T5029] loop0: detected capacity change from 0 to 64
[ 68.469713][ T5029] hfs: unable to locate alternate MDB
[ 68.475471][ T5029] hfs: continuing without an alternate MDB
[ 68.491932][ T5029] FAULT_INJECTION: forcing a failure.
[ 68.491932][ T5029] name failslab, interval 1, probability 0, space 0, times 0
[ 68.504734][ T5029] CPU: 1 PID: 5029 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 68.514816][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 68.524874][ T5029] Call Trace:
[ 68.528143][ T5029]
[ 68.531078][ T5029] dump_stack_lvl+0x1e7/0x2d0
[ 68.535788][ T5029] ? nf_tcp_handle_invalid+0x650/0x650
[ 68.541273][ T5029] ? panic+0x770/0x770
[ 68.545357][ T5029] ? rcu_is_watching+0x15/0xb0
[ 68.550128][ T5029] ? trace_contention_end+0x3c/0xf0
[ 68.555329][ T5029] should_fail_ex+0x3aa/0x4e0
[ 68.560017][ T5029] should_failslab+0x9/0x20
[ 68.564521][ T5029] slab_pre_alloc_hook+0x59/0x2b0
[ 68.569554][ T5029] ? hfs_find_init+0x90/0x1f0
[ 68.574231][ T5029] __kmem_cache_alloc_node+0x4b/0x290
[ 68.579627][ T5029] ? hfs_find_init+0x90/0x1f0
[ 68.584314][ T5029] __kmalloc+0xa8/0x230
[ 68.588464][ T5029] hfs_find_init+0x90/0x1f0
[ 68.592967][ T5029] hfs_extend_file+0x31b/0x1440
[ 68.597829][ T5029] ? hfs_get_block+0xb60/0xb60
[ 68.602593][ T5029] ? find_lock_entries+0x10f0/0x10f0
[ 68.607884][ T5029] ? clean_bdev_aliases+0x7f9/0x920
[ 68.613076][ T5029] hfs_get_block+0x3e4/0xb60
[ 68.617669][ T5029] ? hfs_free_extents+0x420/0x420
[ 68.622707][ T5029] ? _raw_spin_unlock+0x28/0x40
[ 68.627549][ T5029] ? folio_create_buffers+0x132/0x250
[ 68.632911][ T5029] __block_write_begin_int+0x548/0x1a50
[ 68.638445][ T5029] ? folio_add_lru+0x353/0x6f0
[ 68.643213][ T5029] ? hfs_free_extents+0x420/0x420
[ 68.648230][ T5029] ? PageUptodate+0x290/0x290
[ 68.652906][ T5029] ? folio_test_hugetlb+0xa0/0x1d0
[ 68.658027][ T5029] ? pagecache_get_page+0xeb/0x220
[ 68.663141][ T5029] ? hfs_free_extents+0x420/0x420
[ 68.668157][ T5029] block_write_begin+0x9c/0x1f0
[ 68.673007][ T5029] ? cont_write_begin+0x626/0x880
[ 68.678040][ T5029] cont_write_begin+0x643/0x880
[ 68.682887][ T5029] ? fault_in_readable+0x1db/0x350
[ 68.687998][ T5029] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 68.693896][ T5029] ? fault_in_readable+0x21c/0x350
[ 68.698997][ T5029] ? fault_in_safe_writeable+0x260/0x260
[ 68.704623][ T5029] hfs_write_begin+0x8a/0xd0
[ 68.709202][ T5029] ? hfs_free_extents+0x420/0x420
[ 68.714217][ T5029] generic_perform_write+0x300/0x5e0
[ 68.719500][ T5029] ? generic_file_direct_write+0x460/0x460
[ 68.725297][ T5029] ? __file_remove_privs+0x640/0x640
[ 68.730574][ T5029] ? generic_write_checks+0x160/0x1c0
[ 68.735938][ T5029] __generic_file_write_iter+0x17a/0x400
[ 68.741563][ T5029] generic_file_write_iter+0xaf/0x310
[ 68.746928][ T5029] vfs_write+0x7ec/0xc10
[ 68.751174][ T5029] ? _raw_spin_lock_irqsave+0x120/0x120
[ 68.756749][ T5029] ? file_end_write+0x250/0x250
[ 68.761615][ T5029] ? lockdep_hardirqs_on+0x98/0x140
[ 68.766804][ T5029] ? __fdget_pos+0x265/0x2f0
[ 68.771399][ T5029] ksys_write+0x1a0/0x2c0
[ 68.775744][ T5029] ? __ia32_sys_read+0x90/0x90
[ 68.780498][ T5029] ? syscall_enter_from_user_mode+0x32/0x230
[ 68.786480][ T5029] ? syscall_enter_from_user_mode+0x8c/0x230
[ 68.792450][ T5029] do_syscall_64+0x41/0xc0
[ 68.796859][ T5029] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.802748][ T5029] RIP: 0033:0x7f345c0e09f9
[ 68.807153][ T5029] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 68.826755][ T5029] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 68.835175][ T5029] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 68.843136][ T5029] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 68.851094][ T5029] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5029] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5029] exit_group(0) = ?
[pid 5029] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5029, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/bus") = 0
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./38/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
[ 68.859061][ T5029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 68.867043][ T5029] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000026
[ 68.875044][ T5029]
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5030
./strace-static-x86_64: Process 5030 attached
[pid 5030] chdir("./39") = 0
[pid 5030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5030] setpgid(0, 0) = 0
[pid 5030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5030] write(3, "1000", 4) = 4
[pid 5030] close(3) = 0
[pid 5030] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5030] memfd_create("syzkaller", 0) = 3
[pid 5030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5030] munmap(0x7f3453c93000, 32768) = 0
[pid 5030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5030] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5030] close(3) = 0
[pid 5030] mkdir("./bus", 0777) = 0
[pid 5030] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5030] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5030] chdir("./bus") = 0
[pid 5030] ioctl(4, LOOP_CLR_FD) = 0
[pid 5030] close(4) = 0
[pid 5030] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5030] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5030] write(5, "9", 1) = 1
[ 68.918285][ T5030] loop0: detected capacity change from 0 to 64
[ 68.928406][ T5030] hfs: unable to locate alternate MDB
[ 68.934469][ T5030] hfs: continuing without an alternate MDB
[ 68.946349][ T5030] FAULT_INJECTION: forcing a failure.
[ 68.946349][ T5030] name failslab, interval 1, probability 0, space 0, times 0
[ 68.959139][ T5030] CPU: 0 PID: 5030 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 68.969218][ T5030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 68.979275][ T5030] Call Trace:
[ 68.982561][ T5030]
[ 68.985541][ T5030] dump_stack_lvl+0x1e7/0x2d0
[ 68.990222][ T5030] ? nf_tcp_handle_invalid+0x650/0x650
[ 68.995676][ T5030] ? panic+0x770/0x770
[ 68.999747][ T5030] ? rcu_is_watching+0x15/0xb0
[ 69.004517][ T5030] ? trace_contention_end+0x3c/0xf0
[ 69.009726][ T5030] should_fail_ex+0x3aa/0x4e0
[ 69.014403][ T5030] should_failslab+0x9/0x20
[ 69.018895][ T5030] slab_pre_alloc_hook+0x59/0x2b0
[ 69.023916][ T5030] ? hfs_find_init+0x90/0x1f0
[ 69.028588][ T5030] __kmem_cache_alloc_node+0x4b/0x290
[ 69.033953][ T5030] ? hfs_find_init+0x90/0x1f0
[ 69.038632][ T5030] __kmalloc+0xa8/0x230
[ 69.042793][ T5030] hfs_find_init+0x90/0x1f0
[ 69.047290][ T5030] hfs_extend_file+0x31b/0x1440
[ 69.052159][ T5030] ? hfs_get_block+0xb60/0xb60
[ 69.056939][ T5030] ? find_lock_entries+0x10f0/0x10f0
[ 69.062222][ T5030] ? clean_bdev_aliases+0x7f9/0x920
[ 69.067413][ T5030] hfs_get_block+0x3e4/0xb60
[ 69.072005][ T5030] ? hfs_free_extents+0x420/0x420
[ 69.077030][ T5030] ? _raw_spin_unlock+0x28/0x40
[ 69.081884][ T5030] ? folio_create_buffers+0x132/0x250
[ 69.087277][ T5030] __block_write_begin_int+0x548/0x1a50
[ 69.092845][ T5030] ? folio_add_lru+0x353/0x6f0
[ 69.097625][ T5030] ? hfs_free_extents+0x420/0x420
[ 69.102640][ T5030] ? PageUptodate+0x290/0x290
[ 69.107305][ T5030] ? folio_test_hugetlb+0xa0/0x1d0
[ 69.112411][ T5030] ? pagecache_get_page+0xeb/0x220
[ 69.117511][ T5030] ? hfs_free_extents+0x420/0x420
[ 69.122535][ T5030] block_write_begin+0x9c/0x1f0
[ 69.127394][ T5030] ? cont_write_begin+0x626/0x880
[ 69.132410][ T5030] cont_write_begin+0x643/0x880
[ 69.137294][ T5030] ? fault_in_readable+0x1db/0x350
[ 69.142412][ T5030] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 69.148294][ T5030] ? fault_in_readable+0x21c/0x350
[ 69.153467][ T5030] ? fault_in_safe_writeable+0x260/0x260
[ 69.159109][ T5030] hfs_write_begin+0x8a/0xd0
[ 69.163689][ T5030] ? hfs_free_extents+0x420/0x420
[ 69.168709][ T5030] generic_perform_write+0x300/0x5e0
[ 69.173991][ T5030] ? generic_file_direct_write+0x460/0x460
[ 69.179788][ T5030] ? __file_remove_privs+0x640/0x640
[ 69.185069][ T5030] ? generic_write_checks+0x160/0x1c0
[ 69.190436][ T5030] __generic_file_write_iter+0x17a/0x400
[ 69.196063][ T5030] generic_file_write_iter+0xaf/0x310
[ 69.201429][ T5030] vfs_write+0x7ec/0xc10
[ 69.205664][ T5030] ? _raw_spin_lock_irqsave+0x120/0x120
[ 69.211204][ T5030] ? file_end_write+0x250/0x250
[ 69.216051][ T5030] ? lockdep_hardirqs_on+0x98/0x140
[ 69.221240][ T5030] ? __fdget_pos+0x265/0x2f0
[ 69.225820][ T5030] ksys_write+0x1a0/0x2c0
[ 69.230155][ T5030] ? __ia32_sys_read+0x90/0x90
[ 69.234936][ T5030] ? syscall_enter_from_user_mode+0x32/0x230
[ 69.240916][ T5030] ? syscall_enter_from_user_mode+0x8c/0x230
[ 69.246888][ T5030] do_syscall_64+0x41/0xc0
[ 69.251330][ T5030] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.257225][ T5030] RIP: 0033:0x7f345c0e09f9
[ 69.261674][ T5030] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 69.281283][ T5030] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 69.289701][ T5030] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 69.297685][ T5030] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 69.305660][ T5030] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5030] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5030] exit_group(0) = ?
[pid 5030] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5030, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/bus") = 0
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./39/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5031
./strace-static-x86_64: Process 5031 attached
[pid 5031] chdir("./40") = 0
[pid 5031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5031] setpgid(0, 0) = 0
[pid 5031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5031] write(3, "1000", 4) = 4
[pid 5031] close(3) = 0
[pid 5031] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5031] memfd_create("syzkaller", 0) = 3
[pid 5031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5031] munmap(0x7f3453c93000, 32768) = 0
[pid 5031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 69.313627][ T5030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 69.321583][ T5030] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000027
[ 69.329552][ T5030]
[pid 5031] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5031] close(3) = 0
[pid 5031] mkdir("./bus", 0777) = 0
[pid 5031] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5031] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5031] chdir("./bus") = 0
[pid 5031] ioctl(4, LOOP_CLR_FD) = 0
[pid 5031] close(4) = 0
[pid 5031] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5031] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5031] write(5, "9", 1) = 1
[ 69.379867][ T5031] loop0: detected capacity change from 0 to 64
[ 69.389064][ T5031] hfs: unable to locate alternate MDB
[ 69.394790][ T5031] hfs: continuing without an alternate MDB
[ 69.412431][ T5031] FAULT_INJECTION: forcing a failure.
[ 69.412431][ T5031] name failslab, interval 1, probability 0, space 0, times 0
[ 69.425329][ T5031] CPU: 1 PID: 5031 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 69.435402][ T5031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 69.445445][ T5031] Call Trace:
[ 69.448711][ T5031]
[ 69.451627][ T5031] dump_stack_lvl+0x1e7/0x2d0
[ 69.456301][ T5031] ? nf_tcp_handle_invalid+0x650/0x650
[ 69.461750][ T5031] ? panic+0x770/0x770
[ 69.465806][ T5031] ? rcu_is_watching+0x15/0xb0
[ 69.470554][ T5031] ? trace_contention_end+0x3c/0xf0
[ 69.475740][ T5031] should_fail_ex+0x3aa/0x4e0
[ 69.480409][ T5031] should_failslab+0x9/0x20
[ 69.484903][ T5031] slab_pre_alloc_hook+0x59/0x2b0
[ 69.489930][ T5031] ? hfs_find_init+0x90/0x1f0
[ 69.494600][ T5031] __kmem_cache_alloc_node+0x4b/0x290
[ 69.499968][ T5031] ? hfs_find_init+0x90/0x1f0
[ 69.504635][ T5031] __kmalloc+0xa8/0x230
[ 69.508787][ T5031] hfs_find_init+0x90/0x1f0
[ 69.513285][ T5031] hfs_extend_file+0x31b/0x1440
[ 69.518136][ T5031] ? hfs_get_block+0xb60/0xb60
[ 69.522895][ T5031] ? find_lock_entries+0x10f0/0x10f0
[ 69.528186][ T5031] ? clean_bdev_aliases+0x7f9/0x920
[ 69.533383][ T5031] hfs_get_block+0x3e4/0xb60
[ 69.537976][ T5031] ? hfs_free_extents+0x420/0x420
[ 69.543000][ T5031] ? _raw_spin_unlock+0x28/0x40
[ 69.547844][ T5031] ? folio_create_buffers+0x132/0x250
[ 69.553211][ T5031] __block_write_begin_int+0x548/0x1a50
[ 69.558750][ T5031] ? folio_add_lru+0x353/0x6f0
[ 69.563519][ T5031] ? hfs_free_extents+0x420/0x420
[ 69.568539][ T5031] ? PageUptodate+0x290/0x290
[ 69.573207][ T5031] ? folio_test_hugetlb+0xa0/0x1d0
[ 69.578316][ T5031] ? pagecache_get_page+0xeb/0x220
[ 69.583420][ T5031] ? hfs_free_extents+0x420/0x420
[ 69.588436][ T5031] block_write_begin+0x9c/0x1f0
[ 69.593280][ T5031] ? cont_write_begin+0x626/0x880
[ 69.598298][ T5031] cont_write_begin+0x643/0x880
[ 69.603147][ T5031] ? fault_in_readable+0x1db/0x350
[ 69.608251][ T5031] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 69.614220][ T5031] ? fault_in_readable+0x21c/0x350
[ 69.619326][ T5031] ? fault_in_safe_writeable+0x260/0x260
[ 69.624958][ T5031] hfs_write_begin+0x8a/0xd0
[ 69.629546][ T5031] ? hfs_free_extents+0x420/0x420
[ 69.634568][ T5031] generic_perform_write+0x300/0x5e0
[ 69.639855][ T5031] ? generic_file_direct_write+0x460/0x460
[ 69.645680][ T5031] ? __file_remove_privs+0x640/0x640
[ 69.650966][ T5031] ? generic_write_checks+0x160/0x1c0
[ 69.656423][ T5031] __generic_file_write_iter+0x17a/0x400
[ 69.662052][ T5031] generic_file_write_iter+0xaf/0x310
[ 69.667420][ T5031] vfs_write+0x7ec/0xc10
[ 69.671661][ T5031] ? _raw_spin_lock_irqsave+0x120/0x120
[ 69.677210][ T5031] ? file_end_write+0x250/0x250
[ 69.682065][ T5031] ? lockdep_hardirqs_on+0x98/0x140
[ 69.687260][ T5031] ? __fdget_pos+0x265/0x2f0
[ 69.691843][ T5031] ksys_write+0x1a0/0x2c0
[ 69.696175][ T5031] ? __ia32_sys_read+0x90/0x90
[ 69.700934][ T5031] ? syscall_enter_from_user_mode+0x32/0x230
[ 69.706918][ T5031] ? syscall_enter_from_user_mode+0x8c/0x230
[ 69.712891][ T5031] do_syscall_64+0x41/0xc0
[ 69.717306][ T5031] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.723194][ T5031] RIP: 0033:0x7f345c0e09f9
[ 69.727600][ T5031] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 69.747196][ T5031] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 69.755603][ T5031] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 69.763583][ T5031] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 69.771548][ T5031] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5031] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5031] exit_group(0) = ?
[pid 5031] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5031, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/bus") = 0
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./40/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5032
./strace-static-x86_64: Process 5032 attached
[pid 5032] chdir("./41") = 0
[pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5032] setpgid(0, 0) = 0
[pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5032] write(3, "1000", 4) = 4
[pid 5032] close(3) = 0
[pid 5032] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5032] memfd_create("syzkaller", 0) = 3
[pid 5032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5032] munmap(0x7f3453c93000, 32768) = 0
[pid 5032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 69.779509][ T5031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 69.787643][ T5031] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000028
[ 69.795617][ T5031]
[pid 5032] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5032] close(3) = 0
[pid 5032] mkdir("./bus", 0777) = 0
[pid 5032] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5032] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5032] chdir("./bus") = 0
[pid 5032] ioctl(4, LOOP_CLR_FD) = 0
[pid 5032] close(4) = 0
[pid 5032] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5032] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5032] write(5, "9", 1) = 1
[ 69.839782][ T5032] loop0: detected capacity change from 0 to 64
[ 69.848477][ T5032] hfs: unable to locate alternate MDB
[ 69.854054][ T5032] hfs: continuing without an alternate MDB
[ 69.870843][ T5032] FAULT_INJECTION: forcing a failure.
[ 69.870843][ T5032] name failslab, interval 1, probability 0, space 0, times 0
[ 69.883589][ T5032] CPU: 0 PID: 5032 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 69.893668][ T5032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 69.903710][ T5032] Call Trace:
[ 69.906981][ T5032]
[ 69.909908][ T5032] dump_stack_lvl+0x1e7/0x2d0
[ 69.914600][ T5032] ? nf_tcp_handle_invalid+0x650/0x650
[ 69.920048][ T5032] ? panic+0x770/0x770
[ 69.924108][ T5032] ? rcu_is_watching+0x15/0xb0
[ 69.928864][ T5032] ? trace_contention_end+0x3c/0xf0
[ 69.934054][ T5032] should_fail_ex+0x3aa/0x4e0
[ 69.938724][ T5032] should_failslab+0x9/0x20
[ 69.943230][ T5032] slab_pre_alloc_hook+0x59/0x2b0
[ 69.948263][ T5032] ? hfs_find_init+0x90/0x1f0
[ 69.952941][ T5032] __kmem_cache_alloc_node+0x4b/0x290
[ 69.958330][ T5032] ? hfs_find_init+0x90/0x1f0
[ 69.963021][ T5032] __kmalloc+0xa8/0x230
[ 69.967181][ T5032] hfs_find_init+0x90/0x1f0
[ 69.971689][ T5032] hfs_extend_file+0x31b/0x1440
[ 69.976557][ T5032] ? hfs_get_block+0xb60/0xb60
[ 69.981329][ T5032] ? find_lock_entries+0x10f0/0x10f0
[ 69.986644][ T5032] ? clean_bdev_aliases+0x7f9/0x920
[ 69.991848][ T5032] hfs_get_block+0x3e4/0xb60
[ 69.996456][ T5032] ? hfs_free_extents+0x420/0x420
[ 70.001497][ T5032] ? _raw_spin_unlock+0x28/0x40
[ 70.006346][ T5032] ? folio_create_buffers+0x132/0x250
[ 70.011727][ T5032] __block_write_begin_int+0x548/0x1a50
[ 70.017274][ T5032] ? folio_add_lru+0x353/0x6f0
[ 70.022057][ T5032] ? hfs_free_extents+0x420/0x420
[ 70.027117][ T5032] ? PageUptodate+0x290/0x290
[ 70.031800][ T5032] ? folio_test_hugetlb+0xa0/0x1d0
[ 70.036925][ T5032] ? pagecache_get_page+0xeb/0x220
[ 70.042029][ T5032] ? hfs_free_extents+0x420/0x420
[ 70.047076][ T5032] block_write_begin+0x9c/0x1f0
[ 70.051919][ T5032] ? cont_write_begin+0x626/0x880
[ 70.056933][ T5032] cont_write_begin+0x643/0x880
[ 70.061791][ T5032] ? fault_in_readable+0x1db/0x350
[ 70.066911][ T5032] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 70.072799][ T5032] ? fault_in_readable+0x21c/0x350
[ 70.077918][ T5032] ? fault_in_safe_writeable+0x260/0x260
[ 70.083559][ T5032] hfs_write_begin+0x8a/0xd0
[ 70.088166][ T5032] ? hfs_free_extents+0x420/0x420
[ 70.093199][ T5032] generic_perform_write+0x300/0x5e0
[ 70.098503][ T5032] ? generic_file_direct_write+0x460/0x460
[ 70.104330][ T5032] ? __file_remove_privs+0x640/0x640
[ 70.109624][ T5032] ? generic_write_checks+0x160/0x1c0
[ 70.115008][ T5032] __generic_file_write_iter+0x17a/0x400
[ 70.120648][ T5032] generic_file_write_iter+0xaf/0x310
[ 70.126013][ T5032] vfs_write+0x7ec/0xc10
[ 70.130249][ T5032] ? _raw_spin_lock_irqsave+0x120/0x120
[ 70.135789][ T5032] ? file_end_write+0x250/0x250
[ 70.140653][ T5032] ? lockdep_hardirqs_on+0x98/0x140
[ 70.145868][ T5032] ? __fdget_pos+0x265/0x2f0
[ 70.150462][ T5032] ksys_write+0x1a0/0x2c0
[ 70.154786][ T5032] ? __ia32_sys_read+0x90/0x90
[ 70.159548][ T5032] ? syscall_enter_from_user_mode+0x32/0x230
[ 70.165518][ T5032] ? syscall_enter_from_user_mode+0x8c/0x230
[ 70.171500][ T5032] do_syscall_64+0x41/0xc0
[ 70.175929][ T5032] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.181815][ T5032] RIP: 0033:0x7f345c0e09f9
[ 70.186226][ T5032] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 70.205922][ T5032] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 70.214336][ T5032] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 70.222299][ T5032] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 70.230258][ T5032] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5032] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5032] exit_group(0) = ?
[pid 5032] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5032, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/bus") = 0
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./41/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 70.238217][ T5032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 70.246179][ T5032] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000029
[ 70.254171][ T5032]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5033
./strace-static-x86_64: Process 5033 attached
[pid 5033] chdir("./42") = 0
[pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5033] setpgid(0, 0) = 0
[pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5033] write(3, "1000", 4) = 4
[pid 5033] close(3) = 0
[pid 5033] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5033] memfd_create("syzkaller", 0) = 3
[pid 5033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5033] munmap(0x7f3453c93000, 32768) = 0
[pid 5033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5033] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5033] close(3) = 0
[pid 5033] mkdir("./bus", 0777) = 0
[pid 5033] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5033] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5033] chdir("./bus") = 0
[pid 5033] ioctl(4, LOOP_CLR_FD) = 0
[pid 5033] close(4) = 0
[pid 5033] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5033] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5033] write(5, "9", 1) = 1
[ 70.297785][ T5033] loop0: detected capacity change from 0 to 64
[ 70.309991][ T5033] hfs: unable to locate alternate MDB
[ 70.316252][ T5033] hfs: continuing without an alternate MDB
[ 70.340778][ T5033] FAULT_INJECTION: forcing a failure.
[ 70.340778][ T5033] name failslab, interval 1, probability 0, space 0, times 0
[ 70.353653][ T5033] CPU: 1 PID: 5033 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 70.363733][ T5033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 70.373775][ T5033] Call Trace:
[ 70.377049][ T5033]
[ 70.379983][ T5033] dump_stack_lvl+0x1e7/0x2d0
[ 70.384679][ T5033] ? nf_tcp_handle_invalid+0x650/0x650
[ 70.390132][ T5033] ? panic+0x770/0x770
[ 70.394193][ T5033] ? rcu_is_watching+0x15/0xb0
[ 70.398948][ T5033] ? trace_contention_end+0x3c/0xf0
[ 70.404144][ T5033] should_fail_ex+0x3aa/0x4e0
[ 70.408823][ T5033] should_failslab+0x9/0x20
[ 70.413323][ T5033] slab_pre_alloc_hook+0x59/0x2b0
[ 70.418342][ T5033] ? hfs_find_init+0x90/0x1f0
[ 70.423015][ T5033] __kmem_cache_alloc_node+0x4b/0x290
[ 70.428381][ T5033] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 70.434191][ T5033] ? hfs_find_init+0x90/0x1f0
[ 70.438866][ T5033] __kmalloc+0xa8/0x230
[ 70.443019][ T5033] hfs_find_init+0x90/0x1f0
[ 70.447519][ T5033] hfs_extend_file+0x31b/0x1440
[ 70.452374][ T5033] ? hfs_get_block+0xb60/0xb60
[ 70.457138][ T5033] ? lru_cache_disable+0x30/0x30
[ 70.462071][ T5033] ? __might_sleep+0xc0/0xc0
[ 70.466674][ T5033] ? clean_bdev_aliases+0x80a/0x920
[ 70.471867][ T5033] hfs_get_block+0x3e4/0xb60
[ 70.476459][ T5033] ? hfs_free_extents+0x420/0x420
[ 70.481486][ T5033] ? _raw_spin_unlock+0x28/0x40
[ 70.486327][ T5033] ? folio_create_buffers+0x132/0x250
[ 70.491695][ T5033] __block_write_begin_int+0x548/0x1a50
[ 70.497252][ T5033] ? folio_add_lru+0x353/0x6f0
[ 70.502033][ T5033] ? hfs_free_extents+0x420/0x420
[ 70.507073][ T5033] ? PageUptodate+0x290/0x290
[ 70.511743][ T5033] ? folio_test_hugetlb+0xa0/0x1d0
[ 70.516853][ T5033] ? pagecache_get_page+0xeb/0x220
[ 70.521957][ T5033] ? hfs_free_extents+0x420/0x420
[ 70.526976][ T5033] block_write_begin+0x9c/0x1f0
[ 70.531819][ T5033] ? cont_write_begin+0x626/0x880
[ 70.536841][ T5033] cont_write_begin+0x643/0x880
[ 70.541692][ T5033] ? fault_in_readable+0x1db/0x350
[ 70.546796][ T5033] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 70.552702][ T5033] ? fault_in_readable+0x21c/0x350
[ 70.557807][ T5033] ? fault_in_safe_writeable+0x260/0x260
[ 70.563442][ T5033] hfs_write_begin+0x8a/0xd0
[ 70.568032][ T5033] ? hfs_free_extents+0x420/0x420
[ 70.573057][ T5033] generic_perform_write+0x300/0x5e0
[ 70.578357][ T5033] ? generic_file_direct_write+0x460/0x460
[ 70.584160][ T5033] ? __file_remove_privs+0x640/0x640
[ 70.589439][ T5033] ? generic_write_checks+0x160/0x1c0
[ 70.594805][ T5033] __generic_file_write_iter+0x17a/0x400
[ 70.600436][ T5033] generic_file_write_iter+0xaf/0x310
[ 70.605803][ T5033] vfs_write+0x7ec/0xc10
[ 70.610043][ T5033] ? _raw_spin_lock_irqsave+0x120/0x120
[ 70.615592][ T5033] ? file_end_write+0x250/0x250
[ 70.620448][ T5033] ? lockdep_hardirqs_on+0x98/0x140
[ 70.625642][ T5033] ? __fdget_pos+0x265/0x2f0
[ 70.630224][ T5033] ksys_write+0x1a0/0x2c0
[ 70.634554][ T5033] ? __ia32_sys_read+0x90/0x90
[ 70.639319][ T5033] ? syscall_enter_from_user_mode+0x32/0x230
[ 70.645294][ T5033] ? syscall_enter_from_user_mode+0x8c/0x230
[ 70.651269][ T5033] do_syscall_64+0x41/0xc0
[ 70.655683][ T5033] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.661573][ T5033] RIP: 0033:0x7f345c0e09f9
[ 70.665980][ T5033] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5033] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5033] exit_group(0) = ?
[pid 5033] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5033, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/bus") = 0
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./42/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5034
./strace-static-x86_64: Process 5034 attached
[pid 5034] chdir("./43") = 0
[pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5034] setpgid(0, 0) = 0
[pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5034] write(3, "1000", 4) = 4
[pid 5034] close(3) = 0
[ 70.685595][ T5033] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 70.694002][ T5033] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 70.701982][ T5033] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 70.709945][ T5033] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 70.717907][ T5033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 70.725869][ T5033] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000002a
[ 70.733845][ T5033]
[pid 5034] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5034] memfd_create("syzkaller", 0) = 3
[pid 5034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5034] munmap(0x7f3453c93000, 32768) = 0
[pid 5034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5034] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5034] close(3) = 0
[pid 5034] mkdir("./bus", 0777) = 0
[pid 5034] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5034] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5034] chdir("./bus") = 0
[pid 5034] ioctl(4, LOOP_CLR_FD) = 0
[pid 5034] close(4) = 0
[pid 5034] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5034] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5034] write(5, "9", 1) = 1
[ 70.778674][ T5034] loop0: detected capacity change from 0 to 64
[ 70.788638][ T5034] hfs: unable to locate alternate MDB
[ 70.794854][ T5034] hfs: continuing without an alternate MDB
[ 70.808322][ T5034] FAULT_INJECTION: forcing a failure.
[ 70.808322][ T5034] name failslab, interval 1, probability 0, space 0, times 0
[ 70.821105][ T5034] CPU: 0 PID: 5034 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 70.831183][ T5034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 70.841247][ T5034] Call Trace:
[ 70.844522][ T5034]
[ 70.847452][ T5034] dump_stack_lvl+0x1e7/0x2d0
[ 70.852156][ T5034] ? nf_tcp_handle_invalid+0x650/0x650
[ 70.857627][ T5034] ? panic+0x770/0x770
[ 70.861726][ T5034] ? rcu_is_watching+0x15/0xb0
[ 70.866486][ T5034] ? trace_contention_end+0x3c/0xf0
[ 70.871697][ T5034] should_fail_ex+0x3aa/0x4e0
[ 70.876386][ T5034] should_failslab+0x9/0x20
[ 70.880887][ T5034] slab_pre_alloc_hook+0x59/0x2b0
[ 70.885915][ T5034] ? hfs_find_init+0x90/0x1f0
[ 70.890587][ T5034] __kmem_cache_alloc_node+0x4b/0x290
[ 70.895953][ T5034] ? hfs_find_init+0x90/0x1f0
[ 70.900628][ T5034] __kmalloc+0xa8/0x230
[ 70.904785][ T5034] hfs_find_init+0x90/0x1f0
[ 70.909289][ T5034] hfs_extend_file+0x31b/0x1440
[ 70.914145][ T5034] ? hfs_get_block+0xb60/0xb60
[ 70.918912][ T5034] ? find_lock_entries+0x10f0/0x10f0
[ 70.924205][ T5034] ? clean_bdev_aliases+0x7f9/0x920
[ 70.929411][ T5034] hfs_get_block+0x3e4/0xb60
[ 70.934028][ T5034] ? hfs_free_extents+0x420/0x420
[ 70.939059][ T5034] ? _raw_spin_unlock+0x28/0x40
[ 70.943905][ T5034] ? folio_create_buffers+0x132/0x250
[ 70.949273][ T5034] __block_write_begin_int+0x548/0x1a50
[ 70.954819][ T5034] ? folio_add_lru+0x353/0x6f0
[ 70.959593][ T5034] ? hfs_free_extents+0x420/0x420
[ 70.964611][ T5034] ? PageUptodate+0x290/0x290
[ 70.969283][ T5034] ? folio_test_hugetlb+0xa0/0x1d0
[ 70.974408][ T5034] ? pagecache_get_page+0xeb/0x220
[ 70.979554][ T5034] ? hfs_free_extents+0x420/0x420
[ 70.984596][ T5034] block_write_begin+0x9c/0x1f0
[ 70.989451][ T5034] ? cont_write_begin+0x626/0x880
[ 70.994480][ T5034] cont_write_begin+0x643/0x880
[ 70.999341][ T5034] ? fault_in_readable+0x1db/0x350
[ 71.004449][ T5034] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 71.010333][ T5034] ? fault_in_readable+0x21c/0x350
[ 71.015438][ T5034] ? fault_in_safe_writeable+0x260/0x260
[ 71.021069][ T5034] hfs_write_begin+0x8a/0xd0
[ 71.025658][ T5034] ? hfs_free_extents+0x420/0x420
[ 71.030683][ T5034] generic_perform_write+0x300/0x5e0
[ 71.035982][ T5034] ? generic_file_direct_write+0x460/0x460
[ 71.041793][ T5034] ? __file_remove_privs+0x640/0x640
[ 71.047079][ T5034] ? generic_write_checks+0x160/0x1c0
[ 71.052458][ T5034] __generic_file_write_iter+0x17a/0x400
[ 71.058103][ T5034] generic_file_write_iter+0xaf/0x310
[ 71.063473][ T5034] vfs_write+0x7ec/0xc10
[ 71.067723][ T5034] ? _raw_spin_lock_irqsave+0x120/0x120
[ 71.073269][ T5034] ? file_end_write+0x250/0x250
[ 71.078126][ T5034] ? lockdep_hardirqs_on+0x98/0x140
[ 71.083322][ T5034] ? __fdget_pos+0x265/0x2f0
[ 71.087921][ T5034] ksys_write+0x1a0/0x2c0
[ 71.092260][ T5034] ? __ia32_sys_read+0x90/0x90
[ 71.097026][ T5034] ? syscall_enter_from_user_mode+0x32/0x230
[ 71.103007][ T5034] ? syscall_enter_from_user_mode+0x8c/0x230
[ 71.108997][ T5034] do_syscall_64+0x41/0xc0
[ 71.113420][ T5034] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.119307][ T5034] RIP: 0033:0x7f345c0e09f9
[ 71.123716][ T5034] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 71.143341][ T5034] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 71.151751][ T5034] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 71.159714][ T5034] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 71.167691][ T5034] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5034] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5034] exit_group(0) = ?
[pid 5034] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5034, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/bus") = 0
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./43/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 71.175663][ T5034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 71.183629][ T5034] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000002b
[ 71.191608][ T5034]
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5035
./strace-static-x86_64: Process 5035 attached
[pid 5035] chdir("./44") = 0
[pid 5035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5035] setpgid(0, 0) = 0
[pid 5035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5035] write(3, "1000", 4) = 4
[pid 5035] close(3) = 0
[pid 5035] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5035] memfd_create("syzkaller", 0) = 3
[pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5035] munmap(0x7f3453c93000, 32768) = 0
[pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5035] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5035] close(3) = 0
[pid 5035] mkdir("./bus", 0777) = 0
[pid 5035] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5035] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5035] chdir("./bus") = 0
[pid 5035] ioctl(4, LOOP_CLR_FD) = 0
[pid 5035] close(4) = 0
[pid 5035] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5035] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5035] write(5, "9", 1) = 1
[ 71.262667][ T5035] loop0: detected capacity change from 0 to 64
[ 71.272731][ T5035] hfs: unable to locate alternate MDB
[ 71.281772][ T5035] hfs: continuing without an alternate MDB
[ 71.307099][ T5035] FAULT_INJECTION: forcing a failure.
[ 71.307099][ T5035] name failslab, interval 1, probability 0, space 0, times 0
[ 71.321558][ T5035] CPU: 0 PID: 5035 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 71.331644][ T5035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 71.341713][ T5035] Call Trace:
[ 71.345006][ T5035]
[ 71.347948][ T5035] dump_stack_lvl+0x1e7/0x2d0
[ 71.352661][ T5035] ? nf_tcp_handle_invalid+0x650/0x650
[ 71.358144][ T5035] ? panic+0x770/0x770
[ 71.362234][ T5035] ? rcu_is_watching+0x15/0xb0
[ 71.367024][ T5035] ? trace_contention_end+0x3c/0xf0
[ 71.372246][ T5035] should_fail_ex+0x3aa/0x4e0
[ 71.376946][ T5035] should_failslab+0x9/0x20
[ 71.381477][ T5035] slab_pre_alloc_hook+0x59/0x2b0
[ 71.386523][ T5035] ? hfs_find_init+0x90/0x1f0
[ 71.391221][ T5035] __kmem_cache_alloc_node+0x4b/0x290
[ 71.396612][ T5035] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 71.402448][ T5035] ? hfs_find_init+0x90/0x1f0
[ 71.407135][ T5035] __kmalloc+0xa8/0x230
[ 71.411307][ T5035] hfs_find_init+0x90/0x1f0
[ 71.415825][ T5035] hfs_extend_file+0x31b/0x1440
[ 71.420683][ T5035] ? hfs_get_block+0xb60/0xb60
[ 71.425447][ T5035] ? lru_cache_disable+0x30/0x30
[ 71.430380][ T5035] ? __might_sleep+0xc0/0xc0
[ 71.434988][ T5035] ? clean_bdev_aliases+0x80a/0x920
[ 71.440189][ T5035] hfs_get_block+0x3e4/0xb60
[ 71.444783][ T5035] ? hfs_free_extents+0x420/0x420
[ 71.449809][ T5035] ? _raw_spin_unlock+0x28/0x40
[ 71.454650][ T5035] ? folio_create_buffers+0x132/0x250
[ 71.460017][ T5035] __block_write_begin_int+0x548/0x1a50
[ 71.465555][ T5035] ? folio_add_lru+0x353/0x6f0
[ 71.470323][ T5035] ? hfs_free_extents+0x420/0x420
[ 71.475341][ T5035] ? PageUptodate+0x290/0x290
[ 71.480013][ T5035] ? folio_test_hugetlb+0xa0/0x1d0
[ 71.485124][ T5035] ? pagecache_get_page+0xeb/0x220
[ 71.490228][ T5035] ? hfs_free_extents+0x420/0x420
[ 71.495272][ T5035] block_write_begin+0x9c/0x1f0
[ 71.500117][ T5035] ? cont_write_begin+0x626/0x880
[ 71.505137][ T5035] cont_write_begin+0x643/0x880
[ 71.509992][ T5035] ? fault_in_readable+0x1db/0x350
[ 71.515097][ T5035] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 71.520985][ T5035] ? fault_in_readable+0x21c/0x350
[ 71.526089][ T5035] ? fault_in_safe_writeable+0x260/0x260
[ 71.531724][ T5035] hfs_write_begin+0x8a/0xd0
[ 71.536311][ T5035] ? hfs_free_extents+0x420/0x420
[ 71.541333][ T5035] generic_perform_write+0x300/0x5e0
[ 71.546621][ T5035] ? generic_file_direct_write+0x460/0x460
[ 71.552421][ T5035] ? __file_remove_privs+0x640/0x640
[ 71.557702][ T5035] ? generic_write_checks+0x160/0x1c0
[ 71.563071][ T5035] __generic_file_write_iter+0x17a/0x400
[ 71.568700][ T5035] generic_file_write_iter+0xaf/0x310
[ 71.574084][ T5035] vfs_write+0x7ec/0xc10
[ 71.578325][ T5035] ? _raw_spin_lock_irqsave+0x120/0x120
[ 71.583868][ T5035] ? file_end_write+0x250/0x250
[ 71.588727][ T5035] ? lockdep_hardirqs_on+0x98/0x140
[ 71.593920][ T5035] ? __fdget_pos+0x265/0x2f0
[ 71.598506][ T5035] ksys_write+0x1a0/0x2c0
[ 71.602834][ T5035] ? __ia32_sys_read+0x90/0x90
[ 71.607594][ T5035] ? syscall_enter_from_user_mode+0x32/0x230
[ 71.613569][ T5035] ? syscall_enter_from_user_mode+0x8c/0x230
[ 71.619548][ T5035] do_syscall_64+0x41/0xc0
[ 71.623971][ T5035] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.629858][ T5035] RIP: 0033:0x7f345c0e09f9
[ 71.634264][ T5035] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5035] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5035] exit_group(0) = ?
[pid 5035] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5035, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
[ 71.653881][ T5035] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 71.662305][ T5035] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 71.670266][ T5035] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 71.678227][ T5035] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 71.686189][ T5035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 71.694151][ T5035] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000002c
[ 71.702141][ T5035]
umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/bus") = 0
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./44/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5036
./strace-static-x86_64: Process 5036 attached
[pid 5036] chdir("./45") = 0
[pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5036] setpgid(0, 0) = 0
[pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5036] write(3, "1000", 4) = 4
[pid 5036] close(3) = 0
[pid 5036] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5036] memfd_create("syzkaller", 0) = 3
[pid 5036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5036] munmap(0x7f3453c93000, 32768) = 0
[pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5036] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5036] close(3) = 0
[pid 5036] mkdir("./bus", 0777) = 0
[pid 5036] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5036] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5036] chdir("./bus") = 0
[pid 5036] ioctl(4, LOOP_CLR_FD) = 0
[pid 5036] close(4) = 0
[pid 5036] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5036] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5036] write(5, "9", 1) = 1
[ 71.780085][ T5036] loop0: detected capacity change from 0 to 64
[ 71.790951][ T5036] hfs: unable to locate alternate MDB
[ 71.796893][ T5036] hfs: continuing without an alternate MDB
[ 71.825272][ T5036] FAULT_INJECTION: forcing a failure.
[ 71.825272][ T5036] name failslab, interval 1, probability 0, space 0, times 0
[ 71.840240][ T5036] CPU: 1 PID: 5036 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 71.850331][ T5036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 71.860402][ T5036] Call Trace:
[ 71.863700][ T5036]
[ 71.866639][ T5036] dump_stack_lvl+0x1e7/0x2d0
[ 71.871336][ T5036] ? nf_tcp_handle_invalid+0x650/0x650
[ 71.876814][ T5036] ? panic+0x770/0x770
[ 71.880920][ T5036] ? rcu_is_watching+0x15/0xb0
[ 71.885699][ T5036] ? trace_contention_end+0x3c/0xf0
[ 71.890912][ T5036] should_fail_ex+0x3aa/0x4e0
[ 71.895624][ T5036] should_failslab+0x9/0x20
[ 71.900144][ T5036] slab_pre_alloc_hook+0x59/0x2b0
[ 71.905182][ T5036] ? hfs_find_init+0x90/0x1f0
[ 71.909871][ T5036] __kmem_cache_alloc_node+0x4b/0x290
[ 71.915259][ T5036] ? hfs_find_init+0x90/0x1f0
[ 71.919965][ T5036] __kmalloc+0xa8/0x230
[ 71.924138][ T5036] hfs_find_init+0x90/0x1f0
[ 71.928658][ T5036] hfs_extend_file+0x31b/0x1440
[ 71.933531][ T5036] ? hfs_get_block+0xb60/0xb60
[ 71.938315][ T5036] ? find_lock_entries+0x10f0/0x10f0
[ 71.943639][ T5036] ? clean_bdev_aliases+0x7f9/0x920
[ 71.948872][ T5036] hfs_get_block+0x3e4/0xb60
[ 71.953501][ T5036] ? hfs_free_extents+0x420/0x420
[ 71.958549][ T5036] ? _raw_spin_unlock+0x28/0x40
[ 71.963408][ T5036] ? folio_create_buffers+0x132/0x250
[ 71.968801][ T5036] __block_write_begin_int+0x548/0x1a50
[ 71.974361][ T5036] ? folio_add_lru+0x353/0x6f0
[ 71.979159][ T5036] ? hfs_free_extents+0x420/0x420
[ 71.984198][ T5036] ? PageUptodate+0x290/0x290
[ 71.988891][ T5036] ? folio_test_hugetlb+0xa0/0x1d0
[ 71.994020][ T5036] ? pagecache_get_page+0xeb/0x220
[ 71.999149][ T5036] ? hfs_free_extents+0x420/0x420
[ 72.004185][ T5036] block_write_begin+0x9c/0x1f0
[ 72.009067][ T5036] ? cont_write_begin+0x626/0x880
[ 72.014125][ T5036] cont_write_begin+0x643/0x880
[ 72.019007][ T5036] ? fault_in_readable+0x1db/0x350
[ 72.024131][ T5036] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 72.030037][ T5036] ? fault_in_readable+0x21c/0x350
[ 72.035174][ T5036] ? fault_in_safe_writeable+0x260/0x260
[ 72.040835][ T5036] hfs_write_begin+0x8a/0xd0
[ 72.045444][ T5036] ? hfs_free_extents+0x420/0x420
[ 72.050490][ T5036] generic_perform_write+0x300/0x5e0
[ 72.055804][ T5036] ? generic_file_direct_write+0x460/0x460
[ 72.061624][ T5036] ? __file_remove_privs+0x640/0x640
[ 72.066922][ T5036] ? generic_write_checks+0x160/0x1c0
[ 72.072314][ T5036] __generic_file_write_iter+0x17a/0x400
[ 72.077978][ T5036] generic_file_write_iter+0xaf/0x310
[ 72.083373][ T5036] vfs_write+0x7ec/0xc10
[ 72.087633][ T5036] ? _raw_spin_lock_irqsave+0x120/0x120
[ 72.093202][ T5036] ? file_end_write+0x250/0x250
[ 72.098080][ T5036] ? lockdep_hardirqs_on+0x98/0x140
[ 72.103298][ T5036] ? __fdget_pos+0x265/0x2f0
[ 72.107899][ T5036] ksys_write+0x1a0/0x2c0
[ 72.112250][ T5036] ? __ia32_sys_read+0x90/0x90
[ 72.117029][ T5036] ? syscall_enter_from_user_mode+0x32/0x230
[ 72.123026][ T5036] ? syscall_enter_from_user_mode+0x8c/0x230
[ 72.129025][ T5036] do_syscall_64+0x41/0xc0
[ 72.133468][ T5036] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.139375][ T5036] RIP: 0033:0x7f345c0e09f9
[ 72.143803][ T5036] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 72.163413][ T5036] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5036] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5036] exit_group(0) = ?
[pid 5036] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5036, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/bus") = 0
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./45/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5037
./strace-static-x86_64: Process 5037 attached
[pid 5037] chdir("./46") = 0
[pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5037] setpgid(0, 0) = 0
[pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5037] write(3, "1000", 4) = 4
[pid 5037] close(3) = 0
[pid 5037] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5037] memfd_create("syzkaller", 0) = 3
[pid 5037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[ 72.171844][ T5036] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 72.179804][ T5036] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 72.187782][ T5036] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 72.195739][ T5036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 72.203708][ T5036] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000002d
[ 72.211686][ T5036]
[pid 5037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5037] munmap(0x7f3453c93000, 32768) = 0
[pid 5037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5037] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5037] close(3) = 0
[pid 5037] mkdir("./bus", 0777) = 0
[pid 5037] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5037] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5037] chdir("./bus") = 0
[pid 5037] ioctl(4, LOOP_CLR_FD) = 0
[pid 5037] close(4) = 0
[pid 5037] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5037] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5037] write(5, "9", 1) = 1
[pid 5037] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5037] exit_group(0) = ?
[pid 5037] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5037, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/bus") = 0
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./46/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 72.260244][ T5037] loop0: detected capacity change from 0 to 64
[ 72.270026][ T5037] hfs: unable to locate alternate MDB
[ 72.275735][ T5037] hfs: continuing without an alternate MDB
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5038
./strace-static-x86_64: Process 5038 attached
[pid 5038] chdir("./47") = 0
[pid 5038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5038] setpgid(0, 0) = 0
[pid 5038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5038] write(3, "1000", 4) = 4
[pid 5038] close(3) = 0
[pid 5038] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5038] memfd_create("syzkaller", 0) = 3
[pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5038] munmap(0x7f3453c93000, 32768) = 0
[pid 5038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5038] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5038] close(3) = 0
[pid 5038] mkdir("./bus", 0777) = 0
[pid 5038] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5038] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5038] chdir("./bus") = 0
[pid 5038] ioctl(4, LOOP_CLR_FD) = 0
[pid 5038] close(4) = 0
[pid 5038] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5038] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5038] write(5, "9", 1) = 1
[ 72.329817][ T5038] loop0: detected capacity change from 0 to 64
[ 72.348910][ T5038] hfs: unable to locate alternate MDB
[ 72.354561][ T5038] hfs: continuing without an alternate MDB
[ 72.370497][ T5038] FAULT_INJECTION: forcing a failure.
[ 72.370497][ T5038] name failslab, interval 1, probability 0, space 0, times 0
[ 72.383561][ T5038] CPU: 1 PID: 5038 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 72.393636][ T5038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 72.403674][ T5038] Call Trace:
[ 72.406956][ T5038]
[ 72.409876][ T5038] dump_stack_lvl+0x1e7/0x2d0
[ 72.414549][ T5038] ? nf_tcp_handle_invalid+0x650/0x650
[ 72.420001][ T5038] ? panic+0x770/0x770
[ 72.424054][ T5038] ? rcu_is_watching+0x15/0xb0
[ 72.428801][ T5038] ? trace_contention_end+0x3c/0xf0
[ 72.433986][ T5038] should_fail_ex+0x3aa/0x4e0
[ 72.438650][ T5038] should_failslab+0x9/0x20
[ 72.443144][ T5038] slab_pre_alloc_hook+0x59/0x2b0
[ 72.448188][ T5038] ? hfs_find_init+0x90/0x1f0
[ 72.452857][ T5038] __kmem_cache_alloc_node+0x4b/0x290
[ 72.458245][ T5038] ? hfs_find_init+0x90/0x1f0
[ 72.462918][ T5038] __kmalloc+0xa8/0x230
[ 72.467070][ T5038] hfs_find_init+0x90/0x1f0
[ 72.471567][ T5038] hfs_extend_file+0x31b/0x1440
[ 72.476420][ T5038] ? hfs_get_block+0xb60/0xb60
[ 72.481188][ T5038] ? find_lock_entries+0x10f0/0x10f0
[ 72.486494][ T5038] ? clean_bdev_aliases+0x7f9/0x920
[ 72.491696][ T5038] hfs_get_block+0x3e4/0xb60
[ 72.496297][ T5038] ? hfs_free_extents+0x420/0x420
[ 72.501326][ T5038] ? _raw_spin_unlock+0x28/0x40
[ 72.506170][ T5038] ? folio_create_buffers+0x132/0x250
[ 72.511555][ T5038] __block_write_begin_int+0x548/0x1a50
[ 72.517101][ T5038] ? folio_add_lru+0x353/0x6f0
[ 72.521872][ T5038] ? hfs_free_extents+0x420/0x420
[ 72.526891][ T5038] ? PageUptodate+0x290/0x290
[ 72.531559][ T5038] ? folio_test_hugetlb+0xa0/0x1d0
[ 72.536686][ T5038] ? pagecache_get_page+0xeb/0x220
[ 72.541789][ T5038] ? hfs_free_extents+0x420/0x420
[ 72.546810][ T5038] block_write_begin+0x9c/0x1f0
[ 72.551651][ T5038] ? cont_write_begin+0x626/0x880
[ 72.556675][ T5038] cont_write_begin+0x643/0x880
[ 72.561523][ T5038] ? fault_in_readable+0x1db/0x350
[ 72.566624][ T5038] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 72.572506][ T5038] ? fault_in_readable+0x21c/0x350
[ 72.577618][ T5038] ? fault_in_safe_writeable+0x260/0x260
[ 72.583249][ T5038] hfs_write_begin+0x8a/0xd0
[ 72.587832][ T5038] ? hfs_free_extents+0x420/0x420
[ 72.592855][ T5038] generic_perform_write+0x300/0x5e0
[ 72.598140][ T5038] ? generic_file_direct_write+0x460/0x460
[ 72.603943][ T5038] ? __file_remove_privs+0x640/0x640
[ 72.609225][ T5038] ? generic_write_checks+0x160/0x1c0
[ 72.614592][ T5038] __generic_file_write_iter+0x17a/0x400
[ 72.620223][ T5038] generic_file_write_iter+0xaf/0x310
[ 72.625587][ T5038] vfs_write+0x7ec/0xc10
[ 72.629827][ T5038] ? _raw_spin_lock_irqsave+0x120/0x120
[ 72.635374][ T5038] ? file_end_write+0x250/0x250
[ 72.640230][ T5038] ? lockdep_hardirqs_on+0x98/0x140
[ 72.645423][ T5038] ? __fdget_pos+0x265/0x2f0
[ 72.650008][ T5038] ksys_write+0x1a0/0x2c0
[ 72.654336][ T5038] ? __ia32_sys_read+0x90/0x90
[ 72.659100][ T5038] ? syscall_enter_from_user_mode+0x32/0x230
[ 72.665094][ T5038] ? syscall_enter_from_user_mode+0x8c/0x230
[ 72.671069][ T5038] do_syscall_64+0x41/0xc0
[ 72.675485][ T5038] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.681373][ T5038] RIP: 0033:0x7f345c0e09f9
[ 72.685782][ T5038] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 72.705397][ T5038] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 72.713807][ T5038] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 72.721770][ T5038] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5038] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5038] exit_group(0) = ?
[pid 5038] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5038, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/bus") = 0
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./47/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 72.729731][ T5038] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 72.737695][ T5038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 72.745660][ T5038] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 000000000000002f
[ 72.753632][ T5038]
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5039
./strace-static-x86_64: Process 5039 attached
[pid 5039] chdir("./48") = 0
[pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5039] setpgid(0, 0) = 0
[pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5039] write(3, "1000", 4) = 4
[pid 5039] close(3) = 0
[pid 5039] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5039] memfd_create("syzkaller", 0) = 3
[pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5039] munmap(0x7f3453c93000, 32768) = 0
[pid 5039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5039] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5039] close(3) = 0
[pid 5039] mkdir("./bus", 0777) = 0
[pid 5039] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5039] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5039] chdir("./bus") = 0
[pid 5039] ioctl(4, LOOP_CLR_FD) = 0
[pid 5039] close(4) = 0
[pid 5039] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5039] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5039] write(5, "9", 1) = 1
[ 72.803031][ T5039] loop0: detected capacity change from 0 to 64
[ 72.812790][ T5039] hfs: unable to locate alternate MDB
[ 72.818191][ T5039] hfs: continuing without an alternate MDB
[ 72.831987][ T5039] FAULT_INJECTION: forcing a failure.
[ 72.831987][ T5039] name failslab, interval 1, probability 0, space 0, times 0
[ 72.845106][ T5039] CPU: 0 PID: 5039 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 72.855189][ T5039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 72.865232][ T5039] Call Trace:
[ 72.868502][ T5039]
[ 72.871421][ T5039] dump_stack_lvl+0x1e7/0x2d0
[ 72.876092][ T5039] ? nf_tcp_handle_invalid+0x650/0x650
[ 72.881540][ T5039] ? panic+0x770/0x770
[ 72.885618][ T5039] ? rcu_is_watching+0x15/0xb0
[ 72.890369][ T5039] ? trace_contention_end+0x3c/0xf0
[ 72.895575][ T5039] should_fail_ex+0x3aa/0x4e0
[ 72.900239][ T5039] should_failslab+0x9/0x20
[ 72.904730][ T5039] slab_pre_alloc_hook+0x59/0x2b0
[ 72.909741][ T5039] ? hfs_find_init+0x90/0x1f0
[ 72.914405][ T5039] __kmem_cache_alloc_node+0x4b/0x290
[ 72.919767][ T5039] ? hfs_find_init+0x90/0x1f0
[ 72.924430][ T5039] __kmalloc+0xa8/0x230
[ 72.928769][ T5039] hfs_find_init+0x90/0x1f0
[ 72.933263][ T5039] hfs_extend_file+0x31b/0x1440
[ 72.938111][ T5039] ? hfs_get_block+0xb60/0xb60
[ 72.942864][ T5039] ? find_lock_entries+0x10f0/0x10f0
[ 72.948142][ T5039] ? clean_bdev_aliases+0x7f9/0x920
[ 72.953326][ T5039] hfs_get_block+0x3e4/0xb60
[ 72.957915][ T5039] ? hfs_free_extents+0x420/0x420
[ 72.962929][ T5039] ? _raw_spin_unlock+0x28/0x40
[ 72.967772][ T5039] ? folio_create_buffers+0x132/0x250
[ 72.973135][ T5039] __block_write_begin_int+0x548/0x1a50
[ 72.978668][ T5039] ? folio_add_lru+0x353/0x6f0
[ 72.983438][ T5039] ? hfs_free_extents+0x420/0x420
[ 72.988449][ T5039] ? PageUptodate+0x290/0x290
[ 72.993111][ T5039] ? folio_test_hugetlb+0xa0/0x1d0
[ 72.998214][ T5039] ? pagecache_get_page+0xeb/0x220
[ 73.003310][ T5039] ? hfs_free_extents+0x420/0x420
[ 73.008334][ T5039] block_write_begin+0x9c/0x1f0
[ 73.013171][ T5039] ? cont_write_begin+0x626/0x880
[ 73.018185][ T5039] cont_write_begin+0x643/0x880
[ 73.023028][ T5039] ? fault_in_readable+0x1db/0x350
[ 73.028124][ T5039] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 73.034001][ T5039] ? fault_in_readable+0x21c/0x350
[ 73.039095][ T5039] ? fault_in_safe_writeable+0x260/0x260
[ 73.044716][ T5039] hfs_write_begin+0x8a/0xd0
[ 73.049381][ T5039] ? hfs_free_extents+0x420/0x420
[ 73.054396][ T5039] generic_perform_write+0x300/0x5e0
[ 73.059678][ T5039] ? generic_file_direct_write+0x460/0x460
[ 73.065472][ T5039] ? __file_remove_privs+0x640/0x640
[ 73.070744][ T5039] ? generic_write_checks+0x160/0x1c0
[ 73.076103][ T5039] __generic_file_write_iter+0x17a/0x400
[ 73.081737][ T5039] generic_file_write_iter+0xaf/0x310
[ 73.087104][ T5039] vfs_write+0x7ec/0xc10
[ 73.091337][ T5039] ? _raw_spin_lock_irqsave+0x120/0x120
[ 73.096927][ T5039] ? file_end_write+0x250/0x250
[ 73.101828][ T5039] ? lockdep_hardirqs_on+0x98/0x140
[ 73.107116][ T5039] ? __fdget_pos+0x265/0x2f0
[ 73.111711][ T5039] ksys_write+0x1a0/0x2c0
[ 73.116050][ T5039] ? __ia32_sys_read+0x90/0x90
[ 73.120802][ T5039] ? syscall_enter_from_user_mode+0x32/0x230
[ 73.126776][ T5039] ? syscall_enter_from_user_mode+0x8c/0x230
[ 73.132745][ T5039] do_syscall_64+0x41/0xc0
[ 73.137150][ T5039] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 73.143032][ T5039] RIP: 0033:0x7f345c0e09f9
[ 73.147435][ T5039] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 73.167027][ T5039] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 73.175603][ T5039] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 73.183647][ T5039] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 73.191603][ T5039] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5039] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5039] exit_group(0) = ?
[pid 5039] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/bus") = 0
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./48/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5040
./strace-static-x86_64: Process 5040 attached
[pid 5040] chdir("./49") = 0
[pid 5040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5040] setpgid(0, 0) = 0
[pid 5040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5040] write(3, "1000", 4) = 4
[pid 5040] close(3) = 0
[pid 5040] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5040] memfd_create("syzkaller", 0) = 3
[pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5040] munmap(0x7f3453c93000, 32768) = 0
[pid 5040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 73.199570][ T5039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 73.207525][ T5039] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000030
[ 73.215507][ T5039]
[pid 5040] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5040] close(3) = 0
[pid 5040] mkdir("./bus", 0777) = 0
[pid 5040] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5040] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5040] chdir("./bus") = 0
[pid 5040] ioctl(4, LOOP_CLR_FD) = 0
[pid 5040] close(4) = 0
[pid 5040] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5040] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5040] write(5, "9", 1) = 1
[ 73.252519][ T5040] loop0: detected capacity change from 0 to 64
[ 73.262080][ T5040] hfs: unable to locate alternate MDB
[ 73.267756][ T5040] hfs: continuing without an alternate MDB
[ 73.287633][ T5040] FAULT_INJECTION: forcing a failure.
[ 73.287633][ T5040] name failslab, interval 1, probability 0, space 0, times 0
[ 73.300433][ T5040] CPU: 1 PID: 5040 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 73.310508][ T5040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 73.320552][ T5040] Call Trace:
[ 73.323822][ T5040]
[ 73.326754][ T5040] dump_stack_lvl+0x1e7/0x2d0
[ 73.331452][ T5040] ? nf_tcp_handle_invalid+0x650/0x650
[ 73.336903][ T5040] ? panic+0x770/0x770
[ 73.340967][ T5040] ? rcu_is_watching+0x15/0xb0
[ 73.345720][ T5040] ? trace_contention_end+0x3c/0xf0
[ 73.350908][ T5040] should_fail_ex+0x3aa/0x4e0
[ 73.355577][ T5040] should_failslab+0x9/0x20
[ 73.360080][ T5040] slab_pre_alloc_hook+0x59/0x2b0
[ 73.365113][ T5040] ? hfs_find_init+0x90/0x1f0
[ 73.369781][ T5040] __kmem_cache_alloc_node+0x4b/0x290
[ 73.375146][ T5040] ? hfs_find_init+0x90/0x1f0
[ 73.379812][ T5040] __kmalloc+0xa8/0x230
[ 73.383959][ T5040] hfs_find_init+0x90/0x1f0
[ 73.388467][ T5040] hfs_extend_file+0x31b/0x1440
[ 73.393351][ T5040] ? hfs_get_block+0xb60/0xb60
[ 73.398108][ T5040] ? find_lock_entries+0x10f0/0x10f0
[ 73.403408][ T5040] ? clean_bdev_aliases+0x7f9/0x920
[ 73.408621][ T5040] hfs_get_block+0x3e4/0xb60
[ 73.413229][ T5040] ? hfs_free_extents+0x420/0x420
[ 73.418254][ T5040] ? _raw_spin_unlock+0x28/0x40
[ 73.423095][ T5040] ? folio_create_buffers+0x132/0x250
[ 73.428458][ T5040] __block_write_begin_int+0x548/0x1a50
[ 73.433988][ T5040] ? folio_add_lru+0x353/0x6f0
[ 73.438751][ T5040] ? hfs_free_extents+0x420/0x420
[ 73.443775][ T5040] ? PageUptodate+0x290/0x290
[ 73.448477][ T5040] ? folio_test_hugetlb+0xa0/0x1d0
[ 73.453582][ T5040] ? pagecache_get_page+0xeb/0x220
[ 73.458704][ T5040] ? hfs_free_extents+0x420/0x420
[ 73.463729][ T5040] block_write_begin+0x9c/0x1f0
[ 73.468584][ T5040] ? cont_write_begin+0x626/0x880
[ 73.473599][ T5040] cont_write_begin+0x643/0x880
[ 73.478445][ T5040] ? fault_in_readable+0x1db/0x350
[ 73.483544][ T5040] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 73.489432][ T5040] ? fault_in_readable+0x21c/0x350
[ 73.494548][ T5040] ? fault_in_safe_writeable+0x260/0x260
[ 73.500187][ T5040] hfs_write_begin+0x8a/0xd0
[ 73.504785][ T5040] ? hfs_free_extents+0x420/0x420
[ 73.509811][ T5040] generic_perform_write+0x300/0x5e0
[ 73.515107][ T5040] ? generic_file_direct_write+0x460/0x460
[ 73.520921][ T5040] ? __file_remove_privs+0x640/0x640
[ 73.526196][ T5040] ? generic_write_checks+0x160/0x1c0
[ 73.531563][ T5040] __generic_file_write_iter+0x17a/0x400
[ 73.537188][ T5040] generic_file_write_iter+0xaf/0x310
[ 73.542572][ T5040] vfs_write+0x7ec/0xc10
[ 73.546812][ T5040] ? _raw_spin_lock_irqsave+0x120/0x120
[ 73.552350][ T5040] ? file_end_write+0x250/0x250
[ 73.557196][ T5040] ? lockdep_hardirqs_on+0x98/0x140
[ 73.562384][ T5040] ? __fdget_pos+0x265/0x2f0
[ 73.566965][ T5040] ksys_write+0x1a0/0x2c0
[ 73.571291][ T5040] ? __ia32_sys_read+0x90/0x90
[ 73.576047][ T5040] ? syscall_enter_from_user_mode+0x32/0x230
[ 73.582017][ T5040] ? syscall_enter_from_user_mode+0x8c/0x230
[ 73.587987][ T5040] do_syscall_64+0x41/0xc0
[ 73.592396][ T5040] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 73.598282][ T5040] RIP: 0033:0x7f345c0e09f9
[ 73.602695][ T5040] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 73.622324][ T5040] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 73.630736][ T5040] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 73.638714][ T5040] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 73.646687][ T5040] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5040] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5040] exit_group(0) = ?
[pid 5040] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5040, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/bus") = 0
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./49/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5041
./strace-static-x86_64: Process 5041 attached
[pid 5041] chdir("./50") = 0
[pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5041] setpgid(0, 0) = 0
[pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5041] write(3, "1000", 4) = 4
[pid 5041] close(3) = 0
[pid 5041] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5041] memfd_create("syzkaller", 0) = 3
[pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5041] munmap(0x7f3453c93000, 32768) = 0
[pid 5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 73.654646][ T5040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 73.662607][ T5040] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000031
[ 73.670576][ T5040]
[pid 5041] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5041] close(3) = 0
[pid 5041] mkdir("./bus", 0777) = 0
[pid 5041] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5041] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5041] chdir("./bus") = 0
[pid 5041] ioctl(4, LOOP_CLR_FD) = 0
[pid 5041] close(4) = 0
[pid 5041] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5041] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5041] write(5, "9", 1) = 1
[ 73.711548][ T5041] loop0: detected capacity change from 0 to 64
[ 73.720385][ T5041] hfs: unable to locate alternate MDB
[ 73.726393][ T5041] hfs: continuing without an alternate MDB
[ 73.739166][ T5041] FAULT_INJECTION: forcing a failure.
[ 73.739166][ T5041] name failslab, interval 1, probability 0, space 0, times 0
[ 73.752234][ T5041] CPU: 0 PID: 5041 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 73.762328][ T5041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 73.772374][ T5041] Call Trace:
[ 73.775643][ T5041]
[ 73.778561][ T5041] dump_stack_lvl+0x1e7/0x2d0
[ 73.783239][ T5041] ? nf_tcp_handle_invalid+0x650/0x650
[ 73.788699][ T5041] ? panic+0x770/0x770
[ 73.792781][ T5041] ? rcu_is_watching+0x15/0xb0
[ 73.797538][ T5041] ? trace_contention_end+0x3c/0xf0
[ 73.802736][ T5041] should_fail_ex+0x3aa/0x4e0
[ 73.807412][ T5041] should_failslab+0x9/0x20
[ 73.811909][ T5041] slab_pre_alloc_hook+0x59/0x2b0
[ 73.816935][ T5041] ? hfs_find_init+0x90/0x1f0
[ 73.821610][ T5041] __kmem_cache_alloc_node+0x4b/0x290
[ 73.826986][ T5041] ? hfs_find_init+0x90/0x1f0
[ 73.831672][ T5041] __kmalloc+0xa8/0x230
[ 73.835835][ T5041] hfs_find_init+0x90/0x1f0
[ 73.840336][ T5041] hfs_extend_file+0x31b/0x1440
[ 73.845190][ T5041] ? hfs_get_block+0xb60/0xb60
[ 73.849953][ T5041] ? find_lock_entries+0x10f0/0x10f0
[ 73.855280][ T5041] ? clean_bdev_aliases+0x7f9/0x920
[ 73.860529][ T5041] hfs_get_block+0x3e4/0xb60
[ 73.865136][ T5041] ? hfs_free_extents+0x420/0x420
[ 73.870175][ T5041] ? _raw_spin_unlock+0x28/0x40
[ 73.875025][ T5041] ? folio_create_buffers+0x132/0x250
[ 73.880394][ T5041] __block_write_begin_int+0x548/0x1a50
[ 73.885932][ T5041] ? folio_add_lru+0x353/0x6f0
[ 73.890706][ T5041] ? hfs_free_extents+0x420/0x420
[ 73.895735][ T5041] ? PageUptodate+0x290/0x290
[ 73.900422][ T5041] ? folio_test_hugetlb+0xa0/0x1d0
[ 73.905531][ T5041] ? pagecache_get_page+0xeb/0x220
[ 73.910638][ T5041] ? hfs_free_extents+0x420/0x420
[ 73.915655][ T5041] block_write_begin+0x9c/0x1f0
[ 73.920495][ T5041] ? cont_write_begin+0x626/0x880
[ 73.925519][ T5041] cont_write_begin+0x643/0x880
[ 73.930368][ T5041] ? fault_in_readable+0x1db/0x350
[ 73.935472][ T5041] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 73.941361][ T5041] ? fault_in_readable+0x21c/0x350
[ 73.946483][ T5041] ? fault_in_safe_writeable+0x260/0x260
[ 73.952127][ T5041] hfs_write_begin+0x8a/0xd0
[ 73.956728][ T5041] ? hfs_free_extents+0x420/0x420
[ 73.961766][ T5041] generic_perform_write+0x300/0x5e0
[ 73.967059][ T5041] ? generic_file_direct_write+0x460/0x460
[ 73.972860][ T5041] ? __file_remove_privs+0x640/0x640
[ 73.978158][ T5041] ? generic_write_checks+0x160/0x1c0
[ 73.983532][ T5041] __generic_file_write_iter+0x17a/0x400
[ 73.989166][ T5041] generic_file_write_iter+0xaf/0x310
[ 73.994546][ T5041] vfs_write+0x7ec/0xc10
[ 73.998794][ T5041] ? _raw_spin_lock_irqsave+0x120/0x120
[ 74.004338][ T5041] ? file_end_write+0x250/0x250
[ 74.009193][ T5041] ? lockdep_hardirqs_on+0x98/0x140
[ 74.014398][ T5041] ? __fdget_pos+0x265/0x2f0
[ 74.018988][ T5041] ksys_write+0x1a0/0x2c0
[ 74.023319][ T5041] ? __ia32_sys_read+0x90/0x90
[ 74.028098][ T5041] ? syscall_enter_from_user_mode+0x32/0x230
[ 74.034071][ T5041] ? syscall_enter_from_user_mode+0x8c/0x230
[ 74.040044][ T5041] do_syscall_64+0x41/0xc0
[ 74.044460][ T5041] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.050345][ T5041] RIP: 0033:0x7f345c0e09f9
[ 74.054753][ T5041] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 74.074351][ T5041] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 74.082768][ T5041] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 74.090735][ T5041] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 74.098702][ T5041] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5041] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5041] exit_group(0) = ?
[pid 5041] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./50/bus") = 0
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./50/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5042
./strace-static-x86_64: Process 5042 attached
[pid 5042] chdir("./51") = 0
[pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5042] setpgid(0, 0) = 0
[pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5042] write(3, "1000", 4) = 4
[pid 5042] close(3) = 0
[pid 5042] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5042] memfd_create("syzkaller", 0) = 3
[pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5042] munmap(0x7f3453c93000, 32768) = 0
[pid 5042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 74.106671][ T5041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 74.114640][ T5041] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000032
[ 74.122625][ T5041]
[pid 5042] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5042] close(3) = 0
[pid 5042] mkdir("./bus", 0777) = 0
[pid 5042] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5042] chdir("./bus") = 0
[pid 5042] ioctl(4, LOOP_CLR_FD) = 0
[pid 5042] close(4) = 0
[pid 5042] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5042] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5042] write(5, "9", 1) = 1
[ 74.153832][ T5042] loop0: detected capacity change from 0 to 64
[ 74.165811][ T5042] hfs: unable to locate alternate MDB
[ 74.171614][ T5042] hfs: continuing without an alternate MDB
[ 74.188021][ T5042] FAULT_INJECTION: forcing a failure.
[ 74.188021][ T5042] name failslab, interval 1, probability 0, space 0, times 0
[ 74.200760][ T5042] CPU: 1 PID: 5042 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 74.210839][ T5042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 74.220878][ T5042] Call Trace:
[ 74.224143][ T5042]
[ 74.227073][ T5042] dump_stack_lvl+0x1e7/0x2d0
[ 74.231761][ T5042] ? nf_tcp_handle_invalid+0x650/0x650
[ 74.237209][ T5042] ? panic+0x770/0x770
[ 74.241272][ T5042] ? rcu_is_watching+0x15/0xb0
[ 74.246023][ T5042] ? trace_contention_end+0x3c/0xf0
[ 74.251212][ T5042] should_fail_ex+0x3aa/0x4e0
[ 74.255880][ T5042] should_failslab+0x9/0x20
[ 74.260391][ T5042] slab_pre_alloc_hook+0x59/0x2b0
[ 74.265410][ T5042] ? hfs_find_init+0x90/0x1f0
[ 74.270085][ T5042] __kmem_cache_alloc_node+0x4b/0x290
[ 74.275443][ T5042] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 74.281242][ T5042] ? hfs_find_init+0x90/0x1f0
[ 74.285925][ T5042] __kmalloc+0xa8/0x230
[ 74.290089][ T5042] hfs_find_init+0x90/0x1f0
[ 74.294582][ T5042] hfs_extend_file+0x31b/0x1440
[ 74.299456][ T5042] ? hfs_get_block+0xb60/0xb60
[ 74.304219][ T5042] ? lru_cache_disable+0x30/0x30
[ 74.309149][ T5042] ? __might_sleep+0xc0/0xc0
[ 74.313736][ T5042] ? clean_bdev_aliases+0x80a/0x920
[ 74.318926][ T5042] hfs_get_block+0x3e4/0xb60
[ 74.323532][ T5042] ? hfs_free_extents+0x420/0x420
[ 74.328570][ T5042] ? _raw_spin_unlock+0x28/0x40
[ 74.333406][ T5042] ? folio_create_buffers+0x132/0x250
[ 74.338767][ T5042] __block_write_begin_int+0x548/0x1a50
[ 74.344299][ T5042] ? folio_add_lru+0x353/0x6f0
[ 74.349127][ T5042] ? hfs_free_extents+0x420/0x420
[ 74.354158][ T5042] ? PageUptodate+0x290/0x290
[ 74.358823][ T5042] ? folio_test_hugetlb+0xa0/0x1d0
[ 74.363935][ T5042] ? pagecache_get_page+0xeb/0x220
[ 74.369049][ T5042] ? hfs_free_extents+0x420/0x420
[ 74.374082][ T5042] block_write_begin+0x9c/0x1f0
[ 74.378926][ T5042] ? cont_write_begin+0x626/0x880
[ 74.383941][ T5042] cont_write_begin+0x643/0x880
[ 74.388877][ T5042] ? fault_in_readable+0x1db/0x350
[ 74.393977][ T5042] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 74.399856][ T5042] ? fault_in_readable+0x21c/0x350
[ 74.404956][ T5042] ? fault_in_safe_writeable+0x260/0x260
[ 74.410580][ T5042] hfs_write_begin+0x8a/0xd0
[ 74.415167][ T5042] ? hfs_free_extents+0x420/0x420
[ 74.420197][ T5042] generic_perform_write+0x300/0x5e0
[ 74.425476][ T5042] ? generic_file_direct_write+0x460/0x460
[ 74.431281][ T5042] ? __file_remove_privs+0x640/0x640
[ 74.436585][ T5042] ? generic_write_checks+0x160/0x1c0
[ 74.441974][ T5042] __generic_file_write_iter+0x17a/0x400
[ 74.447636][ T5042] generic_file_write_iter+0xaf/0x310
[ 74.453003][ T5042] vfs_write+0x7ec/0xc10
[ 74.457242][ T5042] ? _raw_spin_lock_irqsave+0x120/0x120
[ 74.462778][ T5042] ? file_end_write+0x250/0x250
[ 74.467641][ T5042] ? lockdep_hardirqs_on+0x98/0x140
[ 74.472847][ T5042] ? __fdget_pos+0x265/0x2f0
[ 74.477436][ T5042] ksys_write+0x1a0/0x2c0
[ 74.481761][ T5042] ? __ia32_sys_read+0x90/0x90
[ 74.486525][ T5042] ? syscall_enter_from_user_mode+0x32/0x230
[ 74.492515][ T5042] ? syscall_enter_from_user_mode+0x8c/0x230
[ 74.498501][ T5042] do_syscall_64+0x41/0xc0
[ 74.502928][ T5042] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.508806][ T5042] RIP: 0033:0x7f345c0e09f9
[ 74.513209][ T5042] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 74.532816][ T5042] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 74.541216][ T5042] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[pid 5042] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5042] exit_group(0) = ?
[pid 5042] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/bus") = 0
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./51/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5043
./strace-static-x86_64: Process 5043 attached
[pid 5043] chdir("./52") = 0
[pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5043] setpgid(0, 0) = 0
[pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5043] write(3, "1000", 4) = 4
[pid 5043] close(3) = 0
[pid 5043] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5043] memfd_create("syzkaller", 0) = 3
[pid 5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5043] munmap(0x7f3453c93000, 32768) = 0
[pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 74.549179][ T5042] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 74.557135][ T5042] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 74.565090][ T5042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 74.573051][ T5042] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000033
[ 74.581020][ T5042]
[pid 5043] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5043] close(3) = 0
[pid 5043] mkdir("./bus", 0777) = 0
[pid 5043] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5043] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5043] chdir("./bus") = 0
[pid 5043] ioctl(4, LOOP_CLR_FD) = 0
[pid 5043] close(4) = 0
[pid 5043] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5043] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5043] write(5, "9", 1) = 1
[pid 5043] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5043] exit_group(0) = ?
[pid 5043] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5043, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./52/bus") = 0
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./52/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 74.630073][ T5043] loop0: detected capacity change from 0 to 64
[ 74.639177][ T5043] hfs: unable to locate alternate MDB
[ 74.644908][ T5043] hfs: continuing without an alternate MDB
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5044
./strace-static-x86_64: Process 5044 attached
[pid 5044] chdir("./53") = 0
[pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5044] setpgid(0, 0) = 0
[pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5044] write(3, "1000", 4) = 4
[pid 5044] close(3) = 0
[pid 5044] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5044] memfd_create("syzkaller", 0) = 3
[pid 5044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5044] munmap(0x7f3453c93000, 32768) = 0
[pid 5044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5044] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5044] close(3) = 0
[pid 5044] mkdir("./bus", 0777) = 0
[pid 5044] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5044] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5044] chdir("./bus") = 0
[pid 5044] ioctl(4, LOOP_CLR_FD) = 0
[pid 5044] close(4) = 0
[pid 5044] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5044] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5044] write(5, "9", 1) = 1
[ 74.704063][ T5044] loop0: detected capacity change from 0 to 64
[ 74.713254][ T5044] hfs: unable to locate alternate MDB
[ 74.718883][ T5044] hfs: continuing without an alternate MDB
[ 74.735451][ T5044] FAULT_INJECTION: forcing a failure.
[ 74.735451][ T5044] name failslab, interval 1, probability 0, space 0, times 0
[ 74.748433][ T5044] CPU: 1 PID: 5044 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 74.758486][ T5044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 74.768528][ T5044] Call Trace:
[ 74.771791][ T5044]
[ 74.774709][ T5044] dump_stack_lvl+0x1e7/0x2d0
[ 74.779379][ T5044] ? nf_tcp_handle_invalid+0x650/0x650
[ 74.784837][ T5044] ? panic+0x770/0x770
[ 74.788891][ T5044] ? rcu_is_watching+0x15/0xb0
[ 74.793646][ T5044] ? trace_contention_end+0x3c/0xf0
[ 74.798836][ T5044] should_fail_ex+0x3aa/0x4e0
[ 74.803512][ T5044] should_failslab+0x9/0x20
[ 74.808013][ T5044] slab_pre_alloc_hook+0x59/0x2b0
[ 74.813034][ T5044] ? hfs_find_init+0x90/0x1f0
[ 74.817708][ T5044] __kmem_cache_alloc_node+0x4b/0x290
[ 74.823073][ T5044] ? hfs_find_init+0x90/0x1f0
[ 74.827768][ T5044] __kmalloc+0xa8/0x230
[ 74.831933][ T5044] hfs_find_init+0x90/0x1f0
[ 74.836441][ T5044] hfs_extend_file+0x31b/0x1440
[ 74.841299][ T5044] ? hfs_get_block+0xb60/0xb60
[ 74.846091][ T5044] ? find_lock_entries+0x10f0/0x10f0
[ 74.851394][ T5044] ? clean_bdev_aliases+0x7f9/0x920
[ 74.856598][ T5044] hfs_get_block+0x3e4/0xb60
[ 74.861257][ T5044] ? hfs_free_extents+0x420/0x420
[ 74.866291][ T5044] ? _raw_spin_unlock+0x28/0x40
[ 74.871136][ T5044] ? folio_create_buffers+0x132/0x250
[ 74.876505][ T5044] __block_write_begin_int+0x548/0x1a50
[ 74.882043][ T5044] ? folio_add_lru+0x353/0x6f0
[ 74.886814][ T5044] ? hfs_free_extents+0x420/0x420
[ 74.891837][ T5044] ? PageUptodate+0x290/0x290
[ 74.896510][ T5044] ? folio_test_hugetlb+0xa0/0x1d0
[ 74.901620][ T5044] ? pagecache_get_page+0xeb/0x220
[ 74.906742][ T5044] ? hfs_free_extents+0x420/0x420
[ 74.911779][ T5044] block_write_begin+0x9c/0x1f0
[ 74.916630][ T5044] ? cont_write_begin+0x626/0x880
[ 74.921658][ T5044] cont_write_begin+0x643/0x880
[ 74.927212][ T5044] ? fault_in_readable+0x1db/0x350
[ 74.932317][ T5044] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 74.938201][ T5044] ? fault_in_readable+0x21c/0x350
[ 74.943311][ T5044] ? fault_in_safe_writeable+0x260/0x260
[ 74.948945][ T5044] hfs_write_begin+0x8a/0xd0
[ 74.953534][ T5044] ? hfs_free_extents+0x420/0x420
[ 74.958560][ T5044] generic_perform_write+0x300/0x5e0
[ 74.963847][ T5044] ? generic_file_direct_write+0x460/0x460
[ 74.969650][ T5044] ? __file_remove_privs+0x640/0x640
[ 74.974939][ T5044] ? generic_write_checks+0x160/0x1c0
[ 74.980323][ T5044] __generic_file_write_iter+0x17a/0x400
[ 74.985954][ T5044] generic_file_write_iter+0xaf/0x310
[ 74.991321][ T5044] vfs_write+0x7ec/0xc10
[ 74.995650][ T5044] ? _raw_spin_lock_irqsave+0x120/0x120
[ 75.001194][ T5044] ? file_end_write+0x250/0x250
[ 75.006048][ T5044] ? lockdep_hardirqs_on+0x98/0x140
[ 75.011245][ T5044] ? __fdget_pos+0x265/0x2f0
[ 75.015852][ T5044] ksys_write+0x1a0/0x2c0
[ 75.020194][ T5044] ? __ia32_sys_read+0x90/0x90
[ 75.024984][ T5044] ? syscall_enter_from_user_mode+0x32/0x230
[ 75.030968][ T5044] ? syscall_enter_from_user_mode+0x8c/0x230
[ 75.036944][ T5044] do_syscall_64+0x41/0xc0
[ 75.041360][ T5044] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 75.047247][ T5044] RIP: 0033:0x7f345c0e09f9
[ 75.051658][ T5044] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 75.071266][ T5044] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 75.079681][ T5044] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 75.087651][ T5044] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 75.095618][ T5044] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[pid 5044] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5044] exit_group(0) = ?
[pid 5044] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5044, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./53/bus") = 0
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./53/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5045
./strace-static-x86_64: Process 5045 attached
[pid 5045] chdir("./54") = 0
[pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5045] setpgid(0, 0) = 0
[pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5045] write(3, "1000", 4) = 4
[pid 5045] close(3) = 0
[pid 5045] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5045] memfd_create("syzkaller", 0) = 3
[pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5045] munmap(0x7f3453c93000, 32768) = 0
[pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 75.103587][ T5044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 75.111569][ T5044] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000035
[ 75.119546][ T5044]
[pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5045] close(3) = 0
[pid 5045] mkdir("./bus", 0777) = 0
[pid 5045] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5045] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5045] chdir("./bus") = 0
[pid 5045] ioctl(4, LOOP_CLR_FD) = 0
[pid 5045] close(4) = 0
[pid 5045] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5045] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5045] write(5, "9", 1) = 1
[ 75.153072][ T5045] loop0: detected capacity change from 0 to 64
[ 75.162601][ T5045] hfs: unable to locate alternate MDB
[ 75.168021][ T5045] hfs: continuing without an alternate MDB
[ 75.183587][ T5045] FAULT_INJECTION: forcing a failure.
[ 75.183587][ T5045] name failslab, interval 1, probability 0, space 0, times 0
[ 75.196484][ T5045] CPU: 1 PID: 5045 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 75.206554][ T5045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 75.216594][ T5045] Call Trace:
[ 75.219860][ T5045]
[ 75.222777][ T5045] dump_stack_lvl+0x1e7/0x2d0
[ 75.227448][ T5045] ? nf_tcp_handle_invalid+0x650/0x650
[ 75.232909][ T5045] ? panic+0x770/0x770
[ 75.236963][ T5045] ? rcu_is_watching+0x15/0xb0
[ 75.241717][ T5045] ? trace_contention_end+0x3c/0xf0
[ 75.246921][ T5045] should_fail_ex+0x3aa/0x4e0
[ 75.251597][ T5045] should_failslab+0x9/0x20
[ 75.256190][ T5045] slab_pre_alloc_hook+0x59/0x2b0
[ 75.261209][ T5045] ? hfs_find_init+0x90/0x1f0
[ 75.265880][ T5045] __kmem_cache_alloc_node+0x4b/0x290
[ 75.271248][ T5045] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 75.277051][ T5045] ? hfs_find_init+0x90/0x1f0
[ 75.281724][ T5045] __kmalloc+0xa8/0x230
[ 75.285873][ T5045] hfs_find_init+0x90/0x1f0
[ 75.290370][ T5045] hfs_extend_file+0x31b/0x1440
[ 75.295219][ T5045] ? hfs_get_block+0xb60/0xb60
[ 75.299976][ T5045] ? lru_cache_disable+0x30/0x30
[ 75.304906][ T5045] ? __might_sleep+0xc0/0xc0
[ 75.309500][ T5045] ? clean_bdev_aliases+0x80a/0x920
[ 75.314691][ T5045] hfs_get_block+0x3e4/0xb60
[ 75.319282][ T5045] ? hfs_free_extents+0x420/0x420
[ 75.324306][ T5045] ? _raw_spin_unlock+0x28/0x40
[ 75.329145][ T5045] ? folio_create_buffers+0x132/0x250
[ 75.334513][ T5045] __block_write_begin_int+0x548/0x1a50
[ 75.340047][ T5045] ? folio_add_lru+0x353/0x6f0
[ 75.344816][ T5045] ? hfs_free_extents+0x420/0x420
[ 75.349836][ T5045] ? PageUptodate+0x290/0x290
[ 75.354504][ T5045] ? folio_test_hugetlb+0xa0/0x1d0
[ 75.359629][ T5045] ? pagecache_get_page+0xeb/0x220
[ 75.364732][ T5045] ? hfs_free_extents+0x420/0x420
[ 75.369748][ T5045] block_write_begin+0x9c/0x1f0
[ 75.374584][ T5045] ? cont_write_begin+0x626/0x880
[ 75.379606][ T5045] cont_write_begin+0x643/0x880
[ 75.384468][ T5045] ? fault_in_readable+0x1db/0x350
[ 75.389576][ T5045] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 75.395461][ T5045] ? fault_in_readable+0x21c/0x350
[ 75.400564][ T5045] ? fault_in_safe_writeable+0x260/0x260
[ 75.406196][ T5045] hfs_write_begin+0x8a/0xd0
[ 75.410779][ T5045] ? hfs_free_extents+0x420/0x420
[ 75.415800][ T5045] generic_perform_write+0x300/0x5e0
[ 75.421082][ T5045] ? generic_file_direct_write+0x460/0x460
[ 75.426880][ T5045] ? __file_remove_privs+0x640/0x640
[ 75.432157][ T5045] ? generic_write_checks+0x160/0x1c0
[ 75.437521][ T5045] __generic_file_write_iter+0x17a/0x400
[ 75.443147][ T5045] generic_file_write_iter+0xaf/0x310
[ 75.448513][ T5045] vfs_write+0x7ec/0xc10
[ 75.452750][ T5045] ? _raw_spin_lock_irqsave+0x120/0x120
[ 75.458288][ T5045] ? file_end_write+0x250/0x250
[ 75.463140][ T5045] ? lockdep_hardirqs_on+0x98/0x140
[ 75.468331][ T5045] ? __fdget_pos+0x265/0x2f0
[ 75.472912][ T5045] ksys_write+0x1a0/0x2c0
[ 75.477239][ T5045] ? __ia32_sys_read+0x90/0x90
[ 75.481997][ T5045] ? syscall_enter_from_user_mode+0x32/0x230
[ 75.487968][ T5045] ? syscall_enter_from_user_mode+0x8c/0x230
[ 75.493941][ T5045] do_syscall_64+0x41/0xc0
[ 75.498358][ T5045] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 75.504242][ T5045] RIP: 0033:0x7f345c0e09f9
[ 75.508652][ T5045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 75.528245][ T5045] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 75.536648][ T5045] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 75.544609][ T5045] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[pid 5045] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5045] exit_group(0) = ?
[pid 5045] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555571ad620 /* 4 entries */, 32768) = 104
umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./54/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555571b5660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555571b5660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./54/bus") = 0
umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./54/binderfs") = 0
getdents64(3, 0x5555571ad620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./54") = 0
mkdir("./55", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555571ac5d0) = 5046
./strace-static-x86_64: Process 5046 attached
[pid 5046] chdir("./55") = 0
[pid 5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5046] setpgid(0, 0) = 0
[pid 5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 75.552567][ T5045] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 75.560546][ T5045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 75.568506][ T5045] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000036
[ 75.576479][ T5045]
[pid 5046] write(3, "1000", 4) = 4
[pid 5046] close(3) = 0
[pid 5046] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5046] memfd_create("syzkaller", 0) = 3
[pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3453c93000
[pid 5046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5046] munmap(0x7f3453c93000, 32768) = 0
[pid 5046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5046] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5046] close(3) = 0
[pid 5046] mkdir("./bus", 0777) = 0
[pid 5046] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5046] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5046] chdir("./bus") = 0
[pid 5046] ioctl(4, LOOP_CLR_FD) = 0
[pid 5046] close(4) = 0
[pid 5046] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5046] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5046] write(5, "9", 1) = 1
[ 75.625094][ T5046] loop0: detected capacity change from 0 to 64
[ 75.634075][ T5046] hfs: unable to locate alternate MDB
[ 75.639475][ T5046] hfs: continuing without an alternate MDB
[ 75.655846][ T5046] FAULT_INJECTION: forcing a failure.
[ 75.655846][ T5046] name failslab, interval 1, probability 0, space 0, times 0
[ 75.668711][ T5046] CPU: 0 PID: 5046 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 75.678785][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 75.688826][ T5046] Call Trace:
[ 75.692095][ T5046]
[ 75.695025][ T5046] dump_stack_lvl+0x1e7/0x2d0
[ 75.699718][ T5046] ? nf_tcp_handle_invalid+0x650/0x650
[ 75.705167][ T5046] ? panic+0x770/0x770
[ 75.709236][ T5046] should_fail_ex+0x3aa/0x4e0
[ 75.713907][ T5046] should_failslab+0x9/0x20
[ 75.718400][ T5046] slab_pre_alloc_hook+0x59/0x2b0
[ 75.723419][ T5046] ? __hfs_bnode_create+0xf8/0x7b0
[ 75.728528][ T5046] __kmem_cache_alloc_node+0x4b/0x290
[ 75.733912][ T5046] ? asm_common_interrupt+0x26/0x40
[ 75.739120][ T5046] ? __hfs_bnode_create+0xf8/0x7b0
[ 75.744238][ T5046] __kmalloc+0xa8/0x230
[ 75.748385][ T5046] __hfs_bnode_create+0xf8/0x7b0
[ 75.753311][ T5046] ? do_raw_spin_lock+0x1ce/0x3a0
[ 75.758331][ T5046] ? hfs_bnode_get+0x40/0x40
[ 75.762911][ T5046] ? do_raw_spin_unlock+0x13b/0x8b0
[ 75.768110][ T5046] hfs_bnode_find+0x244/0xf50
[ 75.772780][ T5046] ? unwind_next_frame+0x1a2f/0x2200
[ 75.778059][ T5046] ? preempt_count_add+0x93/0x180
[ 75.783072][ T5046] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 75.789135][ T5046] ? hfs_bnode_unlink+0x7f0/0x7f0
[ 75.794152][ T5046] ? register_lock_class+0x104/0x990
[ 75.799432][ T5046] ? hfs_bmap_reserve+0x3b1/0x3f0
[ 75.804454][ T5046] ? kernel_text_address+0xa3/0xe0
[ 75.809583][ T5046] ? is_dynamic_key+0x1f0/0x1f0
[ 75.814438][ T5046] ? unwind_get_return_address+0x4d/0x90
[ 75.820061][ T5046] hfs_bmap_alloc+0xc9/0x640
[ 75.824652][ T5046] ? __lock_acquire+0x1295/0x2000
[ 75.829684][ T5046] ? hfs_bmap_reserve+0x3f0/0x3f0
[ 75.834703][ T5046] hfs_btree_inc_height+0x11e/0xd20
[ 75.839903][ T5046] ? hfs_brec_insert+0xbd0/0xbd0
[ 75.844841][ T5046] ? __mutex_trylock_common+0x182/0x2e0
[ 75.850403][ T5046] ? __might_sleep+0xc0/0xc0
[ 75.854997][ T5046] hfs_brec_insert+0x15b/0xbd0
[ 75.859773][ T5046] ? rcu_is_watching+0x15/0xb0
[ 75.864549][ T5046] ? trace_contention_end+0x3c/0xf0
[ 75.869739][ T5046] ? hfs_brec_find+0x197/0x570
[ 75.874511][ T5046] ? hfs_brec_keylen+0x360/0x360
[ 75.879462][ T5046] ? mutex_lock_io_nested+0x60/0x60
[ 75.884674][ T5046] __hfs_ext_write_extent+0x2f2/0x4f0
[ 75.890070][ T5046] __hfs_ext_cache_extent+0x6a/0x990
[ 75.895376][ T5046] ? mutex_lock_nested+0x1b/0x20
[ 75.900325][ T5046] ? hfs_find_init+0x16e/0x1f0
[ 75.905088][ T5046] hfs_extend_file+0x344/0x1440
[ 75.909954][ T5046] ? hfs_get_block+0xb60/0xb60
[ 75.914720][ T5046] ? find_lock_entries+0x10f0/0x10f0
[ 75.920035][ T5046] ? clean_bdev_aliases+0x7f9/0x920
[ 75.925244][ T5046] hfs_get_block+0x3e4/0xb60
[ 75.929836][ T5046] ? hfs_free_extents+0x420/0x420
[ 75.934908][ T5046] ? _raw_spin_unlock+0x28/0x40
[ 75.939778][ T5046] ? folio_create_buffers+0x132/0x250
[ 75.945141][ T5046] __block_write_begin_int+0x548/0x1a50
[ 75.950674][ T5046] ? folio_add_lru+0x353/0x6f0
[ 75.955457][ T5046] ? hfs_free_extents+0x420/0x420
[ 75.960492][ T5046] ? PageUptodate+0x290/0x290
[ 75.965157][ T5046] ? folio_test_hugetlb+0xa0/0x1d0
[ 75.970270][ T5046] ? pagecache_get_page+0xeb/0x220
[ 75.975386][ T5046] ? hfs_free_extents+0x420/0x420
[ 75.980401][ T5046] block_write_begin+0x9c/0x1f0
[ 75.985247][ T5046] ? cont_write_begin+0x626/0x880
[ 75.990266][ T5046] cont_write_begin+0x643/0x880
[ 75.995115][ T5046] ? fault_in_readable+0x1db/0x350
[ 76.000214][ T5046] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 76.006095][ T5046] ? fault_in_readable+0x21c/0x350
[ 76.011195][ T5046] ? fault_in_safe_writeable+0x260/0x260
[ 76.016821][ T5046] hfs_write_begin+0x8a/0xd0
[ 76.021407][ T5046] ? hfs_free_extents+0x420/0x420
[ 76.026441][ T5046] generic_perform_write+0x300/0x5e0
[ 76.031734][ T5046] ? generic_file_direct_write+0x460/0x460
[ 76.037542][ T5046] ? __file_remove_privs+0x640/0x640
[ 76.042843][ T5046] ? generic_write_checks+0x160/0x1c0
[ 76.048215][ T5046] __generic_file_write_iter+0x17a/0x400
[ 76.053846][ T5046] generic_file_write_iter+0xaf/0x310
[ 76.059209][ T5046] vfs_write+0x7ec/0xc10
[ 76.063446][ T5046] ? _raw_spin_lock_irqsave+0x120/0x120
[ 76.068992][ T5046] ? file_end_write+0x250/0x250
[ 76.073847][ T5046] ? lockdep_hardirqs_on+0x98/0x140
[ 76.079047][ T5046] ? __fdget_pos+0x265/0x2f0
[ 76.083645][ T5046] ksys_write+0x1a0/0x2c0
[ 76.087968][ T5046] ? __ia32_sys_read+0x90/0x90
[ 76.092722][ T5046] ? syscall_enter_from_user_mode+0x32/0x230
[ 76.098692][ T5046] ? syscall_enter_from_user_mode+0x8c/0x230
[ 76.104673][ T5046] do_syscall_64+0x41/0xc0
[ 76.109100][ T5046] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 76.114980][ T5046] RIP: 0033:0x7f345c0e09f9
[ 76.119389][ T5046] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 76.138995][ T5046] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 76.147394][ T5046] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 76.155350][ T5046] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 76.163307][ T5046] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 76.171267][ T5046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 76.179224][ T5046] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000037
[ 76.187202][ T5046]
[ 76.192698][ T5046] hfs: new node 0 already hashed?
[ 76.197921][ T5046] ------------[ cut here ]------------
[ 76.203456][ T5046] WARNING: CPU: 0 PID: 5046 at fs/hfs/bnode.c:422 hfs_bnode_create+0x3b1/0x440
[ 76.212426][ T5046] Modules linked in:
[ 76.216318][ T5046] CPU: 0 PID: 5046 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 76.226413][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 76.236512][ T5046] RIP: 0010:hfs_bnode_create+0x3b1/0x440
[ 76.242197][ T5046] Code: 8a 44 89 e6 e8 c0 d4 48 08 e9 7c fd ff ff e8 56 e5 27 ff 4c 89 ff e8 6e df 54 08 48 c7 c7 20 cb ff 8a 44 89 e6 e8 9f d4 48 08 <0f> 0b eb b5 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 89 fc ff ff 48 89
[ 76.261829][ T5046] RSP: 0018:ffffc90003a7ef98 EFLAGS: 00010246
[ 76.267889][ T5046] RAX: 000000000000001f RBX: ffff88823bd96000 RCX: 9c74b486dd78fa00
[ 76.275901][ T5046] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 76.283919][ T5046] RBP: 0000000000000000 R08: ffffffff816f2fcc R09: fffff5200074fda9
[ 76.291956][ T5046] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[ 76.299958][ T5046] R13: dffffc0000000000 R14: ffff88802cb48000 R15: ffff88802cb480e0
[ 76.307993][ T5046] FS: 00005555571ac300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 76.316972][ T5046] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 76.323597][ T5046] CR2: 00007f345c0b5660 CR3: 0000000025cbf000 CR4: 00000000003506f0
[ 76.331585][ T5046] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 76.339609][ T5046] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 76.347627][ T5046] Call Trace:
[ 76.350918][ T5046]
[ 76.353902][ T5046] hfs_bmap_alloc+0x5a6/0x640
[ 76.358599][ T5046] ? hfs_bmap_reserve+0x3f0/0x3f0
[ 76.363678][ T5046] hfs_btree_inc_height+0x11e/0xd20
[ 76.368893][ T5046] ? hfs_brec_insert+0x6e0/0xbd0
[ 76.373880][ T5046] ? workingset_activation+0x593/0x850
[ 76.379347][ T5046] ? hfs_brec_insert+0xbd0/0xbd0
[ 76.384332][ T5046] ? do_raw_spin_unlock+0x13b/0x8b0
[ 76.389548][ T5046] ? hfs_bnode_put+0x1c0/0x370
[ 76.394347][ T5046] hfs_brec_insert+0x723/0xbd0
[ 76.399142][ T5046] ? hfs_brec_keylen+0x360/0x360
[ 76.404122][ T5046] ? mutex_lock_io_nested+0x60/0x60
[ 76.409339][ T5046] __hfs_ext_write_extent+0x2f2/0x4f0
[ 76.414749][ T5046] __hfs_ext_cache_extent+0x6a/0x990
[ 76.420051][ T5046] ? mutex_lock_nested+0x1b/0x20
[ 76.425044][ T5046] ? hfs_find_init+0x16e/0x1f0
[ 76.429822][ T5046] hfs_extend_file+0x344/0x1440
[ 76.434717][ T5046] ? hfs_get_block+0xb60/0xb60
[ 76.439514][ T5046] ? find_lock_entries+0x10f0/0x10f0
[ 76.444879][ T5046] ? clean_bdev_aliases+0x7f9/0x920
[ 76.450095][ T5046] hfs_get_block+0x3e4/0xb60
[ 76.454771][ T5046] ? hfs_free_extents+0x420/0x420
[ 76.459832][ T5046] ? _raw_spin_unlock+0x28/0x40
[ 76.464731][ T5046] ? folio_create_buffers+0x132/0x250
[ 76.470117][ T5046] __block_write_begin_int+0x548/0x1a50
[ 76.475703][ T5046] ? folio_add_lru+0x353/0x6f0
[ 76.480511][ T5046] ? hfs_free_extents+0x420/0x420
[ 76.485628][ T5046] ? PageUptodate+0x290/0x290
[ 76.490327][ T5046] ? folio_test_hugetlb+0xa0/0x1d0
[ 76.495503][ T5046] ? pagecache_get_page+0xeb/0x220
[ 76.500646][ T5046] ? hfs_free_extents+0x420/0x420
[ 76.506462][ T5046] block_write_begin+0x9c/0x1f0
[ 76.511341][ T5046] ? cont_write_begin+0x626/0x880
[ 76.516436][ T5046] cont_write_begin+0x643/0x880
[ 76.521308][ T5046] ? fault_in_readable+0x1db/0x350
[ 76.526451][ T5046] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 76.532394][ T5046] ? fault_in_readable+0x21c/0x350
[ 76.537526][ T5046] ? fault_in_safe_writeable+0x260/0x260
[ 76.543235][ T5046] hfs_write_begin+0x8a/0xd0
[ 76.547834][ T5046] ? hfs_free_extents+0x420/0x420
[ 76.552892][ T5046] generic_perform_write+0x300/0x5e0
[ 76.558193][ T5046] ? generic_file_direct_write+0x460/0x460
[ 76.564053][ T5046] ? __file_remove_privs+0x640/0x640
[ 76.569366][ T5046] ? generic_write_checks+0x160/0x1c0
[ 76.574828][ T5046] __generic_file_write_iter+0x17a/0x400
[ 76.580498][ T5046] generic_file_write_iter+0xaf/0x310
[ 76.585923][ T5046] vfs_write+0x7ec/0xc10
[ 76.590183][ T5046] ? _raw_spin_lock_irqsave+0x120/0x120
[ 76.595766][ T5046] ? file_end_write+0x250/0x250
[ 76.600634][ T5046] ? lockdep_hardirqs_on+0x98/0x140
[ 76.605877][ T5046] ? __fdget_pos+0x265/0x2f0
[ 76.610487][ T5046] ksys_write+0x1a0/0x2c0
[ 76.614856][ T5046] ? __ia32_sys_read+0x90/0x90
[ 76.619632][ T5046] ? syscall_enter_from_user_mode+0x32/0x230
[ 76.625670][ T5046] ? syscall_enter_from_user_mode+0x8c/0x230
[ 76.631702][ T5046] do_syscall_64+0x41/0xc0
[ 76.636131][ T5046] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 76.642089][ T5046] RIP: 0033:0x7f345c0e09f9
[ 76.646511][ T5046] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 76.666159][ T5046] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 76.674619][ T5046] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 76.682647][ T5046] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 76.690627][ T5046] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 76.698680][ T5046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 76.706696][ T5046] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000037
[ 76.714742][ T5046]
[ 76.717777][ T5046] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 76.725051][ T5046] CPU: 0 PID: 5046 Comm: syz-executor681 Not tainted 6.3.0-syzkaller-11301-g1ae78a14516b #0
[ 76.735097][ T5046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
[ 76.745157][ T5046] Call Trace:
[ 76.748423][ T5046]
[ 76.751343][ T5046] dump_stack_lvl+0x1e7/0x2d0
[ 76.756017][ T5046] ? nf_tcp_handle_invalid+0x650/0x650
[ 76.761488][ T5046] ? panic+0x770/0x770
[ 76.765550][ T5046] ? vscnprintf+0x5d/0x80
[ 76.769872][ T5046] panic+0x30f/0x770
[ 76.773756][ T5046] ? __warn+0x171/0x4a0
[ 76.777907][ T5046] ? __memcpy_flushcache+0x2b0/0x2b0
[ 76.783197][ T5046] __warn+0x314/0x4a0
[ 76.787175][ T5046] ? hfs_bnode_create+0x3b1/0x440
[ 76.792191][ T5046] report_bug+0x2b3/0x500
[ 76.796526][ T5046] ? hfs_bnode_create+0x3b1/0x440
[ 76.801568][ T5046] handle_bug+0x3d/0x70
[ 76.805718][ T5046] exc_invalid_op+0x1a/0x50
[ 76.810215][ T5046] asm_exc_invalid_op+0x1a/0x20
[ 76.815058][ T5046] RIP: 0010:hfs_bnode_create+0x3b1/0x440
[ 76.820686][ T5046] Code: 8a 44 89 e6 e8 c0 d4 48 08 e9 7c fd ff ff e8 56 e5 27 ff 4c 89 ff e8 6e df 54 08 48 c7 c7 20 cb ff 8a 44 89 e6 e8 9f d4 48 08 <0f> 0b eb b5 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 89 fc ff ff 48 89
[ 76.840283][ T5046] RSP: 0018:ffffc90003a7ef98 EFLAGS: 00010246
[ 76.846347][ T5046] RAX: 000000000000001f RBX: ffff88823bd96000 RCX: 9c74b486dd78fa00
[ 76.854318][ T5046] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 76.862282][ T5046] RBP: 0000000000000000 R08: ffffffff816f2fcc R09: fffff5200074fda9
[ 76.870254][ T5046] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[ 76.878219][ T5046] R13: dffffc0000000000 R14: ffff88802cb48000 R15: ffff88802cb480e0
[ 76.886191][ T5046] ? __wake_up_klogd+0xcc/0x100
[ 76.891049][ T5046] ? hfs_bnode_create+0x3b1/0x440
[ 76.896095][ T5046] hfs_bmap_alloc+0x5a6/0x640
[ 76.900771][ T5046] ? hfs_bmap_reserve+0x3f0/0x3f0
[ 76.905798][ T5046] hfs_btree_inc_height+0x11e/0xd20
[ 76.910990][ T5046] ? hfs_brec_insert+0x6e0/0xbd0
[ 76.915921][ T5046] ? workingset_activation+0x593/0x850
[ 76.921374][ T5046] ? hfs_brec_insert+0xbd0/0xbd0
[ 76.926307][ T5046] ? do_raw_spin_unlock+0x13b/0x8b0
[ 76.931504][ T5046] ? hfs_bnode_put+0x1c0/0x370
[ 76.936265][ T5046] hfs_brec_insert+0x723/0xbd0
[ 76.941034][ T5046] ? hfs_brec_keylen+0x360/0x360
[ 76.945970][ T5046] ? mutex_lock_io_nested+0x60/0x60
[ 76.951167][ T5046] __hfs_ext_write_extent+0x2f2/0x4f0
[ 76.956539][ T5046] __hfs_ext_cache_extent+0x6a/0x990
[ 76.961818][ T5046] ? mutex_lock_nested+0x1b/0x20
[ 76.966747][ T5046] ? hfs_find_init+0x16e/0x1f0
[ 76.971506][ T5046] hfs_extend_file+0x344/0x1440
[ 76.976356][ T5046] ? hfs_get_block+0xb60/0xb60
[ 76.981114][ T5046] ? find_lock_entries+0x10f0/0x10f0
[ 76.986418][ T5046] ? clean_bdev_aliases+0x7f9/0x920
[ 76.991621][ T5046] hfs_get_block+0x3e4/0xb60
[ 76.996219][ T5046] ? hfs_free_extents+0x420/0x420
[ 77.001259][ T5046] ? _raw_spin_unlock+0x28/0x40
[ 77.006106][ T5046] ? folio_create_buffers+0x132/0x250
[ 77.011476][ T5046] __block_write_begin_int+0x548/0x1a50
[ 77.017025][ T5046] ? folio_add_lru+0x353/0x6f0
[ 77.021804][ T5046] ? hfs_free_extents+0x420/0x420
[ 77.026827][ T5046] ? PageUptodate+0x290/0x290
[ 77.031494][ T5046] ? folio_test_hugetlb+0xa0/0x1d0
[ 77.036599][ T5046] ? pagecache_get_page+0xeb/0x220
[ 77.041703][ T5046] ? hfs_free_extents+0x420/0x420
[ 77.046722][ T5046] block_write_begin+0x9c/0x1f0
[ 77.051563][ T5046] ? cont_write_begin+0x626/0x880
[ 77.056579][ T5046] cont_write_begin+0x643/0x880
[ 77.061430][ T5046] ? fault_in_readable+0x1db/0x350
[ 77.066537][ T5046] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 77.072421][ T5046] ? fault_in_readable+0x21c/0x350
[ 77.077526][ T5046] ? fault_in_safe_writeable+0x260/0x260
[ 77.083159][ T5046] hfs_write_begin+0x8a/0xd0
[ 77.087743][ T5046] ? hfs_free_extents+0x420/0x420
[ 77.092763][ T5046] generic_perform_write+0x300/0x5e0
[ 77.098048][ T5046] ? generic_file_direct_write+0x460/0x460
[ 77.103844][ T5046] ? __file_remove_privs+0x640/0x640
[ 77.109124][ T5046] ? generic_write_checks+0x160/0x1c0
[ 77.114490][ T5046] __generic_file_write_iter+0x17a/0x400
[ 77.120121][ T5046] generic_file_write_iter+0xaf/0x310
[ 77.125490][ T5046] vfs_write+0x7ec/0xc10
[ 77.129729][ T5046] ? _raw_spin_lock_irqsave+0x120/0x120
[ 77.135277][ T5046] ? file_end_write+0x250/0x250
[ 77.140130][ T5046] ? lockdep_hardirqs_on+0x98/0x140
[ 77.145327][ T5046] ? __fdget_pos+0x265/0x2f0
[ 77.149908][ T5046] ksys_write+0x1a0/0x2c0
[ 77.154237][ T5046] ? __ia32_sys_read+0x90/0x90
[ 77.158997][ T5046] ? syscall_enter_from_user_mode+0x32/0x230
[ 77.164975][ T5046] ? syscall_enter_from_user_mode+0x8c/0x230
[ 77.170949][ T5046] do_syscall_64+0x41/0xc0
[ 77.175363][ T5046] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 77.181250][ T5046] RIP: 0033:0x7f345c0e09f9
[ 77.185656][ T5046] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 77.205256][ T5046] RSP: 002b:00007fffbc1930d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 77.213661][ T5046] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f345c0e09f9
[ 77.221621][ T5046] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 77.229583][ T5046] RBP: 00007fffbc193100 R08: 0000000000000001 R09: 00007fffbc193110
[ 77.237546][ T5046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 77.245507][ T5046] R13: 00007fffbc193140 R14: 00007fffbc193120 R15: 0000000000000037
[ 77.253479][ T5046]
[ 77.256699][ T5046] Kernel Offset: disabled
[ 77.261085][ T5046] Rebooting in 86400 seconds..