./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1757079121
<...>
Warning: Permanently added '10.128.0.14' (ED25519) to the list of known hosts.
execve("./syz-executor1757079121", ["./syz-executor1757079121"], 0x7fff2b1e13f0 /* 10 vars */) = 0
brk(NULL) = 0x555556430000
brk(0x555556430d00) = 0x555556430d00
arch_prctl(ARCH_SET_FS, 0x555556430380) = 0
set_tid_address(0x555556430650) = 5029
set_robust_list(0x555556430660, 24) = 0
rseq(0x555556430ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1757079121", 4096) = 28
getrandom("\x7c\xc8\x4c\x23\x0b\x1b\xe0\xd7", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555556430d00
brk(0x555556451d00) = 0x555556451d00
brk(0x555556452000) = 0x555556452000
mprotect(0x7f368e945000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.Kd2oW2", 0700) = 0
chmod("./syzkaller.Kd2oW2", 0777) = 0
chdir("./syzkaller.Kd2oW2") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5030 attached
, child_tidptr=0x555556430650) = 5030
[pid 5030] set_robust_list(0x555556430660, 24) = 0
[pid 5030] chdir("./0") = 0
[pid 5030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5030] setpgid(0, 0) = 0
[pid 5030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5030] write(3, "1000", 4) = 4
[pid 5030] close(3) = 0
[pid 5030] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5030] memfd_create("syzkaller", 0) = 3
[pid 5030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5030] munmap(0x7f3686492000, 32768) = 0
[pid 5030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5030] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5030] close(3) = 0
[pid 5030] mkdir("./bus", 0777) = 0
[pid 5030] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5030] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5030] chdir("./bus") = 0
[pid 5030] ioctl(4, LOOP_CLR_FD) = 0
[pid 5030] close(4) = 0
[pid 5030] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5030] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5030] write(5, "9", 1) = 1
[pid 5030] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5030] exit_group(0) = ?
[pid 5030] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5030, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/bus") = 0
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5032
./strace-static-x86_64: Process 5032 attached
[pid 5032] set_robust_list(0x555556430660, 24) = 0
[pid 5032] chdir("./1") = 0
[pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5032] setpgid(0, 0) = 0
[pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5032] write(3, "1000", 4) = 4
[pid 5032] close(3) = 0
[pid 5032] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5032] memfd_create("syzkaller", 0) = 3
[pid 5032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5032] munmap(0x7f3686492000, 32768) = 0
[pid 5032] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 52.501895][ T5030] syz-executor175[5030]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[ 52.516081][ T5030] loop0: detected capacity change from 0 to 64
[ 52.525263][ T5030] hfs: unable to locate alternate MDB
[ 52.530665][ T5030] hfs: continuing without an alternate MDB
[pid 5032] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5032] close(3) = 0
[pid 5032] mkdir("./bus", 0777) = 0
[pid 5032] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5032] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5032] chdir("./bus") = 0
[pid 5032] ioctl(4, LOOP_CLR_FD) = 0
[pid 5032] close(4) = 0
[pid 5032] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5032] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5032] write(5, "9", 1) = 1
[pid 5032] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5032] exit_group(0) = ?
[pid 5032] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5032, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/bus") = 0
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5033 attached
, child_tidptr=0x555556430650) = 5033
[pid 5033] set_robust_list(0x555556430660, 24) = 0
[pid 5033] chdir("./2") = 0
[pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5033] setpgid(0, 0) = 0
[pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5033] write(3, "1000", 4) = 4
[pid 5033] close(3) = 0
[pid 5033] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5033] memfd_create("syzkaller", 0) = 3
[pid 5033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5033] munmap(0x7f3686492000, 32768) = 0
[ 52.580641][ T5032] loop0: detected capacity change from 0 to 64
[ 52.588848][ T5032] hfs: unable to locate alternate MDB
[ 52.594561][ T5032] hfs: continuing without an alternate MDB
[pid 5033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5033] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5033] close(3) = 0
[pid 5033] mkdir("./bus", 0777) = 0
[pid 5033] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5033] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5033] chdir("./bus") = 0
[pid 5033] ioctl(4, LOOP_CLR_FD) = 0
[pid 5033] close(4) = 0
[pid 5033] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5033] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5033] write(5, "9", 1) = 1
[ 52.635909][ T5033] loop0: detected capacity change from 0 to 64
[ 52.645743][ T5033] hfs: unable to locate alternate MDB
[ 52.651258][ T5033] hfs: continuing without an alternate MDB
[ 52.674685][ T5033] FAULT_INJECTION: forcing a failure.
[ 52.674685][ T5033] name failslab, interval 1, probability 0, space 0, times 1
[ 52.687349][ T5033] CPU: 1 PID: 5033 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 52.697757][ T5033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 52.707793][ T5033] Call Trace:
[ 52.711055][ T5033]
[ 52.713968][ T5033] dump_stack_lvl+0x1e7/0x2d0
[ 52.718634][ T5033] ? nf_tcp_handle_invalid+0x650/0x650
[ 52.724077][ T5033] ? panic+0x770/0x770
[ 52.728135][ T5033] ? rcu_is_watching+0x15/0xb0
[ 52.732901][ T5033] ? trace_contention_end+0x3c/0xf0
[ 52.738088][ T5033] should_fail_ex+0x3aa/0x4e0
[ 52.742757][ T5033] should_failslab+0x9/0x20
[ 52.747253][ T5033] slab_pre_alloc_hook+0x59/0x2b0
[ 52.752260][ T5033] ? hfs_find_init+0x90/0x1f0
[ 52.756918][ T5033] __kmem_cache_alloc_node+0x4b/0x270
[ 52.762272][ T5033] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 52.768059][ T5033] ? hfs_find_init+0x90/0x1f0
[ 52.772719][ T5033] __kmalloc+0xa8/0x230
[ 52.776856][ T5033] ? rcu_is_watching+0x15/0xb0
[ 52.781612][ T5033] hfs_find_init+0x90/0x1f0
[ 52.786108][ T5033] hfs_extend_file+0x31b/0x1440
[ 52.790948][ T5033] ? hfs_get_block+0xb60/0xb60
[ 52.795701][ T5033] ? lru_cache_disable+0x30/0x30
[ 52.800629][ T5033] ? __might_sleep+0xc0/0xc0
[ 52.805222][ T5033] ? clean_bdev_aliases+0x67b/0x770
[ 52.810417][ T5033] hfs_get_block+0x3e4/0xb60
[ 52.815043][ T5033] ? hfs_free_extents+0x420/0x420
[ 52.820057][ T5033] ? _raw_spin_unlock+0x28/0x40
[ 52.824893][ T5033] ? folio_create_buffers+0x132/0x250
[ 52.830249][ T5033] __block_write_begin_int+0x555/0x1a40
[ 52.835786][ T5033] ? hfs_free_extents+0x420/0x420
[ 52.840794][ T5033] ? folio_zero_new_buffers+0x530/0x530
[ 52.846327][ T5033] ? pagecache_get_page+0x243/0x590
[ 52.851517][ T5033] ? hfs_free_extents+0x420/0x420
[ 52.856551][ T5033] block_write_begin+0x9b/0x1e0
[ 52.861399][ T5033] cont_write_begin+0x643/0x880
[ 52.866267][ T5033] ? fault_in_readable+0x165/0x2b0
[ 52.871368][ T5033] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 52.877264][ T5033] ? fault_in_readable+0x1a6/0x2b0
[ 52.882360][ T5033] ? fault_in_safe_writeable+0x260/0x260
[ 52.887984][ T5033] hfs_write_begin+0x8a/0xd0
[ 52.892576][ T5033] ? hfs_free_extents+0x420/0x420
[ 52.897604][ T5033] generic_perform_write+0x31b/0x630
[ 52.902876][ T5033] ? generic_file_direct_write+0x3f0/0x3f0
[ 52.908670][ T5033] ? __mnt_drop_write_file+0xc2/0x100
[ 52.914034][ T5033] ? __generic_file_write_iter+0x101/0x230
[ 52.919823][ T5033] generic_file_write_iter+0xaf/0x310
[ 52.925181][ T5033] vfs_write+0x782/0xaf0
[ 52.929409][ T5033] ? file_end_write+0x250/0x250
[ 52.934245][ T5033] ? __asan_memset+0x23/0x40
[ 52.938821][ T5033] ? __fdget_pos+0x2c7/0x340
[ 52.943400][ T5033] ksys_write+0x1a0/0x2c0
[ 52.947715][ T5033] ? __ia32_sys_read+0x90/0x90
[ 52.952462][ T5033] ? rcu_is_watching+0x15/0xb0
[ 52.957209][ T5033] ? syscall_enter_from_user_mode+0x8c/0x230
[ 52.963175][ T5033] do_syscall_64+0x41/0xc0
[ 52.967581][ T5033] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.973484][ T5033] RIP: 0033:0x7f368e8d11e9
[ 52.977893][ T5033] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 52.997505][ T5033] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 53.005903][ T5033] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 53.013867][ T5033] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 53.021827][ T5033] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 53.029788][ T5033] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[pid 5033] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5033] exit_group(0) = ?
[pid 5033] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5033, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/bus") = 0
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5034 attached
, child_tidptr=0x555556430650) = 5034
[pid 5034] set_robust_list(0x555556430660, 24) = 0
[pid 5034] chdir("./3") = 0
[pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5034] setpgid(0, 0) = 0
[pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5034] write(3, "1000", 4) = 4
[pid 5034] close(3) = 0
[pid 5034] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5034] memfd_create("syzkaller", 0) = 3
[pid 5034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5034] munmap(0x7f3686492000, 32768) = 0
[pid 5034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 53.037755][ T5033] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 53.045712][ T5033]
[ 53.050789][ T5033] hfs_btree_del_level
[pid 5034] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5034] close(3) = 0
[pid 5034] mkdir("./bus", 0777) = 0
[pid 5034] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5034] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5034] chdir("./bus") = 0
[pid 5034] ioctl(4, LOOP_CLR_FD) = 0
[pid 5034] close(4) = 0
[pid 5034] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5034] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5034] write(5, "9", 1) = 1
[ 53.083561][ T5034] loop0: detected capacity change from 0 to 64
[ 53.092208][ T5034] hfs: unable to locate alternate MDB
[ 53.098691][ T5034] hfs: continuing without an alternate MDB
[ 53.112604][ T5034] FAULT_INJECTION: forcing a failure.
[ 53.112604][ T5034] name failslab, interval 1, probability 0, space 0, times 0
[ 53.125296][ T5034] CPU: 1 PID: 5034 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 53.135720][ T5034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 53.145774][ T5034] Call Trace:
[ 53.149037][ T5034]
[ 53.151951][ T5034] dump_stack_lvl+0x1e7/0x2d0
[ 53.156614][ T5034] ? nf_tcp_handle_invalid+0x650/0x650
[ 53.162070][ T5034] ? panic+0x770/0x770
[ 53.166120][ T5034] ? rcu_is_watching+0x15/0xb0
[ 53.170866][ T5034] ? trace_contention_end+0x3c/0xf0
[ 53.176054][ T5034] should_fail_ex+0x3aa/0x4e0
[ 53.180724][ T5034] should_failslab+0x9/0x20
[ 53.185218][ T5034] slab_pre_alloc_hook+0x59/0x2b0
[ 53.190233][ T5034] ? hfs_find_init+0x90/0x1f0
[ 53.194895][ T5034] __kmem_cache_alloc_node+0x4b/0x270
[ 53.200257][ T5034] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 53.206051][ T5034] ? hfs_find_init+0x90/0x1f0
[ 53.210717][ T5034] __kmalloc+0xa8/0x230
[ 53.214865][ T5034] ? rcu_is_watching+0x15/0xb0
[ 53.219618][ T5034] hfs_find_init+0x90/0x1f0
[ 53.224109][ T5034] hfs_extend_file+0x31b/0x1440
[ 53.228954][ T5034] ? hfs_get_block+0xb60/0xb60
[ 53.233704][ T5034] ? lru_cache_disable+0x30/0x30
[ 53.238629][ T5034] ? __might_sleep+0xc0/0xc0
[ 53.243212][ T5034] ? clean_bdev_aliases+0x67b/0x770
[ 53.248397][ T5034] hfs_get_block+0x3e4/0xb60
[ 53.252977][ T5034] ? hfs_free_extents+0x420/0x420
[ 53.257992][ T5034] ? _raw_spin_unlock+0x28/0x40
[ 53.262828][ T5034] ? folio_create_buffers+0x132/0x250
[ 53.268187][ T5034] __block_write_begin_int+0x555/0x1a40
[ 53.273727][ T5034] ? hfs_free_extents+0x420/0x420
[ 53.278737][ T5034] ? folio_zero_new_buffers+0x530/0x530
[ 53.284269][ T5034] ? pagecache_get_page+0x243/0x590
[ 53.289453][ T5034] ? hfs_free_extents+0x420/0x420
[ 53.294471][ T5034] block_write_begin+0x9b/0x1e0
[ 53.299308][ T5034] cont_write_begin+0x643/0x880
[ 53.304149][ T5034] ? fault_in_readable+0x165/0x2b0
[ 53.309246][ T5034] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 53.315122][ T5034] ? fault_in_readable+0x1a6/0x2b0
[ 53.320219][ T5034] ? fault_in_safe_writeable+0x260/0x260
[ 53.325841][ T5034] hfs_write_begin+0x8a/0xd0
[ 53.330417][ T5034] ? hfs_free_extents+0x420/0x420
[ 53.335428][ T5034] generic_perform_write+0x31b/0x630
[ 53.340793][ T5034] ? generic_file_direct_write+0x3f0/0x3f0
[ 53.346584][ T5034] ? __mnt_drop_write_file+0xc2/0x100
[ 53.351949][ T5034] ? __generic_file_write_iter+0x101/0x230
[ 53.357742][ T5034] generic_file_write_iter+0xaf/0x310
[ 53.363100][ T5034] vfs_write+0x782/0xaf0
[ 53.367340][ T5034] ? file_end_write+0x250/0x250
[ 53.372174][ T5034] ? __asan_memset+0x23/0x40
[ 53.376756][ T5034] ? __fdget_pos+0x2c7/0x340
[ 53.381337][ T5034] ksys_write+0x1a0/0x2c0
[ 53.385656][ T5034] ? __ia32_sys_read+0x90/0x90
[ 53.390406][ T5034] ? rcu_is_watching+0x15/0xb0
[ 53.395158][ T5034] ? syscall_enter_from_user_mode+0x8c/0x230
[ 53.401130][ T5034] do_syscall_64+0x41/0xc0
[ 53.405534][ T5034] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.411414][ T5034] RIP: 0033:0x7f368e8d11e9
[ 53.415818][ T5034] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 53.435408][ T5034] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 53.443811][ T5034] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 53.451766][ T5034] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 53.459724][ T5034] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 53.467679][ T5034] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 53.475633][ T5034] R13: 0000000000000003 R14: 431bde82d7b634db R15: 00007ffecc946110
[pid 5034] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5034] exit_group(0) = ?
[pid 5034] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5034, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/bus") = 0
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5035
./strace-static-x86_64: Process 5035 attached
[pid 5035] set_robust_list(0x555556430660, 24) = 0
[pid 5035] chdir("./4") = 0
[pid 5035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5035] setpgid(0, 0) = 0
[pid 5035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5035] write(3, "1000", 4) = 4
[pid 5035] close(3) = 0
[pid 5035] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5035] memfd_create("syzkaller", 0) = 3
[pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5035] munmap(0x7f3686492000, 32768) = 0
[pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5035] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5035] close(3) = 0
[pid 5035] mkdir("./bus", 0777) = 0
[ 53.483594][ T5034]
[ 53.488881][ T5034] hfs_btree_del_level
[ 53.524275][ T5035] loop0: detected capacity change from 0 to 64
[pid 5035] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5035] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5035] chdir("./bus") = 0
[pid 5035] ioctl(4, LOOP_CLR_FD) = 0
[pid 5035] close(4) = 0
[pid 5035] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5035] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5035] write(5, "9", 1) = 1
[pid 5035] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5035] exit_group(0) = ?
[pid 5035] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5035, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/bus") = 0
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5036
./strace-static-x86_64: Process 5036 attached
[pid 5036] set_robust_list(0x555556430660, 24) = 0
[pid 5036] chdir("./5") = 0
[pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5036] setpgid(0, 0) = 0
[pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5036] write(3, "1000", 4) = 4
[pid 5036] close(3) = 0
[pid 5036] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5036] memfd_create("syzkaller", 0) = 3
[pid 5036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5036] munmap(0x7f3686492000, 32768) = 0
[pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 53.535497][ T5035] hfs: unable to locate alternate MDB
[ 53.540980][ T5035] hfs: continuing without an alternate MDB
[pid 5036] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5036] close(3) = 0
[pid 5036] mkdir("./bus", 0777) = 0
[pid 5036] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5036] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5036] chdir("./bus") = 0
[pid 5036] ioctl(4, LOOP_CLR_FD) = 0
[pid 5036] close(4) = 0
[pid 5036] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5036] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5036] write(5, "9", 1) = 1
[pid 5036] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5036] exit_group(0) = ?
[pid 5036] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5036, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/bus") = 0
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 53.590042][ T5036] loop0: detected capacity change from 0 to 64
[ 53.598815][ T5036] hfs: unable to locate alternate MDB
[ 53.604238][ T5036] hfs: continuing without an alternate MDB
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5037
./strace-static-x86_64: Process 5037 attached
[pid 5037] set_robust_list(0x555556430660, 24) = 0
[pid 5037] chdir("./6") = 0
[pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5037] setpgid(0, 0) = 0
[pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5037] write(3, "1000", 4) = 4
[pid 5037] close(3) = 0
[pid 5037] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5037] memfd_create("syzkaller", 0) = 3
[pid 5037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5037] munmap(0x7f3686492000, 32768) = 0
[pid 5037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5037] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5037] close(3) = 0
[pid 5037] mkdir("./bus", 0777) = 0
[pid 5037] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5037] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5037] chdir("./bus") = 0
[pid 5037] ioctl(4, LOOP_CLR_FD) = 0
[pid 5037] close(4) = 0
[pid 5037] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5037] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5037] write(5, "9", 1) = 1
[ 53.665079][ T5037] loop0: detected capacity change from 0 to 64
[ 53.674450][ T5037] hfs: unable to locate alternate MDB
[ 53.679887][ T5037] hfs: continuing without an alternate MDB
[ 53.691435][ T5037] FAULT_INJECTION: forcing a failure.
[ 53.691435][ T5037] name failslab, interval 1, probability 0, space 0, times 0
[ 53.704301][ T5037] CPU: 0 PID: 5037 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 53.714721][ T5037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 53.724770][ T5037] Call Trace:
[ 53.728039][ T5037]
[ 53.730955][ T5037] dump_stack_lvl+0x1e7/0x2d0
[ 53.735624][ T5037] ? nf_tcp_handle_invalid+0x650/0x650
[ 53.741072][ T5037] ? panic+0x770/0x770
[ 53.745126][ T5037] ? rcu_is_watching+0x15/0xb0
[ 53.749874][ T5037] ? trace_contention_end+0x3c/0xf0
[ 53.755061][ T5037] should_fail_ex+0x3aa/0x4e0
[ 53.759725][ T5037] should_failslab+0x9/0x20
[ 53.764218][ T5037] slab_pre_alloc_hook+0x59/0x2b0
[ 53.769232][ T5037] ? hfs_find_init+0x90/0x1f0
[ 53.773893][ T5037] __kmem_cache_alloc_node+0x4b/0x270
[ 53.779258][ T5037] ? lock_release+0xbf/0x9d0
[ 53.783838][ T5037] ? hfs_find_init+0x90/0x1f0
[ 53.788500][ T5037] __kmalloc+0xa8/0x230
[ 53.792642][ T5037] hfs_find_init+0x90/0x1f0
[ 53.797131][ T5037] hfs_extend_file+0x31b/0x1440
[ 53.801969][ T5037] ? hfs_get_block+0xb60/0xb60
[ 53.806727][ T5037] ? find_lock_entries+0x10d0/0x10d0
[ 53.812005][ T5037] ? clean_bdev_aliases+0x66a/0x770
[ 53.817191][ T5037] hfs_get_block+0x3e4/0xb60
[ 53.821778][ T5037] ? hfs_free_extents+0x420/0x420
[ 53.826792][ T5037] ? _raw_spin_unlock+0x28/0x40
[ 53.831628][ T5037] ? folio_create_buffers+0x132/0x250
[ 53.836984][ T5037] __block_write_begin_int+0x555/0x1a40
[ 53.842522][ T5037] ? hfs_free_extents+0x420/0x420
[ 53.847531][ T5037] ? folio_zero_new_buffers+0x530/0x530
[ 53.853062][ T5037] ? pagecache_get_page+0x243/0x590
[ 53.858245][ T5037] ? hfs_free_extents+0x420/0x420
[ 53.863255][ T5037] block_write_begin+0x9b/0x1e0
[ 53.868104][ T5037] cont_write_begin+0x643/0x880
[ 53.872956][ T5037] ? fault_in_readable+0x165/0x2b0
[ 53.878055][ T5037] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 53.883934][ T5037] ? fault_in_readable+0x1a6/0x2b0
[ 53.889035][ T5037] ? fault_in_safe_writeable+0x260/0x260
[ 53.894659][ T5037] hfs_write_begin+0x8a/0xd0
[ 53.899239][ T5037] ? hfs_free_extents+0x420/0x420
[ 53.904251][ T5037] generic_perform_write+0x31b/0x630
[ 53.909533][ T5037] ? generic_file_direct_write+0x3f0/0x3f0
[ 53.915323][ T5037] ? __mnt_drop_write_file+0xc2/0x100
[ 53.920686][ T5037] ? __generic_file_write_iter+0x101/0x230
[ 53.926479][ T5037] generic_file_write_iter+0xaf/0x310
[ 53.931858][ T5037] vfs_write+0x782/0xaf0
[ 53.936113][ T5037] ? file_end_write+0x250/0x250
[ 53.940953][ T5037] ? __asan_memset+0x23/0x40
[ 53.945535][ T5037] ? __fdget_pos+0x2c7/0x340
[ 53.950130][ T5037] ksys_write+0x1a0/0x2c0
[ 53.954483][ T5037] ? __ia32_sys_read+0x90/0x90
[ 53.959240][ T5037] ? rcu_is_watching+0x15/0xb0
[ 53.963992][ T5037] ? syscall_enter_from_user_mode+0x8c/0x230
[ 53.969963][ T5037] do_syscall_64+0x41/0xc0
[ 53.974378][ T5037] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 53.980281][ T5037] RIP: 0033:0x7f368e8d11e9
[ 53.984690][ T5037] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 54.004289][ T5037] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5037] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5037] exit_group(0) = ?
[pid 5037] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5037, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/bus") = 0
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5038 attached
, child_tidptr=0x555556430650) = 5038
[pid 5038] set_robust_list(0x555556430660, 24) = 0
[pid 5038] chdir("./7") = 0
[pid 5038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5038] setpgid(0, 0) = 0
[pid 5038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5038] write(3, "1000", 4) = 4
[pid 5038] close(3) = 0
[ 54.012690][ T5037] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 54.020646][ T5037] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 54.028602][ T5037] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 54.036567][ T5037] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 54.044532][ T5037] R13: 0000000000000006 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 54.052493][ T5037]
[ 54.056831][ T5037] hfs_btree_del_level
[pid 5038] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5038] memfd_create("syzkaller", 0) = 3
[pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5038] munmap(0x7f3686492000, 32768) = 0
[pid 5038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5038] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5038] close(3) = 0
[pid 5038] mkdir("./bus", 0777) = 0
[pid 5038] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5038] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5038] chdir("./bus") = 0
[pid 5038] ioctl(4, LOOP_CLR_FD) = 0
[pid 5038] close(4) = 0
[pid 5038] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5038] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5038] write(5, "9", 1) = 1
[ 54.104078][ T5038] loop0: detected capacity change from 0 to 64
[ 54.112672][ T5038] hfs: unable to locate alternate MDB
[ 54.118419][ T5038] hfs: continuing without an alternate MDB
[ 54.129720][ T5038] FAULT_INJECTION: forcing a failure.
[ 54.129720][ T5038] name failslab, interval 1, probability 0, space 0, times 0
[ 54.142657][ T5038] CPU: 0 PID: 5038 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 54.153076][ T5038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 54.163129][ T5038] Call Trace:
[ 54.166397][ T5038]
[ 54.169316][ T5038] dump_stack_lvl+0x1e7/0x2d0
[ 54.173986][ T5038] ? nf_tcp_handle_invalid+0x650/0x650
[ 54.179432][ T5038] ? panic+0x770/0x770
[ 54.183484][ T5038] ? rcu_is_watching+0x15/0xb0
[ 54.188234][ T5038] ? trace_contention_end+0x3c/0xf0
[ 54.193419][ T5038] should_fail_ex+0x3aa/0x4e0
[ 54.198083][ T5038] should_failslab+0x9/0x20
[ 54.202573][ T5038] slab_pre_alloc_hook+0x59/0x2b0
[ 54.207597][ T5038] ? hfs_find_init+0x90/0x1f0
[ 54.212258][ T5038] __kmem_cache_alloc_node+0x4b/0x270
[ 54.217616][ T5038] ? lock_release+0xbf/0x9d0
[ 54.222200][ T5038] ? hfs_find_init+0x90/0x1f0
[ 54.226862][ T5038] __kmalloc+0xa8/0x230
[ 54.231012][ T5038] hfs_find_init+0x90/0x1f0
[ 54.235501][ T5038] hfs_extend_file+0x31b/0x1440
[ 54.240340][ T5038] ? hfs_get_block+0xb60/0xb60
[ 54.245094][ T5038] ? find_lock_entries+0x10d0/0x10d0
[ 54.250372][ T5038] ? clean_bdev_aliases+0x66a/0x770
[ 54.255566][ T5038] hfs_get_block+0x3e4/0xb60
[ 54.260152][ T5038] ? hfs_free_extents+0x420/0x420
[ 54.265169][ T5038] ? _raw_spin_unlock+0x28/0x40
[ 54.270008][ T5038] ? folio_create_buffers+0x132/0x250
[ 54.275366][ T5038] __block_write_begin_int+0x555/0x1a40
[ 54.280910][ T5038] ? hfs_free_extents+0x420/0x420
[ 54.285919][ T5038] ? folio_zero_new_buffers+0x530/0x530
[ 54.291449][ T5038] ? pagecache_get_page+0x243/0x590
[ 54.296635][ T5038] ? hfs_free_extents+0x420/0x420
[ 54.301644][ T5038] block_write_begin+0x9b/0x1e0
[ 54.306481][ T5038] cont_write_begin+0x643/0x880
[ 54.311337][ T5038] ? fault_in_readable+0x165/0x2b0
[ 54.316466][ T5038] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 54.322355][ T5038] ? fault_in_readable+0x1a6/0x2b0
[ 54.327461][ T5038] ? fault_in_safe_writeable+0x260/0x260
[ 54.333085][ T5038] hfs_write_begin+0x8a/0xd0
[ 54.337663][ T5038] ? hfs_free_extents+0x420/0x420
[ 54.342675][ T5038] generic_perform_write+0x31b/0x630
[ 54.347960][ T5038] ? generic_file_direct_write+0x3f0/0x3f0
[ 54.353756][ T5038] ? __mnt_drop_write_file+0xc2/0x100
[ 54.359122][ T5038] ? __generic_file_write_iter+0x101/0x230
[ 54.364918][ T5038] generic_file_write_iter+0xaf/0x310
[ 54.370279][ T5038] vfs_write+0x782/0xaf0
[ 54.374513][ T5038] ? file_end_write+0x250/0x250
[ 54.379349][ T5038] ? __asan_memset+0x23/0x40
[ 54.383933][ T5038] ? __fdget_pos+0x2c7/0x340
[ 54.388513][ T5038] ksys_write+0x1a0/0x2c0
[ 54.392832][ T5038] ? __ia32_sys_read+0x90/0x90
[ 54.397591][ T5038] ? rcu_is_watching+0x15/0xb0
[ 54.402345][ T5038] ? syscall_enter_from_user_mode+0x8c/0x230
[ 54.408320][ T5038] do_syscall_64+0x41/0xc0
[ 54.412729][ T5038] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.418614][ T5038] RIP: 0033:0x7f368e8d11e9
[ 54.423020][ T5038] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 54.442613][ T5038] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5038] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5038] exit_group(0) = ?
[pid 5038] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5038, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/bus") = 0
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5039
./strace-static-x86_64: Process 5039 attached
[pid 5039] set_robust_list(0x555556430660, 24) = 0
[pid 5039] chdir("./8") = 0
[pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5039] setpgid(0, 0) = 0
[pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5039] write(3, "1000", 4) = 4
[pid 5039] close(3) = 0
[pid 5039] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5039] memfd_create("syzkaller", 0) = 3
[pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5039] munmap(0x7f3686492000, 32768) = 0
[pid 5039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 54.451014][ T5038] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 54.458970][ T5038] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 54.466928][ T5038] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 54.474894][ T5038] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 54.482855][ T5038] R13: 0000000000000007 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 54.490816][ T5038]
[ 54.494331][ T5038] hfs_btree_del_level
[pid 5039] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5039] close(3) = 0
[pid 5039] mkdir("./bus", 0777) = 0
[pid 5039] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5039] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5039] chdir("./bus") = 0
[pid 5039] ioctl(4, LOOP_CLR_FD) = 0
[pid 5039] close(4) = 0
[pid 5039] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5039] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5039] write(5, "9", 1) = 1
[pid 5039] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5039] exit_group(0) = ?
[pid 5039] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/bus") = 0
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 54.535127][ T5039] loop0: detected capacity change from 0 to 64
[ 54.543995][ T5039] hfs: unable to locate alternate MDB
[ 54.549358][ T5039] hfs: continuing without an alternate MDB
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5040 attached
, child_tidptr=0x555556430650) = 5040
[pid 5040] set_robust_list(0x555556430660, 24) = 0
[pid 5040] chdir("./9") = 0
[pid 5040] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5040] setpgid(0, 0) = 0
[pid 5040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5040] write(3, "1000", 4) = 4
[pid 5040] close(3) = 0
[pid 5040] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5040] memfd_create("syzkaller", 0) = 3
[pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5040] munmap(0x7f3686492000, 32768) = 0
[pid 5040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5040] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5040] close(3) = 0
[pid 5040] mkdir("./bus", 0777) = 0
[pid 5040] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5040] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5040] chdir("./bus") = 0
[pid 5040] ioctl(4, LOOP_CLR_FD) = 0
[pid 5040] close(4) = 0
[pid 5040] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5040] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5040] write(5, "9", 1) = 1
[pid 5040] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5040] exit_group(0) = ?
[pid 5040] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5040, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/bus") = 0
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5041
./strace-static-x86_64: Process 5041 attached
[ 54.611210][ T5040] loop0: detected capacity change from 0 to 64
[ 54.620281][ T5040] hfs: unable to locate alternate MDB
[ 54.625822][ T5040] hfs: continuing without an alternate MDB
[pid 5041] set_robust_list(0x555556430660, 24) = 0
[pid 5041] chdir("./10") = 0
[pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5041] setpgid(0, 0) = 0
[pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5041] write(3, "1000", 4) = 4
[pid 5041] close(3) = 0
[pid 5041] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5041] memfd_create("syzkaller", 0) = 3
[pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5041] munmap(0x7f3686492000, 32768) = 0
[pid 5041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5041] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5041] close(3) = 0
[pid 5041] mkdir("./bus", 0777) = 0
[pid 5041] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5041] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5041] chdir("./bus") = 0
[pid 5041] ioctl(4, LOOP_CLR_FD) = 0
[pid 5041] close(4) = 0
[pid 5041] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5041] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5041] write(5, "9", 1) = 1
[ 54.683273][ T5041] loop0: detected capacity change from 0 to 64
[ 54.692213][ T5041] hfs: unable to locate alternate MDB
[ 54.698541][ T5041] hfs: continuing without an alternate MDB
[ 54.713446][ T5041] FAULT_INJECTION: forcing a failure.
[ 54.713446][ T5041] name failslab, interval 1, probability 0, space 0, times 0
[ 54.726301][ T5041] CPU: 0 PID: 5041 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 54.736697][ T5041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 54.746736][ T5041] Call Trace:
[ 54.750001][ T5041]
[ 54.752918][ T5041] dump_stack_lvl+0x1e7/0x2d0
[ 54.757588][ T5041] ? nf_tcp_handle_invalid+0x650/0x650
[ 54.763039][ T5041] ? panic+0x770/0x770
[ 54.767129][ T5041] ? rcu_is_watching+0x15/0xb0
[ 54.771876][ T5041] ? trace_contention_end+0x3c/0xf0
[ 54.777058][ T5041] should_fail_ex+0x3aa/0x4e0
[ 54.781721][ T5041] should_failslab+0x9/0x20
[ 54.786209][ T5041] slab_pre_alloc_hook+0x59/0x2b0
[ 54.791219][ T5041] ? hfs_find_init+0x90/0x1f0
[ 54.795878][ T5041] __kmem_cache_alloc_node+0x4b/0x270
[ 54.801235][ T5041] ? lock_release+0xbf/0x9d0
[ 54.805814][ T5041] ? hfs_find_init+0x90/0x1f0
[ 54.810476][ T5041] __kmalloc+0xa8/0x230
[ 54.814619][ T5041] hfs_find_init+0x90/0x1f0
[ 54.819129][ T5041] hfs_extend_file+0x31b/0x1440
[ 54.823964][ T5041] ? hfs_get_block+0xb60/0xb60
[ 54.828728][ T5041] ? find_lock_entries+0x10d0/0x10d0
[ 54.834026][ T5041] ? clean_bdev_aliases+0x66a/0x770
[ 54.839208][ T5041] hfs_get_block+0x3e4/0xb60
[ 54.843803][ T5041] ? hfs_free_extents+0x420/0x420
[ 54.848841][ T5041] ? _raw_spin_unlock+0x28/0x40
[ 54.853697][ T5041] ? folio_create_buffers+0x132/0x250
[ 54.859067][ T5041] __block_write_begin_int+0x555/0x1a40
[ 54.864600][ T5041] ? hfs_free_extents+0x420/0x420
[ 54.869607][ T5041] ? folio_zero_new_buffers+0x530/0x530
[ 54.875145][ T5041] ? pagecache_get_page+0x243/0x590
[ 54.880338][ T5041] ? hfs_free_extents+0x420/0x420
[ 54.885346][ T5041] block_write_begin+0x9b/0x1e0
[ 54.890192][ T5041] cont_write_begin+0x643/0x880
[ 54.895043][ T5041] ? fault_in_readable+0x165/0x2b0
[ 54.900158][ T5041] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 54.906047][ T5041] ? fault_in_readable+0x1a6/0x2b0
[ 54.911145][ T5041] ? fault_in_safe_writeable+0x260/0x260
[ 54.916764][ T5041] hfs_write_begin+0x8a/0xd0
[ 54.921343][ T5041] ? hfs_free_extents+0x420/0x420
[ 54.926366][ T5041] generic_perform_write+0x31b/0x630
[ 54.931658][ T5041] ? generic_file_direct_write+0x3f0/0x3f0
[ 54.937469][ T5041] ? __mnt_drop_write_file+0xc2/0x100
[ 54.942850][ T5041] ? __generic_file_write_iter+0x101/0x230
[ 54.948646][ T5041] generic_file_write_iter+0xaf/0x310
[ 54.954059][ T5041] vfs_write+0x782/0xaf0
[ 54.958300][ T5041] ? file_end_write+0x250/0x250
[ 54.963137][ T5041] ? __asan_memset+0x23/0x40
[ 54.967719][ T5041] ? __fdget_pos+0x2c7/0x340
[ 54.972294][ T5041] ksys_write+0x1a0/0x2c0
[ 54.976618][ T5041] ? __ia32_sys_read+0x90/0x90
[ 54.981385][ T5041] ? rcu_is_watching+0x15/0xb0
[ 54.986133][ T5041] ? syscall_enter_from_user_mode+0x8c/0x230
[ 54.992099][ T5041] do_syscall_64+0x41/0xc0
[ 54.996509][ T5041] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.002400][ T5041] RIP: 0033:0x7f368e8d11e9
[ 55.006798][ T5041] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 55.026387][ T5041] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5041] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5041] exit_group(0) = ?
[pid 5041] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/bus") = 0
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5042
./strace-static-x86_64: Process 5042 attached
[pid 5042] set_robust_list(0x555556430660, 24) = 0
[pid 5042] chdir("./11") = 0
[pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5042] setpgid(0, 0) = 0
[pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5042] write(3, "1000", 4) = 4
[pid 5042] close(3) = 0
[pid 5042] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5042] memfd_create("syzkaller", 0) = 3
[pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5042] munmap(0x7f3686492000, 32768) = 0
[pid 5042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 55.034790][ T5041] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 55.042758][ T5041] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 55.050720][ T5041] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 55.058686][ T5041] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 55.066675][ T5041] R13: 000000000000000a R14: 431bde82d7b634db R15: 00007ffecc946110
[ 55.074636][ T5041]
[ 55.079781][ T5041] hfs_btree_del_level
[pid 5042] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5042] close(3) = 0
[pid 5042] mkdir("./bus", 0777) = 0
[pid 5042] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5042] chdir("./bus") = 0
[pid 5042] ioctl(4, LOOP_CLR_FD) = 0
[pid 5042] close(4) = 0
[pid 5042] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5042] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5042] write(5, "9", 1) = 1
[ 55.114123][ T5042] loop0: detected capacity change from 0 to 64
[ 55.122330][ T5042] hfs: unable to locate alternate MDB
[ 55.128155][ T5042] hfs: continuing without an alternate MDB
[ 55.138780][ T5042] FAULT_INJECTION: forcing a failure.
[ 55.138780][ T5042] name failslab, interval 1, probability 0, space 0, times 0
[ 55.152104][ T5042] CPU: 0 PID: 5042 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 55.162533][ T5042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 55.172598][ T5042] Call Trace:
[ 55.175864][ T5042]
[ 55.178780][ T5042] dump_stack_lvl+0x1e7/0x2d0
[ 55.183448][ T5042] ? nf_tcp_handle_invalid+0x650/0x650
[ 55.188899][ T5042] ? panic+0x770/0x770
[ 55.192954][ T5042] ? rcu_is_watching+0x15/0xb0
[ 55.197710][ T5042] ? trace_contention_end+0x3c/0xf0
[ 55.202897][ T5042] should_fail_ex+0x3aa/0x4e0
[ 55.207562][ T5042] should_failslab+0x9/0x20
[ 55.212052][ T5042] slab_pre_alloc_hook+0x59/0x2b0
[ 55.217067][ T5042] ? hfs_find_init+0x90/0x1f0
[ 55.221728][ T5042] __kmem_cache_alloc_node+0x4b/0x270
[ 55.227086][ T5042] ? lock_release+0xbf/0x9d0
[ 55.231668][ T5042] ? hfs_find_init+0x90/0x1f0
[ 55.236330][ T5042] __kmalloc+0xa8/0x230
[ 55.240478][ T5042] hfs_find_init+0x90/0x1f0
[ 55.244970][ T5042] hfs_extend_file+0x31b/0x1440
[ 55.249810][ T5042] ? hfs_get_block+0xb60/0xb60
[ 55.254563][ T5042] ? find_lock_entries+0x10d0/0x10d0
[ 55.259839][ T5042] ? clean_bdev_aliases+0x66a/0x770
[ 55.265025][ T5042] hfs_get_block+0x3e4/0xb60
[ 55.269607][ T5042] ? hfs_free_extents+0x420/0x420
[ 55.274621][ T5042] ? _raw_spin_unlock+0x28/0x40
[ 55.279460][ T5042] ? folio_create_buffers+0x132/0x250
[ 55.284818][ T5042] __block_write_begin_int+0x555/0x1a40
[ 55.290357][ T5042] ? hfs_free_extents+0x420/0x420
[ 55.295368][ T5042] ? folio_zero_new_buffers+0x530/0x530
[ 55.300900][ T5042] ? pagecache_get_page+0x243/0x590
[ 55.306086][ T5042] ? hfs_free_extents+0x420/0x420
[ 55.311095][ T5042] block_write_begin+0x9b/0x1e0
[ 55.315930][ T5042] cont_write_begin+0x643/0x880
[ 55.320772][ T5042] ? fault_in_readable+0x165/0x2b0
[ 55.325870][ T5042] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 55.331747][ T5042] ? fault_in_readable+0x1a6/0x2b0
[ 55.336846][ T5042] ? fault_in_safe_writeable+0x260/0x260
[ 55.342469][ T5042] hfs_write_begin+0x8a/0xd0
[ 55.347053][ T5042] ? hfs_free_extents+0x420/0x420
[ 55.352065][ T5042] generic_perform_write+0x31b/0x630
[ 55.357344][ T5042] ? generic_file_direct_write+0x3f0/0x3f0
[ 55.363135][ T5042] ? __mnt_drop_write_file+0xc2/0x100
[ 55.368498][ T5042] ? __generic_file_write_iter+0x101/0x230
[ 55.374291][ T5042] generic_file_write_iter+0xaf/0x310
[ 55.379650][ T5042] vfs_write+0x782/0xaf0
[ 55.383885][ T5042] ? file_end_write+0x250/0x250
[ 55.388719][ T5042] ? __asan_memset+0x23/0x40
[ 55.393300][ T5042] ? __fdget_pos+0x2c7/0x340
[ 55.397881][ T5042] ksys_write+0x1a0/0x2c0
[ 55.402197][ T5042] ? __ia32_sys_read+0x90/0x90
[ 55.406951][ T5042] ? rcu_is_watching+0x15/0xb0
[ 55.411702][ T5042] ? syscall_enter_from_user_mode+0x8c/0x230
[ 55.417672][ T5042] do_syscall_64+0x41/0xc0
[ 55.422077][ T5042] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.427962][ T5042] RIP: 0033:0x7f368e8d11e9
[ 55.432362][ T5042] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 55.451953][ T5042] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5042] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5042] exit_group(0) = ?
[pid 5042] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/bus") = 0
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5043
./strace-static-x86_64: Process 5043 attached
[pid 5043] set_robust_list(0x555556430660, 24) = 0
[pid 5043] chdir("./12") = 0
[pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5043] setpgid(0, 0) = 0
[pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5043] write(3, "1000", 4) = 4
[pid 5043] close(3) = 0
[pid 5043] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5043] memfd_create("syzkaller", 0) = 3
[pid 5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5043] munmap(0x7f3686492000, 32768) = 0
[pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 55.460351][ T5042] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 55.468306][ T5042] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 55.476260][ T5042] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 55.484215][ T5042] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 55.492168][ T5042] R13: 000000000000000b R14: 431bde82d7b634db R15: 00007ffecc946110
[ 55.500131][ T5042]
[ 55.503693][ T5042] hfs_btree_del_level
[pid 5043] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5043] close(3) = 0
[pid 5043] mkdir("./bus", 0777) = 0
[pid 5043] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5043] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5043] chdir("./bus") = 0
[pid 5043] ioctl(4, LOOP_CLR_FD) = 0
[pid 5043] close(4) = 0
[pid 5043] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5043] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5043] write(5, "9", 1) = 1
[pid 5043] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5043] exit_group(0) = ?
[pid 5043] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5043, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/bus") = 0
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5044
./strace-static-x86_64: Process 5044 attached
[pid 5044] set_robust_list(0x555556430660, 24) = 0
[pid 5044] chdir("./13") = 0
[pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5044] setpgid(0, 0) = 0
[pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 55.534845][ T5043] loop0: detected capacity change from 0 to 64
[ 55.543448][ T5043] hfs: unable to locate alternate MDB
[ 55.548813][ T5043] hfs: continuing without an alternate MDB
[pid 5044] write(3, "1000", 4) = 4
[pid 5044] close(3) = 0
[pid 5044] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5044] memfd_create("syzkaller", 0) = 3
[pid 5044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5044] munmap(0x7f3686492000, 32768) = 0
[pid 5044] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5044] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5044] close(3) = 0
[pid 5044] mkdir("./bus", 0777) = 0
[pid 5044] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5044] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5044] chdir("./bus") = 0
[pid 5044] ioctl(4, LOOP_CLR_FD) = 0
[pid 5044] close(4) = 0
[pid 5044] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5044] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5044] write(5, "9", 1) = 1
[pid 5044] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5044] exit_group(0) = ?
[pid 5044] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5044, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/bus") = 0
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5045 attached
, child_tidptr=0x555556430650) = 5045
[pid 5045] set_robust_list(0x555556430660, 24) = 0
[pid 5045] chdir("./14") = 0
[pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5045] setpgid(0, 0) = 0
[ 55.601586][ T5044] loop0: detected capacity change from 0 to 64
[ 55.611039][ T5044] hfs: unable to locate alternate MDB
[ 55.617743][ T5044] hfs: continuing without an alternate MDB
[pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5045] write(3, "1000", 4) = 4
[pid 5045] close(3) = 0
[pid 5045] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5045] memfd_create("syzkaller", 0) = 3
[pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5045] munmap(0x7f3686492000, 32768) = 0
[pid 5045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5045] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5045] close(3) = 0
[pid 5045] mkdir("./bus", 0777) = 0
[pid 5045] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5045] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5045] chdir("./bus") = 0
[pid 5045] ioctl(4, LOOP_CLR_FD) = 0
[pid 5045] close(4) = 0
[pid 5045] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5045] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5045] write(5, "9", 1) = 1
[pid 5045] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5045] exit_group(0) = ?
[pid 5045] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/bus") = 0
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5046 attached
, child_tidptr=0x555556430650) = 5046
[pid 5046] set_robust_list(0x555556430660, 24) = 0
[pid 5046] chdir("./15") = 0
[pid 5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5046] setpgid(0, 0) = 0
[pid 5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5046] write(3, "1000", 4) = 4
[pid 5046] close(3) = 0
[pid 5046] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5046] memfd_create("syzkaller", 0) = 3
[pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[ 55.666291][ T5045] loop0: detected capacity change from 0 to 64
[ 55.675417][ T5045] hfs: unable to locate alternate MDB
[ 55.680840][ T5045] hfs: continuing without an alternate MDB
[pid 5046] munmap(0x7f3686492000, 32768) = 0
[pid 5046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5046] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5046] close(3) = 0
[pid 5046] mkdir("./bus", 0777) = 0
[pid 5046] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5046] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5046] chdir("./bus") = 0
[pid 5046] ioctl(4, LOOP_CLR_FD) = 0
[pid 5046] close(4) = 0
[pid 5046] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5046] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5046] write(5, "9", 1) = 1
[pid 5046] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5046] exit_group(0) = ?
[pid 5046] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5046, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/bus") = 0
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5047 attached
, child_tidptr=0x555556430650) = 5047
[pid 5047] set_robust_list(0x555556430660, 24) = 0
[pid 5047] chdir("./16") = 0
[pid 5047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5047] setpgid(0, 0) = 0
[pid 5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5047] write(3, "1000", 4) = 4
[pid 5047] close(3) = 0
[pid 5047] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5047] memfd_create("syzkaller", 0) = 3
[pid 5047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[ 55.727922][ T5046] loop0: detected capacity change from 0 to 64
[ 55.737244][ T5046] hfs: unable to locate alternate MDB
[ 55.742607][ T5046] hfs: continuing without an alternate MDB
[pid 5047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5047] munmap(0x7f3686492000, 32768) = 0
[pid 5047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5047] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5047] close(3) = 0
[pid 5047] mkdir("./bus", 0777) = 0
[pid 5047] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5047] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5047] chdir("./bus") = 0
[pid 5047] ioctl(4, LOOP_CLR_FD) = 0
[pid 5047] close(4) = 0
[pid 5047] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5047] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5047] write(5, "9", 1) = 1
[ 55.792049][ T5047] loop0: detected capacity change from 0 to 64
[ 55.802118][ T5047] hfs: unable to locate alternate MDB
[ 55.808257][ T5047] hfs: continuing without an alternate MDB
[ 55.818814][ T5047] FAULT_INJECTION: forcing a failure.
[ 55.818814][ T5047] name failslab, interval 1, probability 0, space 0, times 0
[ 55.831612][ T5047] CPU: 0 PID: 5047 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 55.842027][ T5047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 55.852067][ T5047] Call Trace:
[ 55.855335][ T5047]
[ 55.858253][ T5047] dump_stack_lvl+0x1e7/0x2d0
[ 55.862921][ T5047] ? nf_tcp_handle_invalid+0x650/0x650
[ 55.868374][ T5047] ? panic+0x770/0x770
[ 55.872439][ T5047] ? rcu_is_watching+0x15/0xb0
[ 55.877186][ T5047] ? trace_contention_end+0x3c/0xf0
[ 55.882372][ T5047] should_fail_ex+0x3aa/0x4e0
[ 55.887035][ T5047] should_failslab+0x9/0x20
[ 55.891527][ T5047] slab_pre_alloc_hook+0x59/0x2b0
[ 55.896538][ T5047] ? hfs_find_init+0x90/0x1f0
[ 55.901200][ T5047] __kmem_cache_alloc_node+0x4b/0x270
[ 55.906569][ T5047] ? lock_release+0xbf/0x9d0
[ 55.911163][ T5047] ? hfs_find_init+0x90/0x1f0
[ 55.915824][ T5047] __kmalloc+0xa8/0x230
[ 55.919966][ T5047] hfs_find_init+0x90/0x1f0
[ 55.924454][ T5047] hfs_extend_file+0x31b/0x1440
[ 55.929290][ T5047] ? hfs_get_block+0xb60/0xb60
[ 55.934039][ T5047] ? find_lock_entries+0x10d0/0x10d0
[ 55.939314][ T5047] ? clean_bdev_aliases+0x66a/0x770
[ 55.944494][ T5047] hfs_get_block+0x3e4/0xb60
[ 55.949105][ T5047] ? hfs_free_extents+0x420/0x420
[ 55.954115][ T5047] ? _raw_spin_unlock+0x28/0x40
[ 55.958949][ T5047] ? folio_create_buffers+0x132/0x250
[ 55.964303][ T5047] __block_write_begin_int+0x555/0x1a40
[ 55.969840][ T5047] ? hfs_free_extents+0x420/0x420
[ 55.974852][ T5047] ? folio_zero_new_buffers+0x530/0x530
[ 55.980377][ T5047] ? pagecache_get_page+0x243/0x590
[ 55.985557][ T5047] ? hfs_free_extents+0x420/0x420
[ 55.990571][ T5047] block_write_begin+0x9b/0x1e0
[ 55.995417][ T5047] cont_write_begin+0x643/0x880
[ 56.000255][ T5047] ? fault_in_readable+0x165/0x2b0
[ 56.005352][ T5047] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 56.011225][ T5047] ? fault_in_readable+0x1a6/0x2b0
[ 56.016323][ T5047] ? fault_in_safe_writeable+0x260/0x260
[ 56.022029][ T5047] hfs_write_begin+0x8a/0xd0
[ 56.026604][ T5047] ? hfs_free_extents+0x420/0x420
[ 56.031616][ T5047] generic_perform_write+0x31b/0x630
[ 56.036890][ T5047] ? generic_file_direct_write+0x3f0/0x3f0
[ 56.042795][ T5047] ? __mnt_drop_write_file+0xc2/0x100
[ 56.048172][ T5047] ? __generic_file_write_iter+0x101/0x230
[ 56.053965][ T5047] generic_file_write_iter+0xaf/0x310
[ 56.059323][ T5047] vfs_write+0x782/0xaf0
[ 56.063559][ T5047] ? file_end_write+0x250/0x250
[ 56.068397][ T5047] ? __asan_memset+0x23/0x40
[ 56.072983][ T5047] ? __fdget_pos+0x2c7/0x340
[ 56.077564][ T5047] ksys_write+0x1a0/0x2c0
[ 56.081926][ T5047] ? __ia32_sys_read+0x90/0x90
[ 56.086679][ T5047] ? rcu_is_watching+0x15/0xb0
[ 56.091434][ T5047] ? syscall_enter_from_user_mode+0x8c/0x230
[ 56.097419][ T5047] do_syscall_64+0x41/0xc0
[ 56.101822][ T5047] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.107701][ T5047] RIP: 0033:0x7f368e8d11e9
[ 56.112104][ T5047] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 56.131699][ T5047] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5047] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5047] exit_group(0) = ?
[pid 5047] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5047, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/bus") = 0
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5048
./strace-static-x86_64: Process 5048 attached
[pid 5048] set_robust_list(0x555556430660, 24) = 0
[pid 5048] chdir("./17") = 0
[pid 5048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5048] setpgid(0, 0) = 0
[pid 5048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 56.140118][ T5047] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 56.148080][ T5047] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 56.156045][ T5047] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 56.164000][ T5047] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 56.171961][ T5047] R13: 0000000000000010 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 56.179925][ T5047]
[ 56.184723][ T5047] hfs_btree_del_level
[pid 5048] write(3, "1000", 4) = 4
[pid 5048] close(3) = 0
[pid 5048] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5048] memfd_create("syzkaller", 0) = 3
[pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5048] munmap(0x7f3686492000, 32768) = 0
[pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5048] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5048] close(3) = 0
[pid 5048] mkdir("./bus", 0777) = 0
[pid 5048] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5048] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5048] chdir("./bus") = 0
[pid 5048] ioctl(4, LOOP_CLR_FD) = 0
[pid 5048] close(4) = 0
[pid 5048] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5048] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5048] write(5, "9", 1) = 1
[ 56.234968][ T5048] loop0: detected capacity change from 0 to 64
[ 56.244055][ T5048] hfs: unable to locate alternate MDB
[ 56.249559][ T5048] hfs: continuing without an alternate MDB
[ 56.262393][ T5048] FAULT_INJECTION: forcing a failure.
[ 56.262393][ T5048] name failslab, interval 1, probability 0, space 0, times 0
[ 56.275444][ T5048] CPU: 0 PID: 5048 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 56.285863][ T5048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 56.295926][ T5048] Call Trace:
[ 56.299187][ T5048]
[ 56.302114][ T5048] dump_stack_lvl+0x1e7/0x2d0
[ 56.306953][ T5048] ? nf_tcp_handle_invalid+0x650/0x650
[ 56.312392][ T5048] ? panic+0x770/0x770
[ 56.316438][ T5048] ? rcu_is_watching+0x15/0xb0
[ 56.321179][ T5048] ? trace_contention_end+0x3c/0xf0
[ 56.326359][ T5048] should_fail_ex+0x3aa/0x4e0
[ 56.331015][ T5048] should_failslab+0x9/0x20
[ 56.335501][ T5048] slab_pre_alloc_hook+0x59/0x2b0
[ 56.340507][ T5048] ? hfs_find_init+0x90/0x1f0
[ 56.345160][ T5048] __kmem_cache_alloc_node+0x4b/0x270
[ 56.350510][ T5048] ? lock_release+0xbf/0x9d0
[ 56.355085][ T5048] ? hfs_find_init+0x90/0x1f0
[ 56.359737][ T5048] __kmalloc+0xa8/0x230
[ 56.363878][ T5048] hfs_find_init+0x90/0x1f0
[ 56.368361][ T5048] hfs_extend_file+0x31b/0x1440
[ 56.373193][ T5048] ? hfs_get_block+0xb60/0xb60
[ 56.377936][ T5048] ? find_lock_entries+0x10d0/0x10d0
[ 56.383202][ T5048] ? clean_bdev_aliases+0x66a/0x770
[ 56.388377][ T5048] hfs_get_block+0x3e4/0xb60
[ 56.392948][ T5048] ? hfs_free_extents+0x420/0x420
[ 56.397954][ T5048] ? _raw_spin_unlock+0x28/0x40
[ 56.402788][ T5048] ? folio_create_buffers+0x132/0x250
[ 56.408150][ T5048] __block_write_begin_int+0x555/0x1a40
[ 56.413678][ T5048] ? hfs_free_extents+0x420/0x420
[ 56.418681][ T5048] ? folio_zero_new_buffers+0x530/0x530
[ 56.424207][ T5048] ? pagecache_get_page+0x243/0x590
[ 56.429384][ T5048] ? hfs_free_extents+0x420/0x420
[ 56.434388][ T5048] block_write_begin+0x9b/0x1e0
[ 56.439217][ T5048] cont_write_begin+0x643/0x880
[ 56.444047][ T5048] ? fault_in_readable+0x165/0x2b0
[ 56.449138][ T5048] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 56.455007][ T5048] ? fault_in_readable+0x1a6/0x2b0
[ 56.460095][ T5048] ? fault_in_safe_writeable+0x260/0x260
[ 56.465710][ T5048] hfs_write_begin+0x8a/0xd0
[ 56.470277][ T5048] ? hfs_free_extents+0x420/0x420
[ 56.475281][ T5048] generic_perform_write+0x31b/0x630
[ 56.480548][ T5048] ? generic_file_direct_write+0x3f0/0x3f0
[ 56.486333][ T5048] ? __mnt_drop_write_file+0xc2/0x100
[ 56.491687][ T5048] ? __generic_file_write_iter+0x101/0x230
[ 56.497476][ T5048] generic_file_write_iter+0xaf/0x310
[ 56.502841][ T5048] vfs_write+0x782/0xaf0
[ 56.507067][ T5048] ? file_end_write+0x250/0x250
[ 56.511907][ T5048] ? __asan_memset+0x23/0x40
[ 56.516490][ T5048] ? __fdget_pos+0x2c7/0x340
[ 56.521086][ T5048] ksys_write+0x1a0/0x2c0
[ 56.525399][ T5048] ? __ia32_sys_read+0x90/0x90
[ 56.530147][ T5048] ? rcu_is_watching+0x15/0xb0
[ 56.534891][ T5048] ? syscall_enter_from_user_mode+0x8c/0x230
[ 56.540857][ T5048] do_syscall_64+0x41/0xc0
[ 56.545257][ T5048] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 56.551132][ T5048] RIP: 0033:0x7f368e8d11e9
[ 56.555528][ T5048] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 56.575114][ T5048] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5048] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5048] exit_group(0) = ?
[pid 5048] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5048, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/bus") = 0
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5049
./strace-static-x86_64: Process 5049 attached
[pid 5049] set_robust_list(0x555556430660, 24) = 0
[pid 5049] chdir("./18") = 0
[pid 5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5049] setpgid(0, 0) = 0
[pid 5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5049] write(3, "1000", 4) = 4
[pid 5049] close(3) = 0
[pid 5049] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5049] memfd_create("syzkaller", 0) = 3
[pid 5049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5049] munmap(0x7f3686492000, 32768) = 0
[pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 56.583507][ T5048] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 56.591455][ T5048] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 56.599404][ T5048] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 56.607355][ T5048] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 56.615305][ T5048] R13: 0000000000000011 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 56.623261][ T5048]
[ 56.627274][ T5048] hfs_btree_del_level
[pid 5049] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5049] close(3) = 0
[pid 5049] mkdir("./bus", 0777) = 0
[pid 5049] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5049] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5049] chdir("./bus") = 0
[pid 5049] ioctl(4, LOOP_CLR_FD) = 0
[pid 5049] close(4) = 0
[pid 5049] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5049] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5049] write(5, "9", 1) = 1
[pid 5049] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5049] exit_group(0) = ?
[pid 5049] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5049, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/bus") = 0
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5050
./strace-static-x86_64: Process 5050 attached
[pid 5050] set_robust_list(0x555556430660, 24) = 0
[pid 5050] chdir("./19") = 0
[pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5050] setpgid(0, 0) = 0
[pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 56.658686][ T5049] loop0: detected capacity change from 0 to 64
[ 56.667162][ T5049] hfs: unable to locate alternate MDB
[ 56.672531][ T5049] hfs: continuing without an alternate MDB
[pid 5050] write(3, "1000", 4) = 4
[pid 5050] close(3) = 0
[pid 5050] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5050] memfd_create("syzkaller", 0) = 3
[pid 5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5050] munmap(0x7f3686492000, 32768) = 0
[pid 5050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5050] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5050] close(3) = 0
[pid 5050] mkdir("./bus", 0777) = 0
[pid 5050] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5050] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5050] chdir("./bus") = 0
[pid 5050] ioctl(4, LOOP_CLR_FD) = 0
[pid 5050] close(4) = 0
[pid 5050] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5050] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5050] write(5, "9", 1) = 1
[pid 5050] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5050] exit_group(0) = ?
[pid 5050] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/bus") = 0
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5051 attached
, child_tidptr=0x555556430650) = 5051
[pid 5051] set_robust_list(0x555556430660, 24) = 0
[pid 5051] chdir("./20") = 0
[pid 5051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5051] setpgid(0, 0) = 0
[pid 5051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 56.725508][ T5050] loop0: detected capacity change from 0 to 64
[ 56.735784][ T5050] hfs: unable to locate alternate MDB
[ 56.741211][ T5050] hfs: continuing without an alternate MDB
[pid 5051] write(3, "1000", 4) = 4
[pid 5051] close(3) = 0
[pid 5051] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5051] memfd_create("syzkaller", 0) = 3
[pid 5051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5051] munmap(0x7f3686492000, 32768) = 0
[pid 5051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5051] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5051] close(3) = 0
[pid 5051] mkdir("./bus", 0777) = 0
[pid 5051] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5051] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5051] chdir("./bus") = 0
[pid 5051] ioctl(4, LOOP_CLR_FD) = 0
[pid 5051] close(4) = 0
[pid 5051] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5051] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5051] write(5, "9", 1) = 1
[ 56.796112][ T5051] loop0: detected capacity change from 0 to 64
[ 56.805417][ T5051] hfs: unable to locate alternate MDB
[ 56.810791][ T5051] hfs: continuing without an alternate MDB
[ 56.824101][ T5051] FAULT_INJECTION: forcing a failure.
[ 56.824101][ T5051] name failslab, interval 1, probability 0, space 0, times 0
[ 56.836919][ T5051] CPU: 1 PID: 5051 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 56.847339][ T5051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 56.857378][ T5051] Call Trace:
[ 56.860643][ T5051]
[ 56.863557][ T5051] dump_stack_lvl+0x1e7/0x2d0
[ 56.868222][ T5051] ? nf_tcp_handle_invalid+0x650/0x650
[ 56.873667][ T5051] ? panic+0x770/0x770
[ 56.877731][ T5051] ? rcu_is_watching+0x15/0xb0
[ 56.882492][ T5051] ? trace_contention_end+0x3c/0xf0
[ 56.887680][ T5051] should_fail_ex+0x3aa/0x4e0
[ 56.892350][ T5051] should_failslab+0x9/0x20
[ 56.896843][ T5051] slab_pre_alloc_hook+0x59/0x2b0
[ 56.901862][ T5051] ? hfs_find_init+0x90/0x1f0
[ 56.906526][ T5051] __kmem_cache_alloc_node+0x4b/0x270
[ 56.911884][ T5051] ? lock_release+0xbf/0x9d0
[ 56.916466][ T5051] ? hfs_find_init+0x90/0x1f0
[ 56.921128][ T5051] __kmalloc+0xa8/0x230
[ 56.925276][ T5051] hfs_find_init+0x90/0x1f0
[ 56.929767][ T5051] hfs_extend_file+0x31b/0x1440
[ 56.934614][ T5051] ? hfs_get_block+0xb60/0xb60
[ 56.939365][ T5051] ? find_lock_entries+0x10d0/0x10d0
[ 56.944641][ T5051] ? clean_bdev_aliases+0x66a/0x770
[ 56.949826][ T5051] hfs_get_block+0x3e4/0xb60
[ 56.954408][ T5051] ? hfs_free_extents+0x420/0x420
[ 56.959425][ T5051] ? _raw_spin_unlock+0x28/0x40
[ 56.964264][ T5051] ? folio_create_buffers+0x132/0x250
[ 56.969622][ T5051] __block_write_begin_int+0x555/0x1a40
[ 56.975159][ T5051] ? hfs_free_extents+0x420/0x420
[ 56.980168][ T5051] ? folio_zero_new_buffers+0x530/0x530
[ 56.985698][ T5051] ? pagecache_get_page+0x243/0x590
[ 56.990883][ T5051] ? hfs_free_extents+0x420/0x420
[ 56.995891][ T5051] block_write_begin+0x9b/0x1e0
[ 57.000727][ T5051] cont_write_begin+0x643/0x880
[ 57.005564][ T5051] ? fault_in_readable+0x165/0x2b0
[ 57.010670][ T5051] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 57.016546][ T5051] ? fault_in_readable+0x1a6/0x2b0
[ 57.021646][ T5051] ? fault_in_safe_writeable+0x260/0x260
[ 57.027267][ T5051] hfs_write_begin+0x8a/0xd0
[ 57.031843][ T5051] ? hfs_free_extents+0x420/0x420
[ 57.036853][ T5051] generic_perform_write+0x31b/0x630
[ 57.042130][ T5051] ? generic_file_direct_write+0x3f0/0x3f0
[ 57.047920][ T5051] ? __mnt_drop_write_file+0xc2/0x100
[ 57.053283][ T5051] ? __generic_file_write_iter+0x101/0x230
[ 57.059074][ T5051] generic_file_write_iter+0xaf/0x310
[ 57.064434][ T5051] vfs_write+0x782/0xaf0
[ 57.068684][ T5051] ? file_end_write+0x250/0x250
[ 57.073536][ T5051] ? __asan_memset+0x23/0x40
[ 57.078117][ T5051] ? __fdget_pos+0x2c7/0x340
[ 57.082694][ T5051] ksys_write+0x1a0/0x2c0
[ 57.087017][ T5051] ? __ia32_sys_read+0x90/0x90
[ 57.091768][ T5051] ? rcu_is_watching+0x15/0xb0
[ 57.096519][ T5051] ? syscall_enter_from_user_mode+0x8c/0x230
[ 57.102494][ T5051] do_syscall_64+0x41/0xc0
[ 57.106902][ T5051] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.112793][ T5051] RIP: 0033:0x7f368e8d11e9
[ 57.117197][ T5051] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 57.136789][ T5051] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5051] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5051] exit_group(0) = ?
[pid 5051] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5051, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/bus") = 0
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5052 attached
, child_tidptr=0x555556430650) = 5052
[pid 5052] set_robust_list(0x555556430660, 24) = 0
[pid 5052] chdir("./21") = 0
[pid 5052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5052] setpgid(0, 0) = 0
[pid 5052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5052] write(3, "1000", 4) = 4
[pid 5052] close(3) = 0
[pid 5052] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5052] memfd_create("syzkaller", 0) = 3
[pid 5052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5052] munmap(0x7f3686492000, 32768) = 0
[ 57.145191][ T5051] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 57.153149][ T5051] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 57.161104][ T5051] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 57.169059][ T5051] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 57.177012][ T5051] R13: 0000000000000014 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 57.184977][ T5051]
[ 57.188633][ T5051] hfs_btree_del_level
[pid 5052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5052] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5052] close(3) = 0
[pid 5052] mkdir("./bus", 0777) = 0
[pid 5052] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5052] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5052] chdir("./bus") = 0
[pid 5052] ioctl(4, LOOP_CLR_FD) = 0
[pid 5052] close(4) = 0
[pid 5052] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5052] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5052] write(5, "9", 1) = 1
[ 57.224651][ T5052] loop0: detected capacity change from 0 to 64
[ 57.235318][ T5052] hfs: unable to locate alternate MDB
[ 57.240836][ T5052] hfs: continuing without an alternate MDB
[ 57.254732][ T5052] FAULT_INJECTION: forcing a failure.
[ 57.254732][ T5052] name failslab, interval 1, probability 0, space 0, times 0
[ 57.267423][ T5052] CPU: 1 PID: 5052 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 57.277844][ T5052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 57.287881][ T5052] Call Trace:
[ 57.291152][ T5052]
[ 57.294086][ T5052] dump_stack_lvl+0x1e7/0x2d0
[ 57.298751][ T5052] ? nf_tcp_handle_invalid+0x650/0x650
[ 57.304194][ T5052] ? panic+0x770/0x770
[ 57.308244][ T5052] ? rcu_is_watching+0x15/0xb0
[ 57.312992][ T5052] ? trace_contention_end+0x3c/0xf0
[ 57.318179][ T5052] should_fail_ex+0x3aa/0x4e0
[ 57.322844][ T5052] should_failslab+0x9/0x20
[ 57.327335][ T5052] slab_pre_alloc_hook+0x59/0x2b0
[ 57.332349][ T5052] ? hfs_find_init+0x90/0x1f0
[ 57.337008][ T5052] __kmem_cache_alloc_node+0x4b/0x270
[ 57.342368][ T5052] ? lock_release+0xbf/0x9d0
[ 57.346946][ T5052] ? hfs_find_init+0x90/0x1f0
[ 57.351607][ T5052] __kmalloc+0xa8/0x230
[ 57.355750][ T5052] hfs_find_init+0x90/0x1f0
[ 57.360237][ T5052] hfs_extend_file+0x31b/0x1440
[ 57.365077][ T5052] ? hfs_get_block+0xb60/0xb60
[ 57.369826][ T5052] ? find_lock_entries+0x10d0/0x10d0
[ 57.375101][ T5052] ? clean_bdev_aliases+0x66a/0x770
[ 57.380283][ T5052] hfs_get_block+0x3e4/0xb60
[ 57.384861][ T5052] ? hfs_free_extents+0x420/0x420
[ 57.389872][ T5052] ? _raw_spin_unlock+0x28/0x40
[ 57.394709][ T5052] ? folio_create_buffers+0x132/0x250
[ 57.400062][ T5052] __block_write_begin_int+0x555/0x1a40
[ 57.405598][ T5052] ? hfs_free_extents+0x420/0x420
[ 57.410607][ T5052] ? folio_zero_new_buffers+0x530/0x530
[ 57.416139][ T5052] ? pagecache_get_page+0x243/0x590
[ 57.421348][ T5052] ? hfs_free_extents+0x420/0x420
[ 57.426360][ T5052] block_write_begin+0x9b/0x1e0
[ 57.431284][ T5052] cont_write_begin+0x643/0x880
[ 57.436121][ T5052] ? fault_in_readable+0x165/0x2b0
[ 57.441220][ T5052] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 57.447095][ T5052] ? fault_in_readable+0x1a6/0x2b0
[ 57.452192][ T5052] ? fault_in_safe_writeable+0x260/0x260
[ 57.457814][ T5052] hfs_write_begin+0x8a/0xd0
[ 57.462387][ T5052] ? hfs_free_extents+0x420/0x420
[ 57.467399][ T5052] generic_perform_write+0x31b/0x630
[ 57.472674][ T5052] ? generic_file_direct_write+0x3f0/0x3f0
[ 57.478467][ T5052] ? __mnt_drop_write_file+0xc2/0x100
[ 57.483831][ T5052] ? __generic_file_write_iter+0x101/0x230
[ 57.489622][ T5052] generic_file_write_iter+0xaf/0x310
[ 57.494982][ T5052] vfs_write+0x782/0xaf0
[ 57.499216][ T5052] ? file_end_write+0x250/0x250
[ 57.504050][ T5052] ? __asan_memset+0x23/0x40
[ 57.508632][ T5052] ? __fdget_pos+0x2c7/0x340
[ 57.513215][ T5052] ksys_write+0x1a0/0x2c0
[ 57.517713][ T5052] ? __ia32_sys_read+0x90/0x90
[ 57.522465][ T5052] ? rcu_is_watching+0x15/0xb0
[ 57.527215][ T5052] ? syscall_enter_from_user_mode+0x8c/0x230
[ 57.533187][ T5052] do_syscall_64+0x41/0xc0
[ 57.537591][ T5052] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.543471][ T5052] RIP: 0033:0x7f368e8d11e9
[ 57.547872][ T5052] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 57.567459][ T5052] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5052] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5052] exit_group(0) = ?
[pid 5052] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5052, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/bus") = 0
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5053 attached
, child_tidptr=0x555556430650) = 5053
[pid 5053] set_robust_list(0x555556430660, 24) = 0
[pid 5053] chdir("./22") = 0
[pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5053] setpgid(0, 0) = 0
[pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5053] write(3, "1000", 4) = 4
[pid 5053] close(3) = 0
[pid 5053] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5053] memfd_create("syzkaller", 0) = 3
[pid 5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[ 57.575855][ T5052] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 57.583810][ T5052] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 57.591764][ T5052] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 57.599717][ T5052] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 57.607672][ T5052] R13: 0000000000000015 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 57.615641][ T5052]
[ 57.621831][ T5052] hfs_btree_del_level
[pid 5053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5053] munmap(0x7f3686492000, 32768) = 0
[pid 5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5053] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5053] close(3) = 0
[pid 5053] mkdir("./bus", 0777) = 0
[pid 5053] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5053] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5053] chdir("./bus") = 0
[pid 5053] ioctl(4, LOOP_CLR_FD) = 0
[pid 5053] close(4) = 0
[pid 5053] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5053] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5053] write(5, "9", 1) = 1
[ 57.658739][ T5053] loop0: detected capacity change from 0 to 64
[ 57.667095][ T5053] hfs: unable to locate alternate MDB
[ 57.672584][ T5053] hfs: continuing without an alternate MDB
[ 57.683095][ T5053] FAULT_INJECTION: forcing a failure.
[ 57.683095][ T5053] name failslab, interval 1, probability 0, space 0, times 0
[ 57.696107][ T5053] CPU: 0 PID: 5053 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 57.706522][ T5053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 57.716563][ T5053] Call Trace:
[ 57.719838][ T5053]
[ 57.722753][ T5053] dump_stack_lvl+0x1e7/0x2d0
[ 57.727436][ T5053] ? nf_tcp_handle_invalid+0x650/0x650
[ 57.732885][ T5053] ? panic+0x770/0x770
[ 57.736939][ T5053] ? rcu_is_watching+0x15/0xb0
[ 57.741687][ T5053] ? trace_contention_end+0x3c/0xf0
[ 57.746873][ T5053] should_fail_ex+0x3aa/0x4e0
[ 57.751538][ T5053] should_failslab+0x9/0x20
[ 57.756031][ T5053] slab_pre_alloc_hook+0x59/0x2b0
[ 57.761045][ T5053] ? hfs_find_init+0x90/0x1f0
[ 57.765706][ T5053] __kmem_cache_alloc_node+0x4b/0x270
[ 57.771064][ T5053] ? lock_release+0xbf/0x9d0
[ 57.775642][ T5053] ? hfs_find_init+0x90/0x1f0
[ 57.780302][ T5053] __kmalloc+0xa8/0x230
[ 57.784448][ T5053] hfs_find_init+0x90/0x1f0
[ 57.788937][ T5053] hfs_extend_file+0x31b/0x1440
[ 57.793776][ T5053] ? hfs_get_block+0xb60/0xb60
[ 57.798527][ T5053] ? find_lock_entries+0x10d0/0x10d0
[ 57.803803][ T5053] ? clean_bdev_aliases+0x66a/0x770
[ 57.809003][ T5053] hfs_get_block+0x3e4/0xb60
[ 57.813598][ T5053] ? hfs_free_extents+0x420/0x420
[ 57.818612][ T5053] ? _raw_spin_unlock+0x28/0x40
[ 57.823453][ T5053] ? folio_create_buffers+0x132/0x250
[ 57.828828][ T5053] __block_write_begin_int+0x555/0x1a40
[ 57.834389][ T5053] ? hfs_free_extents+0x420/0x420
[ 57.839410][ T5053] ? folio_zero_new_buffers+0x530/0x530
[ 57.844944][ T5053] ? pagecache_get_page+0x243/0x590
[ 57.850131][ T5053] ? hfs_free_extents+0x420/0x420
[ 57.855152][ T5053] block_write_begin+0x9b/0x1e0
[ 57.859994][ T5053] cont_write_begin+0x643/0x880
[ 57.864836][ T5053] ? fault_in_readable+0x165/0x2b0
[ 57.869961][ T5053] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 57.875839][ T5053] ? fault_in_readable+0x1a6/0x2b0
[ 57.880936][ T5053] ? fault_in_safe_writeable+0x260/0x260
[ 57.886560][ T5053] hfs_write_begin+0x8a/0xd0
[ 57.891136][ T5053] ? hfs_free_extents+0x420/0x420
[ 57.896148][ T5053] generic_perform_write+0x31b/0x630
[ 57.901424][ T5053] ? generic_file_direct_write+0x3f0/0x3f0
[ 57.907216][ T5053] ? __mnt_drop_write_file+0xc2/0x100
[ 57.912580][ T5053] ? __generic_file_write_iter+0x101/0x230
[ 57.918372][ T5053] generic_file_write_iter+0xaf/0x310
[ 57.923734][ T5053] vfs_write+0x782/0xaf0
[ 57.927967][ T5053] ? file_end_write+0x250/0x250
[ 57.932808][ T5053] ? __asan_memset+0x23/0x40
[ 57.937391][ T5053] ? __fdget_pos+0x2c7/0x340
[ 57.941969][ T5053] ksys_write+0x1a0/0x2c0
[ 57.946289][ T5053] ? __ia32_sys_read+0x90/0x90
[ 57.951039][ T5053] ? rcu_is_watching+0x15/0xb0
[ 57.955794][ T5053] ? syscall_enter_from_user_mode+0x8c/0x230
[ 57.961765][ T5053] do_syscall_64+0x41/0xc0
[ 57.966183][ T5053] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 57.972074][ T5053] RIP: 0033:0x7f368e8d11e9
[ 57.976479][ T5053] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 57.996076][ T5053] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5053] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5053] exit_group(0) = ?
[pid 5053] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/bus") = 0
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5054
./strace-static-x86_64: Process 5054 attached
[pid 5054] set_robust_list(0x555556430660, 24) = 0
[pid 5054] chdir("./23") = 0
[pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5054] setpgid(0, 0) = 0
[pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5054] write(3, "1000", 4) = 4
[pid 5054] close(3) = 0
[pid 5054] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5054] memfd_create("syzkaller", 0) = 3
[pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[ 58.004478][ T5053] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 58.012438][ T5053] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 58.020394][ T5053] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 58.028352][ T5053] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 58.036310][ T5053] R13: 0000000000000016 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 58.044280][ T5053]
[ 58.048061][ T5053] hfs_btree_del_level
[pid 5054] munmap(0x7f3686492000, 32768) = 0
[pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5054] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5054] close(3) = 0
[pid 5054] mkdir("./bus", 0777) = 0
[pid 5054] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5054] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5054] chdir("./bus") = 0
[pid 5054] ioctl(4, LOOP_CLR_FD) = 0
[pid 5054] close(4) = 0
[pid 5054] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5054] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5054] write(5, "9", 1) = 1
[pid 5054] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5054] exit_group(0) = ?
[pid 5054] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5054, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/bus") = 0
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5055
./strace-static-x86_64: Process 5055 attached
[pid 5055] set_robust_list(0x555556430660, 24) = 0
[pid 5055] chdir("./24") = 0
[pid 5055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5055] setpgid(0, 0) = 0
[pid 5055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5055] write(3, "1000", 4) = 4
[pid 5055] close(3) = 0
[ 58.073379][ T5054] loop0: detected capacity change from 0 to 64
[ 58.083091][ T5054] hfs: unable to locate alternate MDB
[ 58.088470][ T5054] hfs: continuing without an alternate MDB
[pid 5055] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5055] memfd_create("syzkaller", 0) = 3
[pid 5055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5055] munmap(0x7f3686492000, 32768) = 0
[pid 5055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5055] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5055] close(3) = 0
[pid 5055] mkdir("./bus", 0777) = 0
[pid 5055] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5055] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5055] chdir("./bus") = 0
[pid 5055] ioctl(4, LOOP_CLR_FD) = 0
[pid 5055] close(4) = 0
[pid 5055] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5055] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5055] write(5, "9", 1) = 1
[ 58.139357][ T5055] loop0: detected capacity change from 0 to 64
[ 58.148187][ T5055] hfs: unable to locate alternate MDB
[ 58.153663][ T5055] hfs: continuing without an alternate MDB
[ 58.167542][ T5055] FAULT_INJECTION: forcing a failure.
[ 58.167542][ T5055] name failslab, interval 1, probability 0, space 0, times 0
[ 58.180601][ T5055] CPU: 1 PID: 5055 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 58.191018][ T5055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 58.201054][ T5055] Call Trace:
[ 58.204313][ T5055]
[ 58.207225][ T5055] dump_stack_lvl+0x1e7/0x2d0
[ 58.211884][ T5055] ? nf_tcp_handle_invalid+0x650/0x650
[ 58.217323][ T5055] ? panic+0x770/0x770
[ 58.221370][ T5055] ? rcu_is_watching+0x15/0xb0
[ 58.226112][ T5055] ? trace_contention_end+0x3c/0xf0
[ 58.231290][ T5055] should_fail_ex+0x3aa/0x4e0
[ 58.235948][ T5055] should_failslab+0x9/0x20
[ 58.240436][ T5055] slab_pre_alloc_hook+0x59/0x2b0
[ 58.245444][ T5055] ? hfs_find_init+0x90/0x1f0
[ 58.250101][ T5055] __kmem_cache_alloc_node+0x4b/0x270
[ 58.255457][ T5055] ? lock_release+0xbf/0x9d0
[ 58.260029][ T5055] ? hfs_find_init+0x90/0x1f0
[ 58.264683][ T5055] __kmalloc+0xa8/0x230
[ 58.268821][ T5055] hfs_find_init+0x90/0x1f0
[ 58.273304][ T5055] hfs_extend_file+0x31b/0x1440
[ 58.278136][ T5055] ? hfs_get_block+0xb60/0xb60
[ 58.282889][ T5055] ? find_lock_entries+0x10d0/0x10d0
[ 58.288171][ T5055] ? clean_bdev_aliases+0x66a/0x770
[ 58.293349][ T5055] hfs_get_block+0x3e4/0xb60
[ 58.297922][ T5055] ? hfs_free_extents+0x420/0x420
[ 58.303100][ T5055] ? _raw_spin_unlock+0x28/0x40
[ 58.307928][ T5055] ? folio_create_buffers+0x132/0x250
[ 58.313300][ T5055] __block_write_begin_int+0x555/0x1a40
[ 58.318826][ T5055] ? hfs_free_extents+0x420/0x420
[ 58.323848][ T5055] ? folio_zero_new_buffers+0x530/0x530
[ 58.329371][ T5055] ? pagecache_get_page+0x243/0x590
[ 58.334554][ T5055] ? hfs_free_extents+0x420/0x420
[ 58.339554][ T5055] block_write_begin+0x9b/0x1e0
[ 58.344386][ T5055] cont_write_begin+0x643/0x880
[ 58.349217][ T5055] ? fault_in_readable+0x165/0x2b0
[ 58.354308][ T5055] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 58.360177][ T5055] ? fault_in_readable+0x1a6/0x2b0
[ 58.365269][ T5055] ? fault_in_safe_writeable+0x260/0x260
[ 58.370881][ T5055] hfs_write_begin+0x8a/0xd0
[ 58.375448][ T5055] ? hfs_free_extents+0x420/0x420
[ 58.380452][ T5055] generic_perform_write+0x31b/0x630
[ 58.385721][ T5055] ? generic_file_direct_write+0x3f0/0x3f0
[ 58.391503][ T5055] ? __mnt_drop_write_file+0xc2/0x100
[ 58.396859][ T5055] ? __generic_file_write_iter+0x101/0x230
[ 58.402643][ T5055] generic_file_write_iter+0xaf/0x310
[ 58.407995][ T5055] vfs_write+0x782/0xaf0
[ 58.412218][ T5055] ? file_end_write+0x250/0x250
[ 58.417045][ T5055] ? __asan_memset+0x23/0x40
[ 58.421617][ T5055] ? __fdget_pos+0x2c7/0x340
[ 58.426187][ T5055] ksys_write+0x1a0/0x2c0
[ 58.430500][ T5055] ? __ia32_sys_read+0x90/0x90
[ 58.435247][ T5055] ? rcu_is_watching+0x15/0xb0
[ 58.439989][ T5055] ? syscall_enter_from_user_mode+0x8c/0x230
[ 58.445950][ T5055] do_syscall_64+0x41/0xc0
[ 58.450350][ T5055] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.456222][ T5055] RIP: 0033:0x7f368e8d11e9
[ 58.460616][ T5055] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 58.480196][ T5055] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5055] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5055] exit_group(0) = ?
[pid 5055] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5055, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/bus") = 0
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5056 attached
, child_tidptr=0x555556430650) = 5056
[pid 5056] set_robust_list(0x555556430660, 24) = 0
[pid 5056] chdir("./25") = 0
[pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5056] setpgid(0, 0) = 0
[pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5056] write(3, "1000", 4) = 4
[pid 5056] close(3) = 0
[pid 5056] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5056] memfd_create("syzkaller", 0) = 3
[ 58.488586][ T5055] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 58.496536][ T5055] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 58.504508][ T5055] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 58.512456][ T5055] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 58.520405][ T5055] R13: 0000000000000018 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 58.528361][ T5055]
[ 58.531908][ T5055] hfs_btree_del_level
[pid 5056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5056] munmap(0x7f3686492000, 32768) = 0
[pid 5056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5056] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5056] close(3) = 0
[pid 5056] mkdir("./bus", 0777) = 0
[pid 5056] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5056] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5056] chdir("./bus") = 0
[pid 5056] ioctl(4, LOOP_CLR_FD) = 0
[pid 5056] close(4) = 0
[pid 5056] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5056] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5056] write(5, "9", 1) = 1
[ 58.575815][ T5056] loop0: detected capacity change from 0 to 64
[ 58.585788][ T5056] hfs: unable to locate alternate MDB
[ 58.591163][ T5056] hfs: continuing without an alternate MDB
[ 58.601324][ T5056] FAULT_INJECTION: forcing a failure.
[ 58.601324][ T5056] name failslab, interval 1, probability 0, space 0, times 0
[ 58.614570][ T5056] CPU: 0 PID: 5056 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 58.624987][ T5056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 58.635024][ T5056] Call Trace:
[ 58.638287][ T5056]
[ 58.641202][ T5056] dump_stack_lvl+0x1e7/0x2d0
[ 58.645867][ T5056] ? nf_tcp_handle_invalid+0x650/0x650
[ 58.651312][ T5056] ? panic+0x770/0x770
[ 58.655364][ T5056] ? rcu_is_watching+0x15/0xb0
[ 58.660121][ T5056] ? trace_contention_end+0x3c/0xf0
[ 58.665322][ T5056] should_fail_ex+0x3aa/0x4e0
[ 58.669990][ T5056] should_failslab+0x9/0x20
[ 58.674494][ T5056] slab_pre_alloc_hook+0x59/0x2b0
[ 58.679504][ T5056] ? hfs_find_init+0x90/0x1f0
[ 58.684161][ T5056] __kmem_cache_alloc_node+0x4b/0x270
[ 58.689518][ T5056] ? lock_release+0xbf/0x9d0
[ 58.694094][ T5056] ? hfs_find_init+0x90/0x1f0
[ 58.698752][ T5056] __kmalloc+0xa8/0x230
[ 58.702893][ T5056] hfs_find_init+0x90/0x1f0
[ 58.707381][ T5056] hfs_extend_file+0x31b/0x1440
[ 58.712218][ T5056] ? hfs_get_block+0xb60/0xb60
[ 58.716971][ T5056] ? find_lock_entries+0x10d0/0x10d0
[ 58.722248][ T5056] ? clean_bdev_aliases+0x66a/0x770
[ 58.727430][ T5056] hfs_get_block+0x3e4/0xb60
[ 58.732012][ T5056] ? hfs_free_extents+0x420/0x420
[ 58.737022][ T5056] ? _raw_spin_unlock+0x28/0x40
[ 58.741856][ T5056] ? folio_create_buffers+0x132/0x250
[ 58.747209][ T5056] __block_write_begin_int+0x555/0x1a40
[ 58.752756][ T5056] ? hfs_free_extents+0x420/0x420
[ 58.757778][ T5056] ? folio_zero_new_buffers+0x530/0x530
[ 58.763303][ T5056] ? pagecache_get_page+0x243/0x590
[ 58.768485][ T5056] ? hfs_free_extents+0x420/0x420
[ 58.773498][ T5056] block_write_begin+0x9b/0x1e0
[ 58.778336][ T5056] cont_write_begin+0x643/0x880
[ 58.783176][ T5056] ? fault_in_readable+0x165/0x2b0
[ 58.788277][ T5056] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 58.794153][ T5056] ? fault_in_readable+0x1a6/0x2b0
[ 58.799258][ T5056] ? fault_in_safe_writeable+0x260/0x260
[ 58.804899][ T5056] hfs_write_begin+0x8a/0xd0
[ 58.809499][ T5056] ? hfs_free_extents+0x420/0x420
[ 58.814507][ T5056] generic_perform_write+0x31b/0x630
[ 58.819791][ T5056] ? generic_file_direct_write+0x3f0/0x3f0
[ 58.825595][ T5056] ? __mnt_drop_write_file+0xc2/0x100
[ 58.830977][ T5056] ? __generic_file_write_iter+0x101/0x230
[ 58.836790][ T5056] generic_file_write_iter+0xaf/0x310
[ 58.842170][ T5056] vfs_write+0x782/0xaf0
[ 58.846422][ T5056] ? file_end_write+0x250/0x250
[ 58.851262][ T5056] ? __asan_memset+0x23/0x40
[ 58.855841][ T5056] ? __fdget_pos+0x2c7/0x340
[ 58.860419][ T5056] ksys_write+0x1a0/0x2c0
[ 58.864737][ T5056] ? __ia32_sys_read+0x90/0x90
[ 58.869487][ T5056] ? rcu_is_watching+0x15/0xb0
[ 58.874233][ T5056] ? syscall_enter_from_user_mode+0x8c/0x230
[ 58.880204][ T5056] do_syscall_64+0x41/0xc0
[ 58.884607][ T5056] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 58.890488][ T5056] RIP: 0033:0x7f368e8d11e9
[ 58.894885][ T5056] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 58.914478][ T5056] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5056] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5056] exit_group(0) = ?
[pid 5056] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5056, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/bus") = 0
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556430650) = 5057
./strace-static-x86_64: Process 5057 attached
[pid 5057] set_robust_list(0x555556430660, 24) = 0
[pid 5057] chdir("./26") = 0
[pid 5057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5057] setpgid(0, 0) = 0
[pid 5057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5057] write(3, "1000", 4) = 4
[ 58.922905][ T5056] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 58.930860][ T5056] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 58.938841][ T5056] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 58.946795][ T5056] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 58.954747][ T5056] R13: 0000000000000019 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 58.962706][ T5056]
[ 58.966548][ T5056] hfs_btree_del_level
[pid 5057] close(3) = 0
[pid 5057] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5057] memfd_create("syzkaller", 0) = 3
[pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5057] munmap(0x7f3686492000, 32768) = 0
[pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5057] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5057] close(3) = 0
[pid 5057] mkdir("./bus", 0777) = 0
[pid 5057] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5057] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5057] chdir("./bus") = 0
[pid 5057] ioctl(4, LOOP_CLR_FD) = 0
[pid 5057] close(4) = 0
[pid 5057] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5057] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5057] write(5, "9", 1) = 1
[ 59.015375][ T5057] loop0: detected capacity change from 0 to 64
[ 59.024533][ T5057] hfs: unable to locate alternate MDB
[ 59.029915][ T5057] hfs: continuing without an alternate MDB
[ 59.042503][ T5057] FAULT_INJECTION: forcing a failure.
[ 59.042503][ T5057] name failslab, interval 1, probability 0, space 0, times 0
[ 59.055766][ T5057] CPU: 0 PID: 5057 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 59.066197][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 59.076248][ T5057] Call Trace:
[ 59.079515][ T5057]
[ 59.082434][ T5057] dump_stack_lvl+0x1e7/0x2d0
[ 59.087105][ T5057] ? nf_tcp_handle_invalid+0x650/0x650
[ 59.092552][ T5057] ? panic+0x770/0x770
[ 59.096606][ T5057] ? rcu_is_watching+0x15/0xb0
[ 59.101356][ T5057] ? trace_contention_end+0x3c/0xf0
[ 59.106543][ T5057] should_fail_ex+0x3aa/0x4e0
[ 59.111210][ T5057] should_failslab+0x9/0x20
[ 59.115702][ T5057] slab_pre_alloc_hook+0x59/0x2b0
[ 59.120719][ T5057] ? hfs_find_init+0x90/0x1f0
[ 59.125382][ T5057] __kmem_cache_alloc_node+0x4b/0x270
[ 59.130743][ T5057] ? lock_release+0xbf/0x9d0
[ 59.135324][ T5057] ? hfs_find_init+0x90/0x1f0
[ 59.139985][ T5057] __kmalloc+0xa8/0x230
[ 59.144132][ T5057] hfs_find_init+0x90/0x1f0
[ 59.148625][ T5057] hfs_extend_file+0x31b/0x1440
[ 59.153466][ T5057] ? hfs_get_block+0xb60/0xb60
[ 59.158217][ T5057] ? find_lock_entries+0x10d0/0x10d0
[ 59.163494][ T5057] ? clean_bdev_aliases+0x66a/0x770
[ 59.168677][ T5057] hfs_get_block+0x3e4/0xb60
[ 59.173258][ T5057] ? hfs_free_extents+0x420/0x420
[ 59.178274][ T5057] ? _raw_spin_unlock+0x28/0x40
[ 59.183113][ T5057] ? folio_create_buffers+0x132/0x250
[ 59.188472][ T5057] __block_write_begin_int+0x555/0x1a40
[ 59.194013][ T5057] ? hfs_free_extents+0x420/0x420
[ 59.199023][ T5057] ? folio_zero_new_buffers+0x530/0x530
[ 59.204557][ T5057] ? pagecache_get_page+0x243/0x590
[ 59.209740][ T5057] ? hfs_free_extents+0x420/0x420
[ 59.214751][ T5057] block_write_begin+0x9b/0x1e0
[ 59.219588][ T5057] cont_write_begin+0x643/0x880
[ 59.224429][ T5057] ? fault_in_readable+0x165/0x2b0
[ 59.229530][ T5057] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 59.235405][ T5057] ? fault_in_readable+0x1a6/0x2b0
[ 59.240505][ T5057] ? fault_in_safe_writeable+0x260/0x260
[ 59.246131][ T5057] hfs_write_begin+0x8a/0xd0
[ 59.250710][ T5057] ? hfs_free_extents+0x420/0x420
[ 59.255721][ T5057] generic_perform_write+0x31b/0x630
[ 59.260999][ T5057] ? generic_file_direct_write+0x3f0/0x3f0
[ 59.266791][ T5057] ? __mnt_drop_write_file+0xc2/0x100
[ 59.272156][ T5057] ? __generic_file_write_iter+0x101/0x230
[ 59.277951][ T5057] generic_file_write_iter+0xaf/0x310
[ 59.283311][ T5057] vfs_write+0x782/0xaf0
[ 59.287544][ T5057] ? file_end_write+0x250/0x250
[ 59.292380][ T5057] ? __asan_memset+0x23/0x40
[ 59.296967][ T5057] ? __fdget_pos+0x2c7/0x340
[ 59.301555][ T5057] ksys_write+0x1a0/0x2c0
[ 59.305876][ T5057] ? __ia32_sys_read+0x90/0x90
[ 59.310628][ T5057] ? rcu_is_watching+0x15/0xb0
[ 59.315377][ T5057] ? syscall_enter_from_user_mode+0x8c/0x230
[ 59.321351][ T5057] do_syscall_64+0x41/0xc0
[ 59.325755][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.331636][ T5057] RIP: 0033:0x7f368e8d11e9
[ 59.336037][ T5057] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 59.355628][ T5057] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5057] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5057] exit_group(0) = ?
[pid 5057] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5057, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/bus") = 0
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5058 attached
, child_tidptr=0x555556430650) = 5058
[pid 5058] set_robust_list(0x555556430660, 24) = 0
[pid 5058] chdir("./27") = 0
[pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5058] setpgid(0, 0) = 0
[pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5058] write(3, "1000", 4) = 4
[pid 5058] close(3) = 0
[pid 5058] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5058] memfd_create("syzkaller", 0) = 3
[pid 5058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5058] munmap(0x7f3686492000, 32768) = 0
[pid 5058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 59.364027][ T5057] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 59.371984][ T5057] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 59.379950][ T5057] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 59.387911][ T5057] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 59.395873][ T5057] R13: 000000000000001a R14: 431bde82d7b634db R15: 00007ffecc946110
[ 59.403836][ T5057]
[ 59.407574][ T5057] hfs_btree_del_level
[pid 5058] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5058] close(3) = 0
[pid 5058] mkdir("./bus", 0777) = 0
[pid 5058] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5058] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5058] chdir("./bus") = 0
[pid 5058] ioctl(4, LOOP_CLR_FD) = 0
[pid 5058] close(4) = 0
[pid 5058] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5058] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5058] write(5, "9", 1) = 1
[ 59.444668][ T5058] loop0: detected capacity change from 0 to 64
[ 59.452975][ T5058] hfs: unable to locate alternate MDB
[ 59.458357][ T5058] hfs: continuing without an alternate MDB
[ 59.468366][ T5058] FAULT_INJECTION: forcing a failure.
[ 59.468366][ T5058] name failslab, interval 1, probability 0, space 0, times 0
[ 59.481200][ T5058] CPU: 0 PID: 5058 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 59.491623][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 59.501675][ T5058] Call Trace:
[ 59.504952][ T5058]
[ 59.507881][ T5058] dump_stack_lvl+0x1e7/0x2d0
[ 59.512567][ T5058] ? nf_tcp_handle_invalid+0x650/0x650
[ 59.518016][ T5058] ? panic+0x770/0x770
[ 59.522071][ T5058] ? rcu_is_watching+0x15/0xb0
[ 59.526835][ T5058] ? trace_contention_end+0x3c/0xf0
[ 59.532019][ T5058] should_fail_ex+0x3aa/0x4e0
[ 59.536682][ T5058] should_failslab+0x9/0x20
[ 59.541176][ T5058] slab_pre_alloc_hook+0x59/0x2b0
[ 59.546191][ T5058] ? hfs_find_init+0x90/0x1f0
[ 59.550850][ T5058] __kmem_cache_alloc_node+0x4b/0x270
[ 59.556208][ T5058] ? lock_release+0xbf/0x9d0
[ 59.560787][ T5058] ? hfs_find_init+0x90/0x1f0
[ 59.565468][ T5058] __kmalloc+0xa8/0x230
[ 59.569616][ T5058] hfs_find_init+0x90/0x1f0
[ 59.574105][ T5058] hfs_extend_file+0x31b/0x1440
[ 59.578944][ T5058] ? hfs_get_block+0xb60/0xb60
[ 59.583697][ T5058] ? find_lock_entries+0x10d0/0x10d0
[ 59.588971][ T5058] ? clean_bdev_aliases+0x66a/0x770
[ 59.594159][ T5058] hfs_get_block+0x3e4/0xb60
[ 59.598739][ T5058] ? hfs_free_extents+0x420/0x420
[ 59.603755][ T5058] ? _raw_spin_unlock+0x28/0x40
[ 59.608592][ T5058] ? folio_create_buffers+0x132/0x250
[ 59.613949][ T5058] __block_write_begin_int+0x555/0x1a40
[ 59.619488][ T5058] ? hfs_free_extents+0x420/0x420
[ 59.624497][ T5058] ? folio_zero_new_buffers+0x530/0x530
[ 59.630027][ T5058] ? pagecache_get_page+0x243/0x590
[ 59.635211][ T5058] ? hfs_free_extents+0x420/0x420
[ 59.640221][ T5058] block_write_begin+0x9b/0x1e0
[ 59.645062][ T5058] cont_write_begin+0x643/0x880
[ 59.649902][ T5058] ? fault_in_readable+0x165/0x2b0
[ 59.655000][ T5058] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 59.660876][ T5058] ? fault_in_readable+0x1a6/0x2b0
[ 59.665976][ T5058] ? fault_in_safe_writeable+0x260/0x260
[ 59.671599][ T5058] hfs_write_begin+0x8a/0xd0
[ 59.676175][ T5058] ? hfs_free_extents+0x420/0x420
[ 59.681185][ T5058] generic_perform_write+0x31b/0x630
[ 59.686460][ T5058] ? generic_file_direct_write+0x3f0/0x3f0
[ 59.692249][ T5058] ? __mnt_drop_write_file+0xc2/0x100
[ 59.697613][ T5058] ? __generic_file_write_iter+0x101/0x230
[ 59.703407][ T5058] generic_file_write_iter+0xaf/0x310
[ 59.708771][ T5058] vfs_write+0x782/0xaf0
[ 59.713007][ T5058] ? file_end_write+0x250/0x250
[ 59.717840][ T5058] ? __asan_memset+0x23/0x40
[ 59.722421][ T5058] ? __fdget_pos+0x2c7/0x340
[ 59.727006][ T5058] ksys_write+0x1a0/0x2c0
[ 59.731327][ T5058] ? __ia32_sys_read+0x90/0x90
[ 59.736076][ T5058] ? rcu_is_watching+0x15/0xb0
[ 59.740825][ T5058] ? syscall_enter_from_user_mode+0x8c/0x230
[ 59.746797][ T5058] do_syscall_64+0x41/0xc0
[ 59.751202][ T5058] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.757084][ T5058] RIP: 0033:0x7f368e8d11e9
[ 59.761487][ T5058] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 59.781080][ T5058] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5058] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5058] exit_group(0) = ?
[pid 5058] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5058, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/bus") = 0
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5059 attached
, child_tidptr=0x555556430650) = 5059
[pid 5059] set_robust_list(0x555556430660, 24) = 0
[pid 5059] chdir("./28") = 0
[pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5059] setpgid(0, 0) = 0
[pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5059] write(3, "1000", 4) = 4
[pid 5059] close(3) = 0
[pid 5059] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5059] memfd_create("syzkaller", 0) = 3
[pid 5059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5059] munmap(0x7f3686492000, 32768) = 0
[pid 5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 59.789479][ T5058] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 59.797436][ T5058] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 59.805390][ T5058] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 59.813346][ T5058] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 59.821303][ T5058] R13: 000000000000001b R14: 431bde82d7b634db R15: 00007ffecc946110
[ 59.829265][ T5058]
[ 59.833081][ T5058] hfs_btree_del_level
[pid 5059] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5059] close(3) = 0
[pid 5059] mkdir("./bus", 0777) = 0
[pid 5059] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5059] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5059] chdir("./bus") = 0
[pid 5059] ioctl(4, LOOP_CLR_FD) = 0
[pid 5059] close(4) = 0
[pid 5059] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5059] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5059] write(5, "9", 1) = 1
[ 59.876026][ T5059] loop0: detected capacity change from 0 to 64
[ 59.884392][ T5059] hfs: unable to locate alternate MDB
[ 59.889788][ T5059] hfs: continuing without an alternate MDB
[ 59.901496][ T5059] FAULT_INJECTION: forcing a failure.
[ 59.901496][ T5059] name failslab, interval 1, probability 0, space 0, times 0
[ 59.914376][ T5059] CPU: 0 PID: 5059 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 59.924790][ T5059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 59.934824][ T5059] Call Trace:
[ 59.938085][ T5059]
[ 59.940994][ T5059] dump_stack_lvl+0x1e7/0x2d0
[ 59.945663][ T5059] ? nf_tcp_handle_invalid+0x650/0x650
[ 59.951125][ T5059] ? panic+0x770/0x770
[ 59.955189][ T5059] ? rcu_is_watching+0x15/0xb0
[ 59.959941][ T5059] ? trace_contention_end+0x3c/0xf0
[ 59.965129][ T5059] should_fail_ex+0x3aa/0x4e0
[ 59.969805][ T5059] should_failslab+0x9/0x20
[ 59.974300][ T5059] slab_pre_alloc_hook+0x59/0x2b0
[ 59.979316][ T5059] ? hfs_find_init+0x90/0x1f0
[ 59.983983][ T5059] __kmem_cache_alloc_node+0x4b/0x270
[ 59.989358][ T5059] ? lock_release+0xbf/0x9d0
[ 59.993949][ T5059] ? hfs_find_init+0x90/0x1f0
[ 59.998616][ T5059] __kmalloc+0xa8/0x230
[ 60.002760][ T5059] hfs_find_init+0x90/0x1f0
[ 60.007259][ T5059] hfs_extend_file+0x31b/0x1440
[ 60.012101][ T5059] ? hfs_get_block+0xb60/0xb60
[ 60.016856][ T5059] ? find_lock_entries+0x10d0/0x10d0
[ 60.022136][ T5059] ? clean_bdev_aliases+0x66a/0x770
[ 60.027319][ T5059] hfs_get_block+0x3e4/0xb60
[ 60.031898][ T5059] ? hfs_free_extents+0x420/0x420
[ 60.036912][ T5059] ? _raw_spin_unlock+0x28/0x40
[ 60.041747][ T5059] ? folio_create_buffers+0x132/0x250
[ 60.047106][ T5059] __block_write_begin_int+0x555/0x1a40
[ 60.052646][ T5059] ? hfs_free_extents+0x420/0x420
[ 60.057657][ T5059] ? folio_zero_new_buffers+0x530/0x530
[ 60.063194][ T5059] ? pagecache_get_page+0x243/0x590
[ 60.068387][ T5059] ? hfs_free_extents+0x420/0x420
[ 60.073404][ T5059] block_write_begin+0x9b/0x1e0
[ 60.078243][ T5059] cont_write_begin+0x643/0x880
[ 60.083082][ T5059] ? fault_in_readable+0x165/0x2b0
[ 60.088179][ T5059] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 60.094059][ T5059] ? fault_in_readable+0x1a6/0x2b0
[ 60.099160][ T5059] ? fault_in_safe_writeable+0x260/0x260
[ 60.104781][ T5059] hfs_write_begin+0x8a/0xd0
[ 60.109363][ T5059] ? hfs_free_extents+0x420/0x420
[ 60.114389][ T5059] generic_perform_write+0x31b/0x630
[ 60.119687][ T5059] ? generic_file_direct_write+0x3f0/0x3f0
[ 60.125482][ T5059] ? __mnt_drop_write_file+0xc2/0x100
[ 60.130848][ T5059] ? __generic_file_write_iter+0x101/0x230
[ 60.136645][ T5059] generic_file_write_iter+0xaf/0x310
[ 60.142006][ T5059] vfs_write+0x782/0xaf0
[ 60.146256][ T5059] ? file_end_write+0x250/0x250
[ 60.151099][ T5059] ? __asan_memset+0x23/0x40
[ 60.155681][ T5059] ? __fdget_pos+0x2c7/0x340
[ 60.160261][ T5059] ksys_write+0x1a0/0x2c0
[ 60.164581][ T5059] ? __ia32_sys_read+0x90/0x90
[ 60.169331][ T5059] ? rcu_is_watching+0x15/0xb0
[ 60.174082][ T5059] ? syscall_enter_from_user_mode+0x8c/0x230
[ 60.180052][ T5059] do_syscall_64+0x41/0xc0
[ 60.184457][ T5059] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.190341][ T5059] RIP: 0033:0x7f368e8d11e9
[ 60.194743][ T5059] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 60.214333][ T5059] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5059] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5059] exit_group(0) = ?
[pid 5059] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/bus") = 0
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached
, child_tidptr=0x555556430650) = 5060
[pid 5060] set_robust_list(0x555556430660, 24) = 0
[pid 5060] chdir("./29") = 0
[pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5060] setpgid(0, 0) = 0
[pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5060] write(3, "1000", 4) = 4
[pid 5060] close(3) = 0
[pid 5060] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5060] memfd_create("syzkaller", 0) = 3
[pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5060] munmap(0x7f3686492000, 32768) = 0
[pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 60.222735][ T5059] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 60.230705][ T5059] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 60.238676][ T5059] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 60.246646][ T5059] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 60.254607][ T5059] R13: 000000000000001c R14: 431bde82d7b634db R15: 00007ffecc946110
[ 60.262578][ T5059]
[ 60.266704][ T5059] hfs_btree_del_level
[pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5060] close(3) = 0
[pid 5060] mkdir("./bus", 0777) = 0
[pid 5060] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5060] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5060] chdir("./bus") = 0
[pid 5060] ioctl(4, LOOP_CLR_FD) = 0
[pid 5060] close(4) = 0
[pid 5060] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5060] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5060] write(5, "9", 1) = 1
[ 60.306235][ T5060] loop0: detected capacity change from 0 to 64
[ 60.315241][ T5060] hfs: unable to locate alternate MDB
[ 60.320627][ T5060] hfs: continuing without an alternate MDB
[ 60.330942][ T5060] FAULT_INJECTION: forcing a failure.
[ 60.330942][ T5060] name failslab, interval 1, probability 0, space 0, times 0
[ 60.344090][ T5060] CPU: 0 PID: 5060 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 60.354516][ T5060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 60.364575][ T5060] Call Trace:
[ 60.367851][ T5060]
[ 60.370782][ T5060] dump_stack_lvl+0x1e7/0x2d0
[ 60.375457][ T5060] ? nf_tcp_handle_invalid+0x650/0x650
[ 60.380916][ T5060] ? panic+0x770/0x770
[ 60.384965][ T5060] ? rcu_is_watching+0x15/0xb0
[ 60.389708][ T5060] ? trace_contention_end+0x3c/0xf0
[ 60.394888][ T5060] should_fail_ex+0x3aa/0x4e0
[ 60.399544][ T5060] should_failslab+0x9/0x20
[ 60.404034][ T5060] slab_pre_alloc_hook+0x59/0x2b0
[ 60.409042][ T5060] ? hfs_find_init+0x90/0x1f0
[ 60.413700][ T5060] __kmem_cache_alloc_node+0x4b/0x270
[ 60.419054][ T5060] ? lock_release+0xbf/0x9d0
[ 60.423627][ T5060] ? hfs_find_init+0x90/0x1f0
[ 60.428281][ T5060] __kmalloc+0xa8/0x230
[ 60.432421][ T5060] hfs_find_init+0x90/0x1f0
[ 60.436903][ T5060] hfs_extend_file+0x31b/0x1440
[ 60.441737][ T5060] ? hfs_get_block+0xb60/0xb60
[ 60.446482][ T5060] ? find_lock_entries+0x10d0/0x10d0
[ 60.451748][ T5060] ? clean_bdev_aliases+0x66a/0x770
[ 60.456926][ T5060] hfs_get_block+0x3e4/0xb60
[ 60.461498][ T5060] ? hfs_free_extents+0x420/0x420
[ 60.466504][ T5060] ? _raw_spin_unlock+0x28/0x40
[ 60.471334][ T5060] ? folio_create_buffers+0x132/0x250
[ 60.476684][ T5060] __block_write_begin_int+0x555/0x1a40
[ 60.482215][ T5060] ? hfs_free_extents+0x420/0x420
[ 60.487220][ T5060] ? folio_zero_new_buffers+0x530/0x530
[ 60.492742][ T5060] ? pagecache_get_page+0x243/0x590
[ 60.497924][ T5060] ? hfs_free_extents+0x420/0x420
[ 60.502928][ T5060] block_write_begin+0x9b/0x1e0
[ 60.507756][ T5060] cont_write_begin+0x643/0x880
[ 60.512591][ T5060] ? fault_in_readable+0x165/0x2b0
[ 60.517681][ T5060] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 60.523550][ T5060] ? fault_in_readable+0x1a6/0x2b0
[ 60.528651][ T5060] ? fault_in_safe_writeable+0x260/0x260
[ 60.534264][ T5060] hfs_write_begin+0x8a/0xd0
[ 60.538833][ T5060] ? hfs_free_extents+0x420/0x420
[ 60.543838][ T5060] generic_perform_write+0x31b/0x630
[ 60.549107][ T5060] ? generic_file_direct_write+0x3f0/0x3f0
[ 60.554891][ T5060] ? __mnt_drop_write_file+0xc2/0x100
[ 60.560247][ T5060] ? __generic_file_write_iter+0x101/0x230
[ 60.566032][ T5060] generic_file_write_iter+0xaf/0x310
[ 60.571383][ T5060] vfs_write+0x782/0xaf0
[ 60.575607][ T5060] ? file_end_write+0x250/0x250
[ 60.580437][ T5060] ? __asan_memset+0x23/0x40
[ 60.585014][ T5060] ? __fdget_pos+0x2c7/0x340
[ 60.589587][ T5060] ksys_write+0x1a0/0x2c0
[ 60.593897][ T5060] ? __ia32_sys_read+0x90/0x90
[ 60.598640][ T5060] ? rcu_is_watching+0x15/0xb0
[ 60.603384][ T5060] ? syscall_enter_from_user_mode+0x8c/0x230
[ 60.609347][ T5060] do_syscall_64+0x41/0xc0
[ 60.613745][ T5060] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.619622][ T5060] RIP: 0033:0x7f368e8d11e9
[ 60.624020][ T5060] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 60.643606][ T5060] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5060] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5060] exit_group(0) = ?
[pid 5060] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/bus") = 0
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 60.651996][ T5060] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 60.659946][ T5060] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 60.667897][ T5060] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 60.675847][ T5060] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 60.683798][ T5060] R13: 000000000000001d R14: 431bde82d7b634db R15: 00007ffecc946110
[ 60.691755][ T5060]
[ 60.695389][ T5060] hfs_btree_del_level
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5061 attached
, child_tidptr=0x555556430650) = 5061
[pid 5061] set_robust_list(0x555556430660, 24) = 0
[pid 5061] chdir("./30") = 0
[pid 5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5061] setpgid(0, 0) = 0
[pid 5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5061] write(3, "1000", 4) = 4
[pid 5061] close(3) = 0
[pid 5061] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5061] memfd_create("syzkaller", 0) = 3
[pid 5061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5061] munmap(0x7f3686492000, 32768) = 0
[pid 5061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5061] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5061] close(3) = 0
[pid 5061] mkdir("./bus", 0777) = 0
[pid 5061] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5061] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5061] chdir("./bus") = 0
[pid 5061] ioctl(4, LOOP_CLR_FD) = 0
[pid 5061] close(4) = 0
[pid 5061] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5061] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5061] write(5, "9", 1) = 1
[ 60.730728][ T5061] loop0: detected capacity change from 0 to 64
[ 60.738792][ T5061] hfs: unable to locate alternate MDB
[ 60.744771][ T5061] hfs: continuing without an alternate MDB
[ 60.757576][ T5061] FAULT_INJECTION: forcing a failure.
[ 60.757576][ T5061] name failslab, interval 1, probability 0, space 0, times 0
[ 60.770637][ T5061] CPU: 1 PID: 5061 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 60.781054][ T5061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 60.791105][ T5061] Call Trace:
[ 60.794380][ T5061]
[ 60.797306][ T5061] dump_stack_lvl+0x1e7/0x2d0
[ 60.801999][ T5061] ? nf_tcp_handle_invalid+0x650/0x650
[ 60.807458][ T5061] ? panic+0x770/0x770
[ 60.811507][ T5061] ? rcu_is_watching+0x15/0xb0
[ 60.816254][ T5061] ? trace_contention_end+0x3c/0xf0
[ 60.821441][ T5061] should_fail_ex+0x3aa/0x4e0
[ 60.826111][ T5061] should_failslab+0x9/0x20
[ 60.830619][ T5061] slab_pre_alloc_hook+0x59/0x2b0
[ 60.835646][ T5061] ? hfs_find_init+0x90/0x1f0
[ 60.840305][ T5061] __kmem_cache_alloc_node+0x4b/0x270
[ 60.845667][ T5061] ? lock_release+0xbf/0x9d0
[ 60.850246][ T5061] ? hfs_find_init+0x90/0x1f0
[ 60.854905][ T5061] __kmalloc+0xa8/0x230
[ 60.859046][ T5061] hfs_find_init+0x90/0x1f0
[ 60.863535][ T5061] hfs_extend_file+0x31b/0x1440
[ 60.868371][ T5061] ? hfs_get_block+0xb60/0xb60
[ 60.873134][ T5061] ? find_lock_entries+0x10d0/0x10d0
[ 60.878427][ T5061] ? clean_bdev_aliases+0x66a/0x770
[ 60.883609][ T5061] hfs_get_block+0x3e4/0xb60
[ 60.888206][ T5061] ? hfs_free_extents+0x420/0x420
[ 60.893257][ T5061] ? _raw_spin_unlock+0x28/0x40
[ 60.898111][ T5061] ? folio_create_buffers+0x132/0x250
[ 60.903479][ T5061] __block_write_begin_int+0x555/0x1a40
[ 60.909014][ T5061] ? hfs_free_extents+0x420/0x420
[ 60.914027][ T5061] ? folio_zero_new_buffers+0x530/0x530
[ 60.919573][ T5061] ? pagecache_get_page+0x243/0x590
[ 60.924780][ T5061] ? hfs_free_extents+0x420/0x420
[ 60.929811][ T5061] block_write_begin+0x9b/0x1e0
[ 60.934667][ T5061] cont_write_begin+0x643/0x880
[ 60.939502][ T5061] ? fault_in_readable+0x165/0x2b0
[ 60.944598][ T5061] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 60.950479][ T5061] ? fault_in_readable+0x1a6/0x2b0
[ 60.955601][ T5061] ? fault_in_safe_writeable+0x260/0x260
[ 60.961235][ T5061] hfs_write_begin+0x8a/0xd0
[ 60.965809][ T5061] ? hfs_free_extents+0x420/0x420
[ 60.970824][ T5061] generic_perform_write+0x31b/0x630
[ 60.976104][ T5061] ? generic_file_direct_write+0x3f0/0x3f0
[ 60.981898][ T5061] ? __mnt_drop_write_file+0xc2/0x100
[ 60.987269][ T5061] ? __generic_file_write_iter+0x101/0x230
[ 60.993058][ T5061] generic_file_write_iter+0xaf/0x310
[ 60.998412][ T5061] vfs_write+0x782/0xaf0
[ 61.002646][ T5061] ? file_end_write+0x250/0x250
[ 61.007494][ T5061] ? __asan_memset+0x23/0x40
[ 61.012072][ T5061] ? __fdget_pos+0x2c7/0x340
[ 61.016646][ T5061] ksys_write+0x1a0/0x2c0
[ 61.020964][ T5061] ? __ia32_sys_read+0x90/0x90
[ 61.025716][ T5061] ? rcu_is_watching+0x15/0xb0
[ 61.030464][ T5061] ? syscall_enter_from_user_mode+0x8c/0x230
[ 61.036454][ T5061] do_syscall_64+0x41/0xc0
[ 61.040856][ T5061] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.046738][ T5061] RIP: 0033:0x7f368e8d11e9
[ 61.051137][ T5061] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 61.070734][ T5061] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5061] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5061] exit_group(0) = ?
[pid 5061] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5061, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/bus") = 0
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5062 attached
, child_tidptr=0x555556430650) = 5062
[pid 5062] set_robust_list(0x555556430660, 24) = 0
[pid 5062] chdir("./31") = 0
[pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5062] setpgid(0, 0) = 0
[pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5062] write(3, "1000", 4) = 4
[pid 5062] close(3) = 0
[pid 5062] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5062] memfd_create("syzkaller", 0) = 3
[pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5062] munmap(0x7f3686492000, 32768) = 0
[pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 61.079152][ T5061] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 61.087112][ T5061] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 61.095066][ T5061] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 61.103020][ T5061] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 61.110971][ T5061] R13: 000000000000001e R14: 431bde82d7b634db R15: 00007ffecc946110
[ 61.118933][ T5061]
[ 61.124265][ T5061] hfs_btree_del_level
[pid 5062] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5062] close(3) = 0
[pid 5062] mkdir("./bus", 0777) = 0
[pid 5062] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5062] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5062] chdir("./bus") = 0
[pid 5062] ioctl(4, LOOP_CLR_FD) = 0
[pid 5062] close(4) = 0
[pid 5062] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5062] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5062] write(5, "9", 1) = 1
[pid 5062] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5062] exit_group(0) = ?
[pid 5062] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/bus") = 0
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5063 attached
, child_tidptr=0x555556430650) = 5063
[pid 5063] set_robust_list(0x555556430660, 24) = 0
[pid 5063] chdir("./32") = 0
[ 61.161406][ T5062] loop0: detected capacity change from 0 to 64
[ 61.170254][ T5062] hfs: unable to locate alternate MDB
[ 61.175721][ T5062] hfs: continuing without an alternate MDB
[pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5063] setpgid(0, 0) = 0
[pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5063] write(3, "1000", 4) = 4
[pid 5063] close(3) = 0
[pid 5063] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5063] memfd_create("syzkaller", 0) = 3
[pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5063] munmap(0x7f3686492000, 32768) = 0
[pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5063] close(3) = 0
[pid 5063] mkdir("./bus", 0777) = 0
[pid 5063] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5063] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5063] chdir("./bus") = 0
[pid 5063] ioctl(4, LOOP_CLR_FD) = 0
[pid 5063] close(4) = 0
[pid 5063] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5063] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5063] write(5, "9", 1) = 1
[ 61.230124][ T5063] loop0: detected capacity change from 0 to 64
[ 61.240322][ T5063] hfs: unable to locate alternate MDB
[ 61.246783][ T5063] hfs: continuing without an alternate MDB
[ 61.268757][ T5063] FAULT_INJECTION: forcing a failure.
[ 61.268757][ T5063] name failslab, interval 1, probability 0, space 0, times 0
[ 61.281406][ T5063] CPU: 0 PID: 5063 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 61.291799][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 61.301834][ T5063] Call Trace:
[ 61.305097][ T5063]
[ 61.308012][ T5063] dump_stack_lvl+0x1e7/0x2d0
[ 61.312677][ T5063] ? nf_tcp_handle_invalid+0x650/0x650
[ 61.318127][ T5063] ? panic+0x770/0x770
[ 61.322197][ T5063] ? rcu_is_watching+0x15/0xb0
[ 61.326944][ T5063] ? trace_contention_end+0x3c/0xf0
[ 61.332124][ T5063] should_fail_ex+0x3aa/0x4e0
[ 61.336783][ T5063] should_failslab+0x9/0x20
[ 61.341272][ T5063] slab_pre_alloc_hook+0x59/0x2b0
[ 61.346288][ T5063] ? hfs_find_init+0x90/0x1f0
[ 61.350950][ T5063] __kmem_cache_alloc_node+0x4b/0x270
[ 61.356310][ T5063] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 61.362103][ T5063] ? hfs_find_init+0x90/0x1f0
[ 61.366769][ T5063] __kmalloc+0xa8/0x230
[ 61.370910][ T5063] ? rcu_is_watching+0x15/0xb0
[ 61.375662][ T5063] hfs_find_init+0x90/0x1f0
[ 61.380151][ T5063] hfs_extend_file+0x31b/0x1440
[ 61.384996][ T5063] ? hfs_get_block+0xb60/0xb60
[ 61.389744][ T5063] ? lru_cache_disable+0x30/0x30
[ 61.394669][ T5063] ? __might_sleep+0xc0/0xc0
[ 61.399253][ T5063] ? clean_bdev_aliases+0x67b/0x770
[ 61.404437][ T5063] hfs_get_block+0x3e4/0xb60
[ 61.409018][ T5063] ? hfs_free_extents+0x420/0x420
[ 61.414032][ T5063] ? _raw_spin_unlock+0x28/0x40
[ 61.418867][ T5063] ? folio_create_buffers+0x132/0x250
[ 61.424224][ T5063] __block_write_begin_int+0x555/0x1a40
[ 61.429761][ T5063] ? hfs_free_extents+0x420/0x420
[ 61.434770][ T5063] ? folio_zero_new_buffers+0x530/0x530
[ 61.440301][ T5063] ? pagecache_get_page+0x243/0x590
[ 61.445483][ T5063] ? hfs_free_extents+0x420/0x420
[ 61.450493][ T5063] block_write_begin+0x9b/0x1e0
[ 61.455329][ T5063] cont_write_begin+0x643/0x880
[ 61.460170][ T5063] ? fault_in_readable+0x165/0x2b0
[ 61.465268][ T5063] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 61.471317][ T5063] ? fault_in_readable+0x1a6/0x2b0
[ 61.476414][ T5063] ? fault_in_safe_writeable+0x260/0x260
[ 61.482038][ T5063] hfs_write_begin+0x8a/0xd0
[ 61.486615][ T5063] ? hfs_free_extents+0x420/0x420
[ 61.491624][ T5063] generic_perform_write+0x31b/0x630
[ 61.496903][ T5063] ? generic_file_direct_write+0x3f0/0x3f0
[ 61.502693][ T5063] ? __mnt_drop_write_file+0xc2/0x100
[ 61.508059][ T5063] ? __generic_file_write_iter+0x101/0x230
[ 61.513851][ T5063] generic_file_write_iter+0xaf/0x310
[ 61.519210][ T5063] vfs_write+0x782/0xaf0
[ 61.523443][ T5063] ? file_end_write+0x250/0x250
[ 61.528277][ T5063] ? __asan_memset+0x23/0x40
[ 61.532857][ T5063] ? __fdget_pos+0x2c7/0x340
[ 61.537435][ T5063] ksys_write+0x1a0/0x2c0
[ 61.541753][ T5063] ? __ia32_sys_read+0x90/0x90
[ 61.546505][ T5063] ? rcu_is_watching+0x15/0xb0
[ 61.551255][ T5063] ? syscall_enter_from_user_mode+0x8c/0x230
[ 61.557228][ T5063] do_syscall_64+0x41/0xc0
[ 61.561630][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.567512][ T5063] RIP: 0033:0x7f368e8d11e9
[ 61.571910][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 61.591497][ T5063] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 61.599917][ T5063] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 61.607874][ T5063] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 61.615828][ T5063] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 61.623783][ T5063] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[pid 5063] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5063] exit_group(0) = ?
[pid 5063] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/bus") = 0
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5064 attached
, child_tidptr=0x555556430650) = 5064
[pid 5064] set_robust_list(0x555556430660, 24) = 0
[pid 5064] chdir("./33") = 0
[pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5064] setpgid(0, 0) = 0
[pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5064] write(3, "1000", 4) = 4
[pid 5064] close(3) = 0
[pid 5064] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5064] memfd_create("syzkaller", 0) = 3
[pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5064] munmap(0x7f3686492000, 32768) = 0
[pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5064] close(3) = 0
[pid 5064] mkdir("./bus", 0777) = 0
[ 61.631747][ T5063] R13: 0000000000000020 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 61.639710][ T5063]
[ 61.643199][ T5063] hfs_btree_del_level
[ 61.671580][ T5064] loop0: detected capacity change from 0 to 64
[pid 5064] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5064] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5064] chdir("./bus") = 0
[pid 5064] ioctl(4, LOOP_CLR_FD) = 0
[pid 5064] close(4) = 0
[pid 5064] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5064] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5064] write(5, "9", 1) = 1
[pid 5064] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5064] exit_group(0) = ?
[pid 5064] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/bus") = 0
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5065 attached
, child_tidptr=0x555556430650) = 5065
[pid 5065] set_robust_list(0x555556430660, 24) = 0
[pid 5065] chdir("./34") = 0
[pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5065] setpgid(0, 0) = 0
[pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5065] write(3, "1000", 4) = 4
[pid 5065] close(3) = 0
[pid 5065] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5065] memfd_create("syzkaller", 0) = 3
[pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[ 61.680062][ T5064] hfs: unable to locate alternate MDB
[ 61.686024][ T5064] hfs: continuing without an alternate MDB
[pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5065] munmap(0x7f3686492000, 32768) = 0
[pid 5065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5065] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5065] close(3) = 0
[pid 5065] mkdir("./bus", 0777) = 0
[pid 5065] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5065] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5065] chdir("./bus") = 0
[pid 5065] ioctl(4, LOOP_CLR_FD) = 0
[pid 5065] close(4) = 0
[pid 5065] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5065] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5065] write(5, "9", 1) = 1
[ 61.744776][ T5065] loop0: detected capacity change from 0 to 64
[ 61.753746][ T5065] hfs: unable to locate alternate MDB
[ 61.759172][ T5065] hfs: continuing without an alternate MDB
[ 61.769927][ T5065] FAULT_INJECTION: forcing a failure.
[ 61.769927][ T5065] name failslab, interval 1, probability 0, space 0, times 0
[ 61.782966][ T5065] CPU: 0 PID: 5065 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 61.793382][ T5065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 61.803419][ T5065] Call Trace:
[ 61.806682][ T5065]
[ 61.809598][ T5065] dump_stack_lvl+0x1e7/0x2d0
[ 61.814262][ T5065] ? nf_tcp_handle_invalid+0x650/0x650
[ 61.819713][ T5065] ? panic+0x770/0x770
[ 61.823802][ T5065] ? rcu_is_watching+0x15/0xb0
[ 61.828550][ T5065] ? trace_contention_end+0x3c/0xf0
[ 61.833732][ T5065] should_fail_ex+0x3aa/0x4e0
[ 61.838398][ T5065] should_failslab+0x9/0x20
[ 61.842887][ T5065] slab_pre_alloc_hook+0x59/0x2b0
[ 61.847900][ T5065] ? hfs_find_init+0x90/0x1f0
[ 61.852558][ T5065] __kmem_cache_alloc_node+0x4b/0x270
[ 61.857922][ T5065] ? lock_release+0xbf/0x9d0
[ 61.862514][ T5065] ? hfs_find_init+0x90/0x1f0
[ 61.867171][ T5065] __kmalloc+0xa8/0x230
[ 61.871315][ T5065] hfs_find_init+0x90/0x1f0
[ 61.875801][ T5065] hfs_extend_file+0x31b/0x1440
[ 61.880660][ T5065] ? hfs_get_block+0xb60/0xb60
[ 61.885408][ T5065] ? find_lock_entries+0x10d0/0x10d0
[ 61.890680][ T5065] ? clean_bdev_aliases+0x66a/0x770
[ 61.895858][ T5065] hfs_get_block+0x3e4/0xb60
[ 61.900432][ T5065] ? hfs_free_extents+0x420/0x420
[ 61.905442][ T5065] ? _raw_spin_unlock+0x28/0x40
[ 61.910275][ T5065] ? folio_create_buffers+0x132/0x250
[ 61.915629][ T5065] __block_write_begin_int+0x555/0x1a40
[ 61.921181][ T5065] ? hfs_free_extents+0x420/0x420
[ 61.926188][ T5065] ? folio_zero_new_buffers+0x530/0x530
[ 61.931719][ T5065] ? pagecache_get_page+0x243/0x590
[ 61.936908][ T5065] ? hfs_free_extents+0x420/0x420
[ 61.941936][ T5065] block_write_begin+0x9b/0x1e0
[ 61.946780][ T5065] cont_write_begin+0x643/0x880
[ 61.951641][ T5065] ? fault_in_readable+0x165/0x2b0
[ 61.956756][ T5065] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 61.962628][ T5065] ? fault_in_readable+0x1a6/0x2b0
[ 61.967730][ T5065] ? fault_in_safe_writeable+0x260/0x260
[ 61.973363][ T5065] hfs_write_begin+0x8a/0xd0
[ 61.977935][ T5065] ? hfs_free_extents+0x420/0x420
[ 61.982942][ T5065] generic_perform_write+0x31b/0x630
[ 61.988214][ T5065] ? generic_file_direct_write+0x3f0/0x3f0
[ 61.994008][ T5065] ? __mnt_drop_write_file+0xc2/0x100
[ 61.999373][ T5065] ? __generic_file_write_iter+0x101/0x230
[ 62.005173][ T5065] generic_file_write_iter+0xaf/0x310
[ 62.010551][ T5065] vfs_write+0x782/0xaf0
[ 62.014785][ T5065] ? file_end_write+0x250/0x250
[ 62.019621][ T5065] ? __asan_memset+0x23/0x40
[ 62.024199][ T5065] ? __fdget_pos+0x2c7/0x340
[ 62.028783][ T5065] ksys_write+0x1a0/0x2c0
[ 62.033121][ T5065] ? __ia32_sys_read+0x90/0x90
[ 62.037868][ T5065] ? rcu_is_watching+0x15/0xb0
[ 62.042615][ T5065] ? syscall_enter_from_user_mode+0x8c/0x230
[ 62.048587][ T5065] do_syscall_64+0x41/0xc0
[ 62.052990][ T5065] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.058874][ T5065] RIP: 0033:0x7f368e8d11e9
[ 62.063286][ T5065] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 62.082894][ T5065] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5065] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5065] exit_group(0) = ?
[pid 5065] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/bus") = 0
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached
, child_tidptr=0x555556430650) = 5066
[pid 5066] set_robust_list(0x555556430660, 24) = 0
[pid 5066] chdir("./35") = 0
[pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5066] setpgid(0, 0) = 0
[pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5066] write(3, "1000", 4) = 4
[pid 5066] close(3) = 0
[pid 5066] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5066] memfd_create("syzkaller", 0) = 3
[pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5066] munmap(0x7f3686492000, 32768) = 0
[pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 62.091289][ T5065] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 62.099253][ T5065] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 62.107221][ T5065] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 62.115172][ T5065] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 62.123126][ T5065] R13: 0000000000000022 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 62.131084][ T5065]
[ 62.134677][ T5065] hfs_btree_del_level
[pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5066] close(3) = 0
[pid 5066] mkdir("./bus", 0777) = 0
[pid 5066] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5066] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5066] chdir("./bus") = 0
[pid 5066] ioctl(4, LOOP_CLR_FD) = 0
[pid 5066] close(4) = 0
[pid 5066] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5066] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5066] write(5, "9", 1) = 1
[ 62.172260][ T5066] loop0: detected capacity change from 0 to 64
[ 62.180866][ T5066] hfs: unable to locate alternate MDB
[ 62.186397][ T5066] hfs: continuing without an alternate MDB
[ 62.198969][ T5066] FAULT_INJECTION: forcing a failure.
[ 62.198969][ T5066] name failslab, interval 1, probability 0, space 0, times 0
[ 62.211697][ T5066] CPU: 1 PID: 5066 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 62.222093][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 62.232128][ T5066] Call Trace:
[ 62.235391][ T5066]
[ 62.238303][ T5066] dump_stack_lvl+0x1e7/0x2d0
[ 62.242967][ T5066] ? nf_tcp_handle_invalid+0x650/0x650
[ 62.248451][ T5066] ? panic+0x770/0x770
[ 62.252517][ T5066] ? rcu_is_watching+0x15/0xb0
[ 62.257264][ T5066] ? trace_contention_end+0x3c/0xf0
[ 62.262447][ T5066] should_fail_ex+0x3aa/0x4e0
[ 62.267112][ T5066] should_failslab+0x9/0x20
[ 62.271780][ T5066] slab_pre_alloc_hook+0x59/0x2b0
[ 62.276801][ T5066] ? hfs_find_init+0x90/0x1f0
[ 62.281461][ T5066] __kmem_cache_alloc_node+0x4b/0x270
[ 62.286818][ T5066] ? lock_release+0xbf/0x9d0
[ 62.291397][ T5066] ? hfs_find_init+0x90/0x1f0
[ 62.296059][ T5066] __kmalloc+0xa8/0x230
[ 62.300205][ T5066] hfs_find_init+0x90/0x1f0
[ 62.304696][ T5066] hfs_extend_file+0x31b/0x1440
[ 62.309537][ T5066] ? hfs_get_block+0xb60/0xb60
[ 62.314295][ T5066] ? find_lock_entries+0x10d0/0x10d0
[ 62.319574][ T5066] ? clean_bdev_aliases+0x66a/0x770
[ 62.324759][ T5066] hfs_get_block+0x3e4/0xb60
[ 62.329342][ T5066] ? hfs_free_extents+0x420/0x420
[ 62.334357][ T5066] ? _raw_spin_unlock+0x28/0x40
[ 62.339194][ T5066] ? folio_create_buffers+0x132/0x250
[ 62.344554][ T5066] __block_write_begin_int+0x555/0x1a40
[ 62.350101][ T5066] ? hfs_free_extents+0x420/0x420
[ 62.355113][ T5066] ? folio_zero_new_buffers+0x530/0x530
[ 62.360645][ T5066] ? pagecache_get_page+0x243/0x590
[ 62.365830][ T5066] ? hfs_free_extents+0x420/0x420
[ 62.370840][ T5066] block_write_begin+0x9b/0x1e0
[ 62.375674][ T5066] cont_write_begin+0x643/0x880
[ 62.380512][ T5066] ? fault_in_readable+0x165/0x2b0
[ 62.385610][ T5066] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 62.391487][ T5066] ? fault_in_readable+0x1a6/0x2b0
[ 62.396588][ T5066] ? fault_in_safe_writeable+0x260/0x260
[ 62.402222][ T5066] hfs_write_begin+0x8a/0xd0
[ 62.406799][ T5066] ? hfs_free_extents+0x420/0x420
[ 62.411811][ T5066] generic_perform_write+0x31b/0x630
[ 62.417086][ T5066] ? generic_file_direct_write+0x3f0/0x3f0
[ 62.422879][ T5066] ? __mnt_drop_write_file+0xc2/0x100
[ 62.428242][ T5066] ? __generic_file_write_iter+0x101/0x230
[ 62.434035][ T5066] generic_file_write_iter+0xaf/0x310
[ 62.439395][ T5066] vfs_write+0x782/0xaf0
[ 62.443630][ T5066] ? file_end_write+0x250/0x250
[ 62.448466][ T5066] ? __asan_memset+0x23/0x40
[ 62.453049][ T5066] ? __fdget_pos+0x2c7/0x340
[ 62.457629][ T5066] ksys_write+0x1a0/0x2c0
[ 62.461946][ T5066] ? __ia32_sys_read+0x90/0x90
[ 62.466695][ T5066] ? rcu_is_watching+0x15/0xb0
[ 62.471446][ T5066] ? syscall_enter_from_user_mode+0x8c/0x230
[ 62.477418][ T5066] do_syscall_64+0x41/0xc0
[ 62.481823][ T5066] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.487705][ T5066] RIP: 0033:0x7f368e8d11e9
[ 62.492105][ T5066] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 62.511693][ T5066] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5066] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5066] exit_group(0) = ?
[pid 5066] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555564316f0 /* 4 entries */, 32768) = 104
umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556439730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556439730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/bus") = 0
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
getdents64(3, 0x5555564316f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5067 attached
, child_tidptr=0x555556430650) = 5067
[ 62.520092][ T5066] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 62.528048][ T5066] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 62.536005][ T5066] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 62.543980][ T5066] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 62.551934][ T5066] R13: 0000000000000023 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 62.559894][ T5066]
[ 62.563512][ T5066] hfs_btree_del_level
[pid 5067] set_robust_list(0x555556430660, 24) = 0
[pid 5067] chdir("./36") = 0
[pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5067] setpgid(0, 0) = 0
[pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5067] write(3, "1000", 4) = 4
[pid 5067] close(3) = 0
[pid 5067] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5067] memfd_create("syzkaller", 0) = 3
[pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3686492000
[pid 5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5067] munmap(0x7f3686492000, 32768) = 0
[pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5067] close(3) = 0
[pid 5067] mkdir("./bus", 0777) = 0
[pid 5067] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5067] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5067] chdir("./bus") = 0
[pid 5067] ioctl(4, LOOP_CLR_FD) = 0
[pid 5067] close(4) = 0
[pid 5067] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5067] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5067] write(5, "9", 1) = 1
[ 62.589550][ T5067] loop0: detected capacity change from 0 to 64
[ 62.598441][ T5067] hfs: unable to locate alternate MDB
[ 62.604728][ T5067] hfs: continuing without an alternate MDB
[ 62.622009][ T5067] FAULT_INJECTION: forcing a failure.
[ 62.622009][ T5067] name failslab, interval 1, probability 0, space 0, times 0
[ 62.634703][ T5067] CPU: 0 PID: 5067 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 62.645110][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 62.655148][ T5067] Call Trace:
[ 62.658412][ T5067]
[ 62.661325][ T5067] dump_stack_lvl+0x1e7/0x2d0
[ 62.665990][ T5067] ? nf_tcp_handle_invalid+0x650/0x650
[ 62.671444][ T5067] ? panic+0x770/0x770
[ 62.675507][ T5067] ? rcu_is_watching+0x15/0xb0
[ 62.680253][ T5067] ? lock_release+0xbf/0x9d0
[ 62.684829][ T5067] ? __lock_acquire+0x7f70/0x7f70
[ 62.689845][ T5067] should_fail_ex+0x3aa/0x4e0
[ 62.694508][ T5067] should_failslab+0x9/0x20
[ 62.698999][ T5067] slab_pre_alloc_hook+0x59/0x2b0
[ 62.704017][ T5067] ? __hfs_bnode_create+0xf8/0x7b0
[ 62.709112][ T5067] __kmem_cache_alloc_node+0x4b/0x270
[ 62.714473][ T5067] ? __hfs_bnode_create+0xf8/0x7b0
[ 62.719577][ T5067] __kmalloc+0xa8/0x230
[ 62.723733][ T5067] ? lock_release+0xbf/0x9d0
[ 62.728319][ T5067] __hfs_bnode_create+0xf8/0x7b0
[ 62.733341][ T5067] ? do_raw_spin_lock+0x14d/0x3a0
[ 62.738345][ T5067] ? hfs_bnode_get+0x40/0x40
[ 62.742917][ T5067] ? do_raw_spin_unlock+0x13b/0x8b0
[ 62.748103][ T5067] ? deref_stack_reg+0x1c7/0x250
[ 62.753024][ T5067] hfs_bnode_find+0x244/0xf50
[ 62.757687][ T5067] ? deref_stack_reg+0x1c7/0x250
[ 62.762607][ T5067] ? hfs_bnode_unlink+0x7f0/0x7f0
[ 62.767612][ T5067] ? is_bpf_text_address+0x253/0x270
[ 62.772880][ T5067] ? is_module_text_address+0x120/0x180
[ 62.778430][ T5067] ? stack_trace_save+0x1c0/0x1c0
[ 62.783434][ T5067] ? hfs_bmap_reserve+0x3b1/0x3f0
[ 62.788441][ T5067] ? kernel_text_address+0xa3/0xe0
[ 62.793539][ T5067] ? unwind_get_return_address+0x91/0xc0
[ 62.799155][ T5067] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.805216][ T5067] hfs_bmap_alloc+0xc9/0x640
[ 62.809803][ T5067] ? hfs_bmap_reserve+0x3f0/0x3f0
[ 62.814828][ T5067] ? stack_trace_save+0x117/0x1c0
[ 62.819839][ T5067] hfs_btree_inc_height+0x11e/0xd20
[ 62.825024][ T5067] ? rcu_is_watching+0x15/0xb0
[ 62.829781][ T5067] ? lock_acquire+0xe3/0x520
[ 62.834373][ T5067] ? hfs_brec_insert+0xbd0/0xbd0
[ 62.839295][ T5067] ? __mutex_trylock_common+0x182/0x2e0
[ 62.844825][ T5067] ? __might_sleep+0xc0/0xc0
[ 62.849405][ T5067] hfs_brec_insert+0x15b/0xbd0
[ 62.854158][ T5067] ? rcu_is_watching+0x15/0xb0
[ 62.858907][ T5067] ? trace_contention_end+0x3c/0xf0
[ 62.864098][ T5067] ? hfs_brec_find+0x197/0x570
[ 62.868848][ T5067] ? hfs_brec_keylen+0x360/0x360
[ 62.873769][ T5067] ? mutex_lock_io_nested+0x60/0x60
[ 62.878958][ T5067] __hfs_ext_write_extent+0x2f2/0x4f0
[ 62.884320][ T5067] __hfs_ext_cache_extent+0x6a/0x990
[ 62.889594][ T5067] ? mutex_lock_nested+0x1b/0x20
[ 62.894521][ T5067] ? hfs_find_init+0x16e/0x1f0
[ 62.899271][ T5067] hfs_extend_file+0x344/0x1440
[ 62.904113][ T5067] ? hfs_get_block+0xb60/0xb60
[ 62.908864][ T5067] ? lru_cache_disable+0x30/0x30
[ 62.913799][ T5067] ? __might_sleep+0xc0/0xc0
[ 62.918397][ T5067] ? clean_bdev_aliases+0x67b/0x770
[ 62.923601][ T5067] hfs_get_block+0x3e4/0xb60
[ 62.928181][ T5067] ? hfs_free_extents+0x420/0x420
[ 62.933195][ T5067] ? _raw_spin_unlock+0x28/0x40
[ 62.938027][ T5067] ? folio_create_buffers+0x132/0x250
[ 62.943385][ T5067] __block_write_begin_int+0x555/0x1a40
[ 62.948940][ T5067] ? hfs_free_extents+0x420/0x420
[ 62.953975][ T5067] ? folio_zero_new_buffers+0x530/0x530
[ 62.959531][ T5067] ? pagecache_get_page+0x243/0x590
[ 62.964717][ T5067] ? hfs_free_extents+0x420/0x420
[ 62.969725][ T5067] block_write_begin+0x9b/0x1e0
[ 62.974561][ T5067] cont_write_begin+0x643/0x880
[ 62.979396][ T5067] ? fault_in_readable+0x165/0x2b0
[ 62.984494][ T5067] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 62.990369][ T5067] ? fault_in_readable+0x1a6/0x2b0
[ 62.995474][ T5067] ? fault_in_safe_writeable+0x260/0x260
[ 63.001117][ T5067] hfs_write_begin+0x8a/0xd0
[ 63.005704][ T5067] ? hfs_free_extents+0x420/0x420
[ 63.010749][ T5067] generic_perform_write+0x31b/0x630
[ 63.016029][ T5067] ? generic_file_direct_write+0x3f0/0x3f0
[ 63.021833][ T5067] ? __mnt_drop_write_file+0xc2/0x100
[ 63.027211][ T5067] ? __generic_file_write_iter+0x101/0x230
[ 63.033007][ T5067] generic_file_write_iter+0xaf/0x310
[ 63.038366][ T5067] vfs_write+0x782/0xaf0
[ 63.042599][ T5067] ? file_end_write+0x250/0x250
[ 63.047434][ T5067] ? __asan_memset+0x23/0x40
[ 63.052021][ T5067] ? __fdget_pos+0x2c7/0x340
[ 63.056615][ T5067] ksys_write+0x1a0/0x2c0
[ 63.060930][ T5067] ? __ia32_sys_read+0x90/0x90
[ 63.065678][ T5067] ? rcu_is_watching+0x15/0xb0
[ 63.070438][ T5067] ? syscall_enter_from_user_mode+0x8c/0x230
[ 63.076410][ T5067] do_syscall_64+0x41/0xc0
[ 63.080821][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.086718][ T5067] RIP: 0033:0x7f368e8d11e9
[ 63.091116][ T5067] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 63.110706][ T5067] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 63.119103][ T5067] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 63.127066][ T5067] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 63.135035][ T5067] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 63.142990][ T5067] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 63.150951][ T5067] R13: 0000000000000024 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 63.158929][ T5067]
[ 63.162484][ T5067] hfs: new node 0 already hashed?
[ 63.168727][ T5067] ------------[ cut here ]------------
[ 63.174232][ T5067] WARNING: CPU: 0 PID: 5067 at fs/hfs/bnode.c:422 hfs_bnode_create+0x3b1/0x440
[ 63.183219][ T5067] Modules linked in:
[ 63.187102][ T5067] CPU: 0 PID: 5067 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 63.197525][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 63.207594][ T5067] RIP: 0010:hfs_bnode_create+0x3b1/0x440
[ 63.213254][ T5067] Code: 8b 44 89 e6 e8 d0 db 5e 08 e9 7c fd ff ff e8 96 2b 25 ff 4c 89 ff e8 9e 49 6b 08 48 c7 c7 e0 5f 20 8b 44 89 e6 e8 af db 5e 08 <0f> 0b eb b5 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 89 fc ff ff 48 89
[ 63.232887][ T5067] RSP: 0018:ffffc90004196fd8 EFLAGS: 00010246
[ 63.238953][ T5067] RAX: 000000000000001f RBX: ffff88801d04fb00 RCX: d0fd58c6c1641800
[ 63.246949][ T5067] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 63.254940][ T5067] RBP: 0000000000000000 R08: ffffffff8170bdac R09: 1ffff92000832d68
[ 63.262959][ T5067] R10: dffffc0000000000 R11: fffff52000832d69 R12: 0000000000000000
[ 63.270930][ T5067] R13: dffffc0000000000 R14: ffff88807d71c000 R15: ffff88807d71c0e0
[ 63.278921][ T5067] FS: 0000555556430380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 63.287877][ T5067] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 63.294485][ T5067] CR2: 0000000020008000 CR3: 0000000078be1000 CR4: 00000000003506f0
[ 63.302457][ T5067] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 63.310436][ T5067] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 63.318430][ T5067] Call Trace:
[ 63.321718][ T5067]
[ 63.324659][ T5067] ? __warn+0x162/0x4a0
[ 63.328831][ T5067] ? hfs_bnode_create+0x3b1/0x440
[ 63.333896][ T5067] ? report_bug+0x2b3/0x500
[ 63.338404][ T5067] ? hfs_bnode_create+0x3b1/0x440
[ 63.343441][ T5067] ? handle_bug+0x3d/0x70
[ 63.347777][ T5067] ? exc_invalid_op+0x1a/0x50
[ 63.352441][ T5067] ? asm_exc_invalid_op+0x1a/0x20
[ 63.357478][ T5067] ? __wake_up_klogd+0xcc/0x100
[ 63.362330][ T5067] ? hfs_bnode_create+0x3b1/0x440
[ 63.367366][ T5067] ? hfs_bnode_create+0x3b1/0x440
[ 63.372394][ T5067] hfs_bmap_alloc+0x5a6/0x640
[ 63.377109][ T5067] ? hfs_bmap_reserve+0x3f0/0x3f0
[ 63.382139][ T5067] ? rcu_is_watching+0x15/0xb0
[ 63.386928][ T5067] hfs_btree_inc_height+0x11e/0xd20
[ 63.392135][ T5067] ? folio_memcg+0x141/0x4f0
[ 63.396768][ T5067] ? workingset_activation+0x58e/0x840
[ 63.402230][ T5067] ? hfs_brec_insert+0xbd0/0xbd0
[ 63.407204][ T5067] ? do_raw_spin_unlock+0x13b/0x8b0
[ 63.412394][ T5067] ? hfs_bnode_put+0x1c0/0x370
[ 63.417183][ T5067] hfs_brec_insert+0x723/0xbd0
[ 63.421955][ T5067] ? hfs_brec_keylen+0x360/0x360
[ 63.426902][ T5067] ? mutex_lock_io_nested+0x60/0x60
[ 63.432109][ T5067] __hfs_ext_write_extent+0x2f2/0x4f0
[ 63.437501][ T5067] __hfs_ext_cache_extent+0x6a/0x990
[ 63.442815][ T5067] ? mutex_lock_nested+0x1b/0x20
[ 63.447750][ T5067] ? hfs_find_init+0x16e/0x1f0
[ 63.452506][ T5067] hfs_extend_file+0x344/0x1440
[ 63.457399][ T5067] ? hfs_get_block+0xb60/0xb60
[ 63.462164][ T5067] ? lru_cache_disable+0x30/0x30
[ 63.467112][ T5067] ? __might_sleep+0xc0/0xc0
[ 63.471711][ T5067] ? clean_bdev_aliases+0x67b/0x770
[ 63.476931][ T5067] hfs_get_block+0x3e4/0xb60
[ 63.481540][ T5067] ? hfs_free_extents+0x420/0x420
[ 63.486618][ T5067] ? _raw_spin_unlock+0x28/0x40
[ 63.491468][ T5067] ? folio_create_buffers+0x132/0x250
[ 63.496874][ T5067] __block_write_begin_int+0x555/0x1a40
[ 63.502424][ T5067] ? hfs_free_extents+0x420/0x420
[ 63.507468][ T5067] ? folio_zero_new_buffers+0x530/0x530
[ 63.513048][ T5067] ? pagecache_get_page+0x243/0x590
[ 63.518254][ T5067] ? hfs_free_extents+0x420/0x420
[ 63.523308][ T5067] block_write_begin+0x9b/0x1e0
[ 63.528170][ T5067] cont_write_begin+0x643/0x880
[ 63.533053][ T5067] ? fault_in_readable+0x165/0x2b0
[ 63.538166][ T5067] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 63.544066][ T5067] ? fault_in_readable+0x1a6/0x2b0
[ 63.549180][ T5067] ? fault_in_safe_writeable+0x260/0x260
[ 63.554826][ T5067] hfs_write_begin+0x8a/0xd0
[ 63.559427][ T5067] ? hfs_free_extents+0x420/0x420
[ 63.564479][ T5067] generic_perform_write+0x31b/0x630
[ 63.569773][ T5067] ? generic_file_direct_write+0x3f0/0x3f0
[ 63.575595][ T5067] ? __mnt_drop_write_file+0xc2/0x100
[ 63.580976][ T5067] ? __generic_file_write_iter+0x101/0x230
[ 63.586794][ T5067] generic_file_write_iter+0xaf/0x310
[ 63.592166][ T5067] vfs_write+0x782/0xaf0
[ 63.596441][ T5067] ? file_end_write+0x250/0x250
[ 63.601294][ T5067] ? __asan_memset+0x23/0x40
[ 63.605933][ T5067] ? __fdget_pos+0x2c7/0x340
[ 63.610538][ T5067] ksys_write+0x1a0/0x2c0
[ 63.614882][ T5067] ? __ia32_sys_read+0x90/0x90
[ 63.619649][ T5067] ? rcu_is_watching+0x15/0xb0
[ 63.624425][ T5067] ? syscall_enter_from_user_mode+0x8c/0x230
[ 63.630413][ T5067] do_syscall_64+0x41/0xc0
[ 63.634851][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.640753][ T5067] RIP: 0033:0x7f368e8d11e9
[ 63.645189][ T5067] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 63.664831][ T5067] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 63.673279][ T5067] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 63.681257][ T5067] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 63.689256][ T5067] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 63.697242][ T5067] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 63.705237][ T5067] R13: 0000000000000024 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 63.713223][ T5067]
[ 63.716227][ T5067] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 63.723485][ T5067] CPU: 0 PID: 5067 Comm: syz-executor175 Not tainted 6.6.0-rc1-syzkaller-00115-g9fdfb15a3dbf #0
[ 63.733874][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 63.743911][ T5067] Call Trace:
[ 63.747182][ T5067]
[ 63.750095][ T5067] dump_stack_lvl+0x1e7/0x2d0
[ 63.754775][ T5067] ? nf_tcp_handle_invalid+0x650/0x650
[ 63.760222][ T5067] ? panic+0x770/0x770
[ 63.764273][ T5067] ? vscnprintf+0x5d/0x80
[ 63.768584][ T5067] panic+0x30f/0x770
[ 63.772472][ T5067] ? __warn+0x171/0x4a0
[ 63.776629][ T5067] ? __memcpy_flushcache+0x2b0/0x2b0
[ 63.781900][ T5067] __warn+0x314/0x4a0
[ 63.785865][ T5067] ? hfs_bnode_create+0x3b1/0x440
[ 63.790884][ T5067] report_bug+0x2b3/0x500
[ 63.795210][ T5067] ? hfs_bnode_create+0x3b1/0x440
[ 63.800226][ T5067] handle_bug+0x3d/0x70
[ 63.804374][ T5067] exc_invalid_op+0x1a/0x50
[ 63.808870][ T5067] asm_exc_invalid_op+0x1a/0x20
[ 63.813714][ T5067] RIP: 0010:hfs_bnode_create+0x3b1/0x440
[ 63.819336][ T5067] Code: 8b 44 89 e6 e8 d0 db 5e 08 e9 7c fd ff ff e8 96 2b 25 ff 4c 89 ff e8 9e 49 6b 08 48 c7 c7 e0 5f 20 8b 44 89 e6 e8 af db 5e 08 <0f> 0b eb b5 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 89 fc ff ff 48 89
[ 63.838930][ T5067] RSP: 0018:ffffc90004196fd8 EFLAGS: 00010246
[ 63.844985][ T5067] RAX: 000000000000001f RBX: ffff88801d04fb00 RCX: d0fd58c6c1641800
[ 63.852944][ T5067] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 63.860902][ T5067] RBP: 0000000000000000 R08: ffffffff8170bdac R09: 1ffff92000832d68
[ 63.868865][ T5067] R10: dffffc0000000000 R11: fffff52000832d69 R12: 0000000000000000
[ 63.876824][ T5067] R13: dffffc0000000000 R14: ffff88807d71c000 R15: ffff88807d71c0e0
[ 63.884788][ T5067] ? __wake_up_klogd+0xcc/0x100
[ 63.889629][ T5067] ? hfs_bnode_create+0x3b1/0x440
[ 63.894640][ T5067] hfs_bmap_alloc+0x5a6/0x640
[ 63.899305][ T5067] ? hfs_bmap_reserve+0x3f0/0x3f0
[ 63.904316][ T5067] ? rcu_is_watching+0x15/0xb0
[ 63.909068][ T5067] hfs_btree_inc_height+0x11e/0xd20
[ 63.914254][ T5067] ? folio_memcg+0x141/0x4f0
[ 63.918833][ T5067] ? workingset_activation+0x58e/0x840
[ 63.924279][ T5067] ? hfs_brec_insert+0xbd0/0xbd0
[ 63.929203][ T5067] ? do_raw_spin_unlock+0x13b/0x8b0
[ 63.934389][ T5067] ? hfs_bnode_put+0x1c0/0x370
[ 63.939143][ T5067] hfs_brec_insert+0x723/0xbd0
[ 63.943901][ T5067] ? hfs_brec_keylen+0x360/0x360
[ 63.948828][ T5067] ? mutex_lock_io_nested+0x60/0x60
[ 63.954018][ T5067] __hfs_ext_write_extent+0x2f2/0x4f0
[ 63.959379][ T5067] __hfs_ext_cache_extent+0x6a/0x990
[ 63.964656][ T5067] ? mutex_lock_nested+0x1b/0x20
[ 63.969583][ T5067] ? hfs_find_init+0x16e/0x1f0
[ 63.974334][ T5067] hfs_extend_file+0x344/0x1440
[ 63.979174][ T5067] ? hfs_get_block+0xb60/0xb60
[ 63.983923][ T5067] ? lru_cache_disable+0x30/0x30
[ 63.988848][ T5067] ? __might_sleep+0xc0/0xc0
[ 63.993432][ T5067] ? clean_bdev_aliases+0x67b/0x770
[ 63.998616][ T5067] hfs_get_block+0x3e4/0xb60
[ 64.003198][ T5067] ? hfs_free_extents+0x420/0x420
[ 64.008210][ T5067] ? _raw_spin_unlock+0x28/0x40
[ 64.013046][ T5067] ? folio_create_buffers+0x132/0x250
[ 64.018405][ T5067] __block_write_begin_int+0x555/0x1a40
[ 64.023942][ T5067] ? hfs_free_extents+0x420/0x420
[ 64.028954][ T5067] ? folio_zero_new_buffers+0x530/0x530
[ 64.034486][ T5067] ? pagecache_get_page+0x243/0x590
[ 64.039669][ T5067] ? hfs_free_extents+0x420/0x420
[ 64.044693][ T5067] block_write_begin+0x9b/0x1e0
[ 64.049540][ T5067] cont_write_begin+0x643/0x880
[ 64.054382][ T5067] ? fault_in_readable+0x165/0x2b0
[ 64.059487][ T5067] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 64.065371][ T5067] ? fault_in_readable+0x1a6/0x2b0
[ 64.070726][ T5067] ? fault_in_safe_writeable+0x260/0x260
[ 64.076360][ T5067] hfs_write_begin+0x8a/0xd0
[ 64.080940][ T5067] ? hfs_free_extents+0x420/0x420
[ 64.085956][ T5067] generic_perform_write+0x31b/0x630
[ 64.091233][ T5067] ? generic_file_direct_write+0x3f0/0x3f0
[ 64.097026][ T5067] ? __mnt_drop_write_file+0xc2/0x100
[ 64.102391][ T5067] ? __generic_file_write_iter+0x101/0x230
[ 64.108188][ T5067] generic_file_write_iter+0xaf/0x310
[ 64.113551][ T5067] vfs_write+0x782/0xaf0
[ 64.117786][ T5067] ? file_end_write+0x250/0x250
[ 64.122627][ T5067] ? __asan_memset+0x23/0x40
[ 64.127213][ T5067] ? __fdget_pos+0x2c7/0x340
[ 64.131793][ T5067] ksys_write+0x1a0/0x2c0
[ 64.136113][ T5067] ? __ia32_sys_read+0x90/0x90
[ 64.140866][ T5067] ? rcu_is_watching+0x15/0xb0
[ 64.145618][ T5067] ? syscall_enter_from_user_mode+0x8c/0x230
[ 64.151591][ T5067] do_syscall_64+0x41/0xc0
[ 64.155997][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.161880][ T5067] RIP: 0033:0x7f368e8d11e9
[ 64.166282][ T5067] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 64.185873][ T5067] RSP: 002b:00007ffecc9460a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 64.194275][ T5067] RAX: ffffffffffffffda RBX: 00007ffecc9460d0 RCX: 00007f368e8d11e9
[ 64.202229][ T5067] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 64.210185][ T5067] RBP: 0000000000000001 R08: 00007ffecc945e47 R09: 00007ffecc9460f0
[ 64.218140][ T5067] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffecc9460cc
[ 64.226098][ T5067] R13: 0000000000000024 R14: 431bde82d7b634db R15: 00007ffecc946110
[ 64.234061][ T5067]
[ 64.237256][ T5067] Kernel Offset: disabled
[ 64.241562][ T5067] Rebooting in 86400 seconds..