./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4016062289
<...>
forked to background, child pid 4647
no interfaces have a carrier
[ 38.708521][ T4648] 8021q: adding VLAN 0 to HW filter on device bond0
[ 38.718351][ T4648] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.119' (ECDSA) to the list of known hosts.
execve("./syz-executor4016062289", ["./syz-executor4016062289"], 0x7ffdf659d320 /* 10 vars */) = 0
brk(NULL) = 0x55555663f000
brk(0x55555663fc40) = 0x55555663fc40
arch_prctl(ARCH_SET_FS, 0x55555663f300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor4016062289", 4096) = 28
brk(0x555556660c40) = 0x555556660c40
brk(0x555556661000) = 0x555556661000
mprotect(0x7f37076a6000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5073
mkdir("./syzkaller.Sks6LP", 0700) = 0
chmod("./syzkaller.Sks6LP", 0777) = 0
chdir("./syzkaller.Sks6LP") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5074
./strace-static-x86_64: Process 5074 attached
[pid 5074] chdir("./0") = 0
[pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5074] setpgid(0, 0) = 0
[pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5074] write(3, "1000", 4) = 4
[pid 5074] close(3) = 0
[pid 5074] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5074] memfd_create("syzkaller", 0) = 3
[pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5074] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5074] close(3) = 0
[pid 5074] mkdir("./file0", 0777) = 0
[pid 5074] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5074] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5074] chdir("./file0") = 0
[pid 5074] ioctl(4, LOOP_CLR_FD) = 0
[pid 5074] close(4) = 0
[pid 5074] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5074] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5074] write(5, "9", 1) = 1
syzkaller login: [ 59.639673][ T5074] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5074 'syz-executor401'
[ 59.659049][ T5074] loop0: detected capacity change from 0 to 64
[ 59.686924][ T5074] FAULT_INJECTION: forcing a failure.
[ 59.686924][ T5074] name failslab, interval 1, probability 0, space 0, times 1
[ 59.700539][ T5074] CPU: 0 PID: 5074 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 59.711001][ T5074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 59.721075][ T5074] Call Trace:
[ 59.724367][ T5074]
[ 59.727319][ T5074] dump_stack_lvl+0x1e7/0x2d0
[ 59.732070][ T5074] ? nf_tcp_handle_invalid+0x650/0x650
[ 59.737579][ T5074] ? panic+0x770/0x770
[ 59.741671][ T5074] ? rcu_is_watching+0x15/0xb0
[ 59.746457][ T5074] ? trace_contention_end+0x3c/0xf0
[ 59.751698][ T5074] should_fail_ex+0x3aa/0x4e0
[ 59.756399][ T5074] should_failslab+0x9/0x20
[ 59.760916][ T5074] slab_pre_alloc_hook+0x59/0x2b0
[ 59.766160][ T5074] ? hfs_find_init+0x90/0x1f0
[ 59.770938][ T5074] __kmem_cache_alloc_node+0x4b/0x290
[ 59.776364][ T5074] ? hfs_find_init+0x90/0x1f0
[ 59.781095][ T5074] __kmalloc+0xa8/0x230
[ 59.785276][ T5074] hfs_find_init+0x90/0x1f0
[ 59.789803][ T5074] hfs_extend_file+0x31b/0x1440
[ 59.794693][ T5074] ? hfs_get_block+0xb60/0xb60
[ 59.799493][ T5074] ? find_lock_entries+0x1100/0x1100
[ 59.804820][ T5074] ? clean_bdev_aliases+0x7f9/0x920
[ 59.810137][ T5074] hfs_get_block+0x3e4/0xb60
[ 59.814771][ T5074] ? hfs_free_extents+0x420/0x420
[ 59.819837][ T5074] ? create_page_buffers+0x24e/0x4c0
[ 59.825218][ T5074] __block_write_begin_int+0x548/0x1a50
[ 59.830807][ T5074] ? hfs_free_extents+0x420/0x420
[ 59.835917][ T5074] ? page_zero_new_buffers+0x660/0x660
[ 59.841435][ T5074] ? PageHeadHuge+0xa5/0x1d0
[ 59.846084][ T5074] ? hfs_free_extents+0x420/0x420
[ 59.851193][ T5074] block_write_begin+0x9c/0x1f0
[ 59.856096][ T5074] ? cont_write_begin+0x626/0x880
[ 59.861202][ T5074] cont_write_begin+0x643/0x880
[ 59.866100][ T5074] ? fault_in_readable+0x1cc/0x350
[ 59.871267][ T5074] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 59.877181][ T5074] ? fault_in_readable+0x20d/0x350
[ 59.882406][ T5074] ? fault_in_safe_writeable+0x260/0x260
[ 59.888059][ T5074] hfs_write_begin+0x8a/0xd0
[ 59.892670][ T5074] ? hfs_free_extents+0x420/0x420
[ 59.897816][ T5074] generic_perform_write+0x300/0x5e0
[ 59.903154][ T5074] ? generic_file_direct_write+0x460/0x460
[ 59.909014][ T5074] ? __file_remove_privs+0x640/0x640
[ 59.914342][ T5074] ? generic_write_checks+0x160/0x1c0
[ 59.919853][ T5074] __generic_file_write_iter+0x17a/0x400
[ 59.925513][ T5074] generic_file_write_iter+0xaf/0x310
[ 59.930912][ T5074] vfs_write+0x7b2/0xbb0
[ 59.935182][ T5074] ? file_end_write+0x250/0x250
[ 59.940058][ T5074] ? lockdep_hardirqs_on+0x98/0x140
[ 59.945376][ T5074] ? __fdget_pos+0x265/0x2f0
[ 59.949988][ T5074] ksys_write+0x1a0/0x2c0
[ 59.954339][ T5074] ? __ia32_sys_read+0x90/0x90
[ 59.959137][ T5074] ? syscall_enter_from_user_mode+0x32/0x260
[ 59.965152][ T5074] ? syscall_enter_from_user_mode+0x8c/0x260
[ 59.971148][ T5074] do_syscall_64+0x41/0xc0
[ 59.975601][ T5074] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 59.981510][ T5074] RIP: 0033:0x7f37076379e9
[ 59.985943][ T5074] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.005579][ T5074] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 60.014011][ T5074] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 60.022006][ T5074] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 60.030036][ T5074] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[pid 5074] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5074] exit_group(0) = ?
[pid 5074] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 60.038025][ T5074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 60.046022][ T5074] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000000
[ 60.054048][ T5074]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5076
./strace-static-x86_64: Process 5076 attached
[pid 5076] chdir("./1") = 0
[pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5076] setpgid(0, 0) = 0
[pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5076] write(3, "1000", 4) = 4
[pid 5076] close(3) = 0
[pid 5076] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5076] memfd_create("syzkaller", 0) = 3
[pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5076] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5076] close(3) = 0
[pid 5076] mkdir("./file0", 0777) = 0
[pid 5076] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5076] chdir("./file0") = 0
[pid 5076] ioctl(4, LOOP_CLR_FD) = 0
[pid 5076] close(4) = 0
[pid 5076] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5076] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5076] write(5, "9", 1) = 1
[ 60.114270][ T5076] loop0: detected capacity change from 0 to 64
[ 60.151528][ T5076] FAULT_INJECTION: forcing a failure.
[ 60.151528][ T5076] name failslab, interval 1, probability 0, space 0, times 0
[ 60.164764][ T5076] CPU: 0 PID: 5076 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 60.175208][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 60.185365][ T5076] Call Trace:
[ 60.188658][ T5076]
[ 60.191600][ T5076] dump_stack_lvl+0x1e7/0x2d0
[ 60.196303][ T5076] ? nf_tcp_handle_invalid+0x650/0x650
[ 60.201785][ T5076] ? panic+0x770/0x770
[ 60.205873][ T5076] ? rcu_is_watching+0x15/0xb0
[ 60.210654][ T5076] ? trace_contention_end+0x3c/0xf0
[ 60.215874][ T5076] should_fail_ex+0x3aa/0x4e0
[ 60.220581][ T5076] should_failslab+0x9/0x20
[ 60.225098][ T5076] slab_pre_alloc_hook+0x59/0x2b0
[ 60.230151][ T5076] ? hfs_find_init+0x90/0x1f0
[ 60.234842][ T5076] __kmem_cache_alloc_node+0x4b/0x290
[ 60.240270][ T5076] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 60.246094][ T5076] ? hfs_find_init+0x90/0x1f0
[ 60.250806][ T5076] __kmalloc+0xa8/0x230
[ 60.254986][ T5076] hfs_find_init+0x90/0x1f0
[ 60.259506][ T5076] hfs_extend_file+0x31b/0x1440
[ 60.264401][ T5076] ? hfs_get_block+0xb60/0xb60
[ 60.269182][ T5076] ? lru_cache_disable+0x30/0x30
[ 60.274137][ T5076] ? __might_sleep+0xc0/0xc0
[ 60.278763][ T5076] ? clean_bdev_aliases+0x80a/0x920
[ 60.283991][ T5076] hfs_get_block+0x3e4/0xb60
[ 60.288618][ T5076] ? hfs_free_extents+0x420/0x420
[ 60.293677][ T5076] ? create_page_buffers+0x24e/0x4c0
[ 60.299092][ T5076] __block_write_begin_int+0x548/0x1a50
[ 60.304680][ T5076] ? hfs_free_extents+0x420/0x420
[ 60.309726][ T5076] ? page_zero_new_buffers+0x660/0x660
[ 60.315207][ T5076] ? PageHeadHuge+0xa5/0x1d0
[ 60.319842][ T5076] ? hfs_free_extents+0x420/0x420
[ 60.324919][ T5076] block_write_begin+0x9c/0x1f0
[ 60.329806][ T5076] ? cont_write_begin+0x626/0x880
[ 60.334888][ T5076] cont_write_begin+0x643/0x880
[ 60.339781][ T5076] ? fault_in_readable+0x1cc/0x350
[ 60.345001][ T5076] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 60.350916][ T5076] ? fault_in_readable+0x20d/0x350
[ 60.356074][ T5076] ? fault_in_safe_writeable+0x260/0x260
[ 60.361728][ T5076] hfs_write_begin+0x8a/0xd0
[ 60.366333][ T5076] ? hfs_free_extents+0x420/0x420
[ 60.371378][ T5076] generic_perform_write+0x300/0x5e0
[ 60.376697][ T5076] ? generic_file_direct_write+0x460/0x460
[ 60.382519][ T5076] ? __file_remove_privs+0x640/0x640
[ 60.387829][ T5076] ? generic_write_checks+0x160/0x1c0
[ 60.393249][ T5076] __generic_file_write_iter+0x17a/0x400
[ 60.399018][ T5076] generic_file_write_iter+0xaf/0x310
[ 60.404417][ T5076] vfs_write+0x7b2/0xbb0
[ 60.408951][ T5076] ? file_end_write+0x250/0x250
[ 60.413831][ T5076] ? lockdep_hardirqs_on+0x98/0x140
[ 60.419053][ T5076] ? __fdget_pos+0x265/0x2f0
[ 60.423700][ T5076] ksys_write+0x1a0/0x2c0
[ 60.428058][ T5076] ? __ia32_sys_read+0x90/0x90
[ 60.432844][ T5076] ? syscall_enter_from_user_mode+0x32/0x260
[ 60.438844][ T5076] ? syscall_enter_from_user_mode+0x8c/0x260
[ 60.444926][ T5076] do_syscall_64+0x41/0xc0
[ 60.449365][ T5076] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.455277][ T5076] RIP: 0033:0x7f37076379e9
[ 60.459735][ T5076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.479443][ T5076] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 60.487871][ T5076] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 60.495858][ T5076] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 60.503843][ T5076] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[pid 5076] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5076] exit_group(0) = ?
[pid 5076] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5077
./strace-static-x86_64: Process 5077 attached
[pid 5077] chdir("./2") = 0
[pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5077] setpgid(0, 0) = 0
[pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5077] write(3, "1000", 4) = 4
[pid 5077] close(3) = 0
[ 60.511848][ T5076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 60.519857][ T5076] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000001
[ 60.527870][ T5076]
[pid 5077] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5077] memfd_create("syzkaller", 0) = 3
[pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5077] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5077] close(3) = 0
[pid 5077] mkdir("./file0", 0777) = 0
[pid 5077] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5077] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5077] chdir("./file0") = 0
[pid 5077] ioctl(4, LOOP_CLR_FD) = 0
[pid 5077] close(4) = 0
[pid 5077] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5077] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5077] write(5, "9", 1) = 1
[ 60.587699][ T5077] loop0: detected capacity change from 0 to 64
[ 60.607340][ T5077] FAULT_INJECTION: forcing a failure.
[ 60.607340][ T5077] name failslab, interval 1, probability 0, space 0, times 0
[ 60.620474][ T5077] CPU: 0 PID: 5077 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 60.630948][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 60.641031][ T5077] Call Trace:
[ 60.644328][ T5077]
[ 60.647270][ T5077] dump_stack_lvl+0x1e7/0x2d0
[ 60.652145][ T5077] ? nf_tcp_handle_invalid+0x650/0x650
[ 60.657621][ T5077] ? panic+0x770/0x770
[ 60.661702][ T5077] ? rcu_is_watching+0x15/0xb0
[ 60.666495][ T5077] ? trace_contention_end+0x3c/0xf0
[ 60.671809][ T5077] should_fail_ex+0x3aa/0x4e0
[ 60.676548][ T5077] should_failslab+0x9/0x20
[ 60.681090][ T5077] slab_pre_alloc_hook+0x59/0x2b0
[ 60.686163][ T5077] ? hfs_find_init+0x90/0x1f0
[ 60.690851][ T5077] __kmem_cache_alloc_node+0x4b/0x290
[ 60.696256][ T5077] ? hfs_find_init+0x90/0x1f0
[ 60.700945][ T5077] __kmalloc+0xa8/0x230
[ 60.705119][ T5077] hfs_find_init+0x90/0x1f0
[ 60.709652][ T5077] hfs_extend_file+0x31b/0x1440
[ 60.714528][ T5077] ? hfs_get_block+0xb60/0xb60
[ 60.719327][ T5077] ? find_lock_entries+0x1100/0x1100
[ 60.724659][ T5077] ? clean_bdev_aliases+0x7f9/0x920
[ 60.729881][ T5077] hfs_get_block+0x3e4/0xb60
[ 60.734501][ T5077] ? hfs_free_extents+0x420/0x420
[ 60.739603][ T5077] ? create_page_buffers+0x24e/0x4c0
[ 60.744972][ T5077] __block_write_begin_int+0x548/0x1a50
[ 60.750569][ T5077] ? hfs_free_extents+0x420/0x420
[ 60.755649][ T5077] ? page_zero_new_buffers+0x660/0x660
[ 60.761156][ T5077] ? PageHeadHuge+0xa5/0x1d0
[ 60.765784][ T5077] ? hfs_free_extents+0x420/0x420
[ 60.770854][ T5077] block_write_begin+0x9c/0x1f0
[ 60.775727][ T5077] ? cont_write_begin+0x626/0x880
[ 60.780792][ T5077] cont_write_begin+0x643/0x880
[ 60.785674][ T5077] ? fault_in_readable+0x1cc/0x350
[ 60.790804][ T5077] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 60.796717][ T5077] ? fault_in_readable+0x20d/0x350
[ 60.801867][ T5077] ? fault_in_safe_writeable+0x260/0x260
[ 60.807612][ T5077] hfs_write_begin+0x8a/0xd0
[ 60.812278][ T5077] ? hfs_free_extents+0x420/0x420
[ 60.817387][ T5077] generic_perform_write+0x300/0x5e0
[ 60.822704][ T5077] ? generic_file_direct_write+0x460/0x460
[ 60.828546][ T5077] ? __file_remove_privs+0x640/0x640
[ 60.833858][ T5077] ? generic_write_checks+0x160/0x1c0
[ 60.839288][ T5077] __generic_file_write_iter+0x17a/0x400
[ 60.845072][ T5077] generic_file_write_iter+0xaf/0x310
[ 60.850484][ T5077] vfs_write+0x7b2/0xbb0
[ 60.854781][ T5077] ? file_end_write+0x250/0x250
[ 60.859659][ T5077] ? lockdep_hardirqs_on+0x98/0x140
[ 60.864930][ T5077] ? __fdget_pos+0x265/0x2f0
[ 60.869578][ T5077] ksys_write+0x1a0/0x2c0
[ 60.873957][ T5077] ? __ia32_sys_read+0x90/0x90
[ 60.878740][ T5077] ? syscall_enter_from_user_mode+0x32/0x260
[ 60.884733][ T5077] ? syscall_enter_from_user_mode+0x8c/0x260
[ 60.890749][ T5077] do_syscall_64+0x41/0xc0
[ 60.895224][ T5077] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.901153][ T5077] RIP: 0033:0x7f37076379e9
[ 60.905595][ T5077] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.925237][ T5077] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5077] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5077] exit_group(0) = ?
[pid 5077] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
[ 60.933699][ T5077] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 60.941708][ T5077] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 60.949705][ T5077] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 60.957708][ T5077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 60.965710][ T5077] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000002
[ 60.973732][ T5077]
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5078
./strace-static-x86_64: Process 5078 attached
[pid 5078] chdir("./3") = 0
[pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5078] setpgid(0, 0) = 0
[pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "1000", 4) = 4
[pid 5078] close(3) = 0
[pid 5078] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5078] memfd_create("syzkaller", 0) = 3
[pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5078] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5078] close(3) = 0
[pid 5078] mkdir("./file0", 0777) = 0
[pid 5078] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5078] chdir("./file0") = 0
[pid 5078] ioctl(4, LOOP_CLR_FD) = 0
[pid 5078] close(4) = 0
[pid 5078] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5078] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5078] write(5, "9", 1) = 1
[ 61.044544][ T5078] loop0: detected capacity change from 0 to 64
[ 61.075233][ T5078] FAULT_INJECTION: forcing a failure.
[ 61.075233][ T5078] name failslab, interval 1, probability 0, space 0, times 0
[ 61.088324][ T5078] CPU: 0 PID: 5078 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 61.098774][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 61.108862][ T5078] Call Trace:
[ 61.112162][ T5078]
[ 61.115124][ T5078] dump_stack_lvl+0x1e7/0x2d0
[ 61.119845][ T5078] ? nf_tcp_handle_invalid+0x650/0x650
[ 61.125370][ T5078] ? panic+0x770/0x770
[ 61.129493][ T5078] ? rcu_is_watching+0x15/0xb0
[ 61.134323][ T5078] ? trace_contention_end+0x3c/0xf0
[ 61.139553][ T5078] should_fail_ex+0x3aa/0x4e0
[ 61.144383][ T5078] should_failslab+0x9/0x20
[ 61.148938][ T5078] slab_pre_alloc_hook+0x59/0x2b0
[ 61.154008][ T5078] ? hfs_find_init+0x90/0x1f0
[ 61.158696][ T5078] __kmem_cache_alloc_node+0x4b/0x290
[ 61.164092][ T5078] ? hfs_find_init+0x90/0x1f0
[ 61.168781][ T5078] __kmalloc+0xa8/0x230
[ 61.172957][ T5078] hfs_find_init+0x90/0x1f0
[ 61.177475][ T5078] hfs_extend_file+0x31b/0x1440
[ 61.182347][ T5078] ? hfs_get_block+0xb60/0xb60
[ 61.187129][ T5078] ? find_lock_entries+0x1100/0x1100
[ 61.192440][ T5078] ? clean_bdev_aliases+0x7f9/0x920
[ 61.197666][ T5078] hfs_get_block+0x3e4/0xb60
[ 61.202288][ T5078] ? hfs_free_extents+0x420/0x420
[ 61.207343][ T5078] ? create_page_buffers+0x24e/0x4c0
[ 61.212653][ T5078] __block_write_begin_int+0x548/0x1a50
[ 61.218251][ T5078] ? hfs_free_extents+0x420/0x420
[ 61.223291][ T5078] ? page_zero_new_buffers+0x660/0x660
[ 61.228782][ T5078] ? PageHeadHuge+0xa5/0x1d0
[ 61.233397][ T5078] ? hfs_free_extents+0x420/0x420
[ 61.238433][ T5078] block_write_begin+0x9c/0x1f0
[ 61.243316][ T5078] ? cont_write_begin+0x626/0x880
[ 61.248385][ T5078] cont_write_begin+0x643/0x880
[ 61.253264][ T5078] ? fault_in_readable+0x1cc/0x350
[ 61.258393][ T5078] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 61.264322][ T5078] ? fault_in_readable+0x20d/0x350
[ 61.269451][ T5078] ? fault_in_safe_writeable+0x260/0x260
[ 61.275111][ T5078] hfs_write_begin+0x8a/0xd0
[ 61.279722][ T5078] ? hfs_free_extents+0x420/0x420
[ 61.284809][ T5078] generic_perform_write+0x300/0x5e0
[ 61.290123][ T5078] ? generic_file_direct_write+0x460/0x460
[ 61.295952][ T5078] ? __file_remove_privs+0x640/0x640
[ 61.301259][ T5078] ? generic_write_checks+0x160/0x1c0
[ 61.306647][ T5078] __generic_file_write_iter+0x17a/0x400
[ 61.312303][ T5078] generic_file_write_iter+0xaf/0x310
[ 61.317695][ T5078] vfs_write+0x7b2/0xbb0
[ 61.321966][ T5078] ? file_end_write+0x250/0x250
[ 61.326934][ T5078] ? lockdep_hardirqs_on+0x98/0x140
[ 61.332149][ T5078] ? __fdget_pos+0x265/0x2f0
[ 61.336761][ T5078] ksys_write+0x1a0/0x2c0
[ 61.341113][ T5078] ? __ia32_sys_read+0x90/0x90
[ 61.345928][ T5078] ? syscall_enter_from_user_mode+0x32/0x260
[ 61.351953][ T5078] ? syscall_enter_from_user_mode+0x8c/0x260
[ 61.357972][ T5078] do_syscall_64+0x41/0xc0
[ 61.362427][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.368366][ T5078] RIP: 0033:0x7f37076379e9
[ 61.372799][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5078] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5078] exit_group(0) = ?
[pid 5078] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
[ 61.392417][ T5078] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 61.400846][ T5078] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 61.408826][ T5078] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 61.416805][ T5078] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 61.424801][ T5078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 61.432790][ T5078] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000003
[ 61.440792][ T5078]
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5079
./strace-static-x86_64: Process 5079 attached
[pid 5079] chdir("./4") = 0
[pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5079] setpgid(0, 0) = 0
[pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5079] write(3, "1000", 4) = 4
[pid 5079] close(3) = 0
[pid 5079] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5079] memfd_create("syzkaller", 0) = 3
[pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5079] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5079] close(3) = 0
[pid 5079] mkdir("./file0", 0777) = 0
[pid 5079] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5079] chdir("./file0") = 0
[pid 5079] ioctl(4, LOOP_CLR_FD) = 0
[pid 5079] close(4) = 0
[pid 5079] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5079] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5079] write(5, "9", 1) = 1
[ 61.495450][ T5079] loop0: detected capacity change from 0 to 64
[ 61.522971][ T5079] FAULT_INJECTION: forcing a failure.
[ 61.522971][ T5079] name failslab, interval 1, probability 0, space 0, times 0
[ 61.536119][ T5079] CPU: 0 PID: 5079 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 61.546580][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 61.556677][ T5079] Call Trace:
[ 61.559997][ T5079]
[ 61.562939][ T5079] dump_stack_lvl+0x1e7/0x2d0
[ 61.567658][ T5079] ? nf_tcp_handle_invalid+0x650/0x650
[ 61.573168][ T5079] ? panic+0x770/0x770
[ 61.577361][ T5079] ? rcu_is_watching+0x15/0xb0
[ 61.582139][ T5079] ? trace_contention_end+0x3c/0xf0
[ 61.587371][ T5079] should_fail_ex+0x3aa/0x4e0
[ 61.592099][ T5079] should_failslab+0x9/0x20
[ 61.596612][ T5079] slab_pre_alloc_hook+0x59/0x2b0
[ 61.601662][ T5079] ? hfs_find_init+0x90/0x1f0
[ 61.606353][ T5079] __kmem_cache_alloc_node+0x4b/0x290
[ 61.611871][ T5079] ? hfs_find_init+0x90/0x1f0
[ 61.616564][ T5079] __kmalloc+0xa8/0x230
[ 61.620783][ T5079] hfs_find_init+0x90/0x1f0
[ 61.625302][ T5079] hfs_extend_file+0x31b/0x1440
[ 61.630174][ T5079] ? hfs_get_block+0xb60/0xb60
[ 61.635067][ T5079] ? find_lock_entries+0x1100/0x1100
[ 61.640417][ T5079] ? clean_bdev_aliases+0x7f9/0x920
[ 61.645665][ T5079] hfs_get_block+0x3e4/0xb60
[ 61.650281][ T5079] ? hfs_free_extents+0x420/0x420
[ 61.655339][ T5079] ? create_page_buffers+0x24e/0x4c0
[ 61.660682][ T5079] __block_write_begin_int+0x548/0x1a50
[ 61.666299][ T5079] ? hfs_free_extents+0x420/0x420
[ 61.671354][ T5079] ? page_zero_new_buffers+0x660/0x660
[ 61.676844][ T5079] ? PageHeadHuge+0xa5/0x1d0
[ 61.681474][ T5079] ? hfs_free_extents+0x420/0x420
[ 61.686520][ T5079] block_write_begin+0x9c/0x1f0
[ 61.691409][ T5079] ? cont_write_begin+0x626/0x880
[ 61.696465][ T5079] cont_write_begin+0x643/0x880
[ 61.701383][ T5079] ? fault_in_readable+0x1cc/0x350
[ 61.706538][ T5079] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 61.712478][ T5079] ? fault_in_readable+0x20d/0x350
[ 61.717610][ T5079] ? fault_in_safe_writeable+0x260/0x260
[ 61.723270][ T5079] hfs_write_begin+0x8a/0xd0
[ 61.727884][ T5079] ? hfs_free_extents+0x420/0x420
[ 61.733750][ T5079] generic_perform_write+0x300/0x5e0
[ 61.739085][ T5079] ? generic_file_direct_write+0x460/0x460
[ 61.744993][ T5079] ? __file_remove_privs+0x640/0x640
[ 61.750297][ T5079] ? generic_write_checks+0x160/0x1c0
[ 61.755682][ T5079] __generic_file_write_iter+0x17a/0x400
[ 61.761345][ T5079] generic_file_write_iter+0xaf/0x310
[ 61.766753][ T5079] vfs_write+0x7b2/0xbb0
[ 61.771057][ T5079] ? file_end_write+0x250/0x250
[ 61.776072][ T5079] ? lockdep_hardirqs_on+0x98/0x140
[ 61.781301][ T5079] ? __fdget_pos+0x265/0x2f0
[ 61.786029][ T5079] ksys_write+0x1a0/0x2c0
[ 61.790388][ T5079] ? __ia32_sys_read+0x90/0x90
[ 61.795176][ T5079] ? syscall_enter_from_user_mode+0x32/0x260
[ 61.801202][ T5079] ? syscall_enter_from_user_mode+0x8c/0x260
[ 61.807321][ T5079] do_syscall_64+0x41/0xc0
[ 61.811783][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.817731][ T5079] RIP: 0033:0x7f37076379e9
[ 61.822162][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5079] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5079] exit_group(0) = ?
[pid 5079] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5080
./strace-static-x86_64: Process 5080 attached
[pid 5080] chdir("./5") = 0
[ 61.841799][ T5079] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 61.850325][ T5079] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 61.858420][ T5079] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 61.866401][ T5079] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 61.874384][ T5079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 61.882375][ T5079] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000004
[ 61.890394][ T5079]
[pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5080] setpgid(0, 0) = 0
[pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5080] write(3, "1000", 4) = 4
[pid 5080] close(3) = 0
[pid 5080] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5080] memfd_create("syzkaller", 0) = 3
[pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5080] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5080] close(3) = 0
[pid 5080] mkdir("./file0", 0777) = 0
[pid 5080] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5080] chdir("./file0") = 0
[pid 5080] ioctl(4, LOOP_CLR_FD) = 0
[pid 5080] close(4) = 0
[pid 5080] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5080] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5080] write(5, "9", 1) = 1
[pid 5080] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5080] exit_group(0) = ?
[pid 5080] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
[ 61.945326][ T5080] loop0: detected capacity change from 0 to 64
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5081
./strace-static-x86_64: Process 5081 attached
[pid 5081] chdir("./6") = 0
[pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5081] setpgid(0, 0) = 0
[pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5081] write(3, "1000", 4) = 4
[pid 5081] close(3) = 0
[pid 5081] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5081] memfd_create("syzkaller", 0) = 3
[pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5081] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5081] close(3) = 0
[pid 5081] mkdir("./file0", 0777) = 0
[pid 5081] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5081] chdir("./file0") = 0
[pid 5081] ioctl(4, LOOP_CLR_FD) = 0
[pid 5081] close(4) = 0
[pid 5081] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5081] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5081] write(5, "9", 1) = 1
[pid 5081] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5081] exit_group(0) = ?
[pid 5081] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs") = 0
[ 62.053266][ T5081] loop0: detected capacity change from 0 to 64
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached
[pid 5082] chdir("./7"
[pid 5073] <... clone resumed>, child_tidptr=0x55555663f5d0) = 5082
[pid 5082] <... chdir resumed>) = 0
[pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5082] setpgid(0, 0) = 0
[pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5082] write(3, "1000", 4) = 4
[pid 5082] close(3) = 0
[pid 5082] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5082] memfd_create("syzkaller", 0) = 3
[pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5082] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5082] close(3) = 0
[pid 5082] mkdir("./file0", 0777) = 0
[pid 5082] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5082] chdir("./file0") = 0
[pid 5082] ioctl(4, LOOP_CLR_FD) = 0
[pid 5082] close(4) = 0
[pid 5082] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5082] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5082] write(5, "9", 1) = 1
[ 62.145902][ T5082] loop0: detected capacity change from 0 to 64
[ 62.182015][ T5082] FAULT_INJECTION: forcing a failure.
[ 62.182015][ T5082] name failslab, interval 1, probability 0, space 0, times 0
[ 62.194881][ T5082] CPU: 0 PID: 5082 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 62.205331][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 62.215410][ T5082] Call Trace:
[ 62.218724][ T5082]
[ 62.221665][ T5082] dump_stack_lvl+0x1e7/0x2d0
[ 62.226369][ T5082] ? nf_tcp_handle_invalid+0x650/0x650
[ 62.231848][ T5082] ? panic+0x770/0x770
[ 62.235936][ T5082] ? rcu_is_watching+0x15/0xb0
[ 62.240831][ T5082] ? trace_contention_end+0x3c/0xf0
[ 62.246051][ T5082] should_fail_ex+0x3aa/0x4e0
[ 62.250751][ T5082] should_failslab+0x9/0x20
[ 62.255267][ T5082] slab_pre_alloc_hook+0x59/0x2b0
[ 62.260320][ T5082] ? hfs_find_init+0x90/0x1f0
[ 62.265005][ T5082] __kmem_cache_alloc_node+0x4b/0x290
[ 62.270396][ T5082] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 62.276222][ T5082] ? hfs_find_init+0x90/0x1f0
[ 62.280914][ T5082] __kmalloc+0xa8/0x230
[ 62.285091][ T5082] hfs_find_init+0x90/0x1f0
[ 62.289608][ T5082] hfs_extend_file+0x31b/0x1440
[ 62.294484][ T5082] ? hfs_get_block+0xb60/0xb60
[ 62.299264][ T5082] ? lru_cache_disable+0x30/0x30
[ 62.304218][ T5082] ? __might_sleep+0xc0/0xc0
[ 62.308840][ T5082] ? clean_bdev_aliases+0x80a/0x920
[ 62.314068][ T5082] hfs_get_block+0x3e4/0xb60
[ 62.318685][ T5082] ? hfs_free_extents+0x420/0x420
[ 62.323729][ T5082] ? create_page_buffers+0x24e/0x4c0
[ 62.329036][ T5082] __block_write_begin_int+0x548/0x1a50
[ 62.334621][ T5082] ? hfs_free_extents+0x420/0x420
[ 62.339660][ T5082] ? page_zero_new_buffers+0x660/0x660
[ 62.345140][ T5082] ? PageHeadHuge+0xa5/0x1d0
[ 62.349757][ T5082] ? hfs_free_extents+0x420/0x420
[ 62.354802][ T5082] block_write_begin+0x9c/0x1f0
[ 62.359672][ T5082] ? cont_write_begin+0x626/0x880
[ 62.364721][ T5082] cont_write_begin+0x643/0x880
[ 62.369606][ T5082] ? fault_in_readable+0x1cc/0x350
[ 62.374729][ T5082] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 62.380644][ T5082] ? fault_in_readable+0x20d/0x350
[ 62.385772][ T5082] ? fault_in_safe_writeable+0x260/0x260
[ 62.391431][ T5082] hfs_write_begin+0x8a/0xd0
[ 62.396035][ T5082] ? hfs_free_extents+0x420/0x420
[ 62.401088][ T5082] generic_perform_write+0x300/0x5e0
[ 62.406413][ T5082] ? generic_file_direct_write+0x460/0x460
[ 62.412237][ T5082] ? __file_remove_privs+0x640/0x640
[ 62.417540][ T5082] ? generic_write_checks+0x160/0x1c0
[ 62.422936][ T5082] __generic_file_write_iter+0x17a/0x400
[ 62.428590][ T5082] generic_file_write_iter+0xaf/0x310
[ 62.434094][ T5082] vfs_write+0x7b2/0xbb0
[ 62.438389][ T5082] ? file_end_write+0x250/0x250
[ 62.443275][ T5082] ? lockdep_hardirqs_on+0x98/0x140
[ 62.448496][ T5082] ? __fdget_pos+0x265/0x2f0
[ 62.453110][ T5082] ksys_write+0x1a0/0x2c0
[ 62.457467][ T5082] ? __ia32_sys_read+0x90/0x90
[ 62.462249][ T5082] ? syscall_enter_from_user_mode+0x32/0x260
[ 62.468244][ T5082] ? syscall_enter_from_user_mode+0x8c/0x260
[ 62.474244][ T5082] do_syscall_64+0x41/0xc0
[ 62.478684][ T5082] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.484680][ T5082] RIP: 0033:0x7f37076379e9
[ 62.489107][ T5082] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 62.508918][ T5082] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 62.517368][ T5082] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 62.525900][ T5082] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 62.533902][ T5082] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[pid 5082] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5082] exit_group(0) = ?
[pid 5082] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5083
./strace-static-x86_64: Process 5083 attached
[pid 5083] chdir("./8") = 0
[pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5083] setpgid(0, 0) = 0
[ 62.541896][ T5082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 62.549882][ T5082] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000007
[ 62.557905][ T5082]
[pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "1000", 4) = 4
[pid 5083] close(3) = 0
[pid 5083] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5083] memfd_create("syzkaller", 0) = 3
[pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5083] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5083] close(3) = 0
[pid 5083] mkdir("./file0", 0777) = 0
[pid 5083] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5083] chdir("./file0") = 0
[pid 5083] ioctl(4, LOOP_CLR_FD) = 0
[pid 5083] close(4) = 0
[pid 5083] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5083] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5083] write(5, "9", 1) = 1
[pid 5083] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5083] exit_group(0) = ?
[pid 5083] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./8/binderfs") = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
[ 62.617979][ T5083] loop0: detected capacity change from 0 to 64
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5084
./strace-static-x86_64: Process 5084 attached
[pid 5084] chdir("./9") = 0
[pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5084] setpgid(0, 0) = 0
[pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5084] write(3, "1000", 4) = 4
[pid 5084] close(3) = 0
[pid 5084] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5084] memfd_create("syzkaller", 0) = 3
[pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5084] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5084] close(3) = 0
[pid 5084] mkdir("./file0", 0777) = 0
[pid 5084] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5084] chdir("./file0") = 0
[pid 5084] ioctl(4, LOOP_CLR_FD) = 0
[pid 5084] close(4) = 0
[pid 5084] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5084] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5084] write(5, "9", 1) = 1
[ 62.699329][ T5084] loop0: detected capacity change from 0 to 64
[ 62.702533][ T5075] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 62.731805][ T5084] FAULT_INJECTION: forcing a failure.
[ 62.731805][ T5084] name failslab, interval 1, probability 0, space 0, times 0
[ 62.745237][ T5084] CPU: 0 PID: 5084 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 62.755674][ T5084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 62.765757][ T5084] Call Trace:
[ 62.769046][ T5084]
[ 62.771981][ T5084] dump_stack_lvl+0x1e7/0x2d0
[ 62.776676][ T5084] ? nf_tcp_handle_invalid+0x650/0x650
[ 62.782147][ T5084] ? panic+0x770/0x770
[ 62.786314][ T5084] ? rcu_is_watching+0x15/0xb0
[ 62.791274][ T5084] ? trace_contention_end+0x3c/0xf0
[ 62.796498][ T5084] should_fail_ex+0x3aa/0x4e0
[ 62.801196][ T5084] should_failslab+0x9/0x20
[ 62.805805][ T5084] slab_pre_alloc_hook+0x59/0x2b0
[ 62.810866][ T5084] ? hfs_find_init+0x90/0x1f0
[ 62.815568][ T5084] __kmem_cache_alloc_node+0x4b/0x290
[ 62.820955][ T5084] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 62.826865][ T5084] ? hfs_find_init+0x90/0x1f0
[ 62.831545][ T5084] __kmalloc+0xa8/0x230
[ 62.835711][ T5084] hfs_find_init+0x90/0x1f0
[ 62.840220][ T5084] hfs_extend_file+0x31b/0x1440
[ 62.845085][ T5084] ? hfs_get_block+0xb60/0xb60
[ 62.849866][ T5084] ? lru_cache_disable+0x30/0x30
[ 62.854824][ T5084] ? __might_sleep+0xc0/0xc0
[ 62.859468][ T5084] ? clean_bdev_aliases+0x80a/0x920
[ 62.864697][ T5084] hfs_get_block+0x3e4/0xb60
[ 62.869306][ T5084] ? hfs_free_extents+0x420/0x420
[ 62.874341][ T5084] ? create_page_buffers+0x24e/0x4c0
[ 62.879906][ T5084] __block_write_begin_int+0x548/0x1a50
[ 62.885495][ T5084] ? hfs_free_extents+0x420/0x420
[ 62.890542][ T5084] ? page_zero_new_buffers+0x660/0x660
[ 62.896294][ T5084] ? PageHeadHuge+0xa5/0x1d0
[ 62.900899][ T5084] ? hfs_free_extents+0x420/0x420
[ 62.905952][ T5084] block_write_begin+0x9c/0x1f0
[ 62.910832][ T5084] ? cont_write_begin+0x626/0x880
[ 62.915866][ T5084] cont_write_begin+0x643/0x880
[ 62.920761][ T5084] ? fault_in_readable+0x1cc/0x350
[ 62.925875][ T5084] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 62.931783][ T5084] ? fault_in_readable+0x20d/0x350
[ 62.936899][ T5084] ? fault_in_safe_writeable+0x260/0x260
[ 62.942547][ T5084] hfs_write_begin+0x8a/0xd0
[ 62.947236][ T5084] ? hfs_free_extents+0x420/0x420
[ 62.952271][ T5084] generic_perform_write+0x300/0x5e0
[ 62.957595][ T5084] ? generic_file_direct_write+0x460/0x460
[ 62.963405][ T5084] ? __file_remove_privs+0x640/0x640
[ 62.968698][ T5084] ? generic_write_checks+0x160/0x1c0
[ 62.974251][ T5084] __generic_file_write_iter+0x17a/0x400
[ 62.979896][ T5084] generic_file_write_iter+0xaf/0x310
[ 62.985283][ T5084] vfs_write+0x7b2/0xbb0
[ 62.989542][ T5084] ? file_end_write+0x250/0x250
[ 62.994409][ T5084] ? lockdep_hardirqs_on+0x98/0x140
[ 62.999637][ T5084] ? __fdget_pos+0x265/0x2f0
[ 63.004241][ T5084] ksys_write+0x1a0/0x2c0
[ 63.008602][ T5084] ? __ia32_sys_read+0x90/0x90
[ 63.013374][ T5084] ? syscall_enter_from_user_mode+0x32/0x260
[ 63.019366][ T5084] ? syscall_enter_from_user_mode+0x8c/0x260
[ 63.025354][ T5084] do_syscall_64+0x41/0xc0
[ 63.029788][ T5084] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.035694][ T5084] RIP: 0033:0x7f37076379e9
[ 63.040120][ T5084] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.059996][ T5084] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 63.068429][ T5084] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 63.076420][ T5084] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 63.084399][ T5084] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 63.092374][ T5084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5084] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5084] exit_group(0) = ?
[pid 5084] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs") = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5085
./strace-static-x86_64: Process 5085 attached
[pid 5085] chdir("./10") = 0
[pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5085] setpgid(0, 0) = 0
[pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5085] write(3, "1000", 4) = 4
[pid 5085] close(3) = 0
[pid 5085] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5085] memfd_create("syzkaller", 0) = 3
[pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5085] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 63.100359][ T5084] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000009
[ 63.108353][ T5084]
[pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5085] close(3) = 0
[pid 5085] mkdir("./file0", 0777) = 0
[pid 5085] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5085] chdir("./file0") = 0
[pid 5085] ioctl(4, LOOP_CLR_FD) = 0
[pid 5085] close(4) = 0
[pid 5085] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5085] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5085] write(5, "9", 1) = 1
[pid 5085] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5085] exit_group(0) = ?
[pid 5085] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./10/binderfs") = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 63.161179][ T5085] loop0: detected capacity change from 0 to 64
[ 63.164067][ T5075] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached
[pid 5086] chdir("./11") = 0
[pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5086] setpgid(0, 0) = 0
[pid 5073] <... clone resumed>, child_tidptr=0x55555663f5d0) = 5086
[pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5086] write(3, "1000", 4) = 4
[pid 5086] close(3) = 0
[pid 5086] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5086] memfd_create("syzkaller", 0) = 3
[pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5086] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5086] close(3) = 0
[pid 5086] mkdir("./file0", 0777) = 0
[pid 5086] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5086] chdir("./file0") = 0
[pid 5086] ioctl(4, LOOP_CLR_FD) = 0
[pid 5086] close(4) = 0
[pid 5086] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5086] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5086] write(5, "9", 1) = 1
[ 63.259413][ T5086] loop0: detected capacity change from 0 to 64
[ 63.280670][ T5086] FAULT_INJECTION: forcing a failure.
[ 63.280670][ T5086] name failslab, interval 1, probability 0, space 0, times 0
[ 63.293568][ T5086] CPU: 0 PID: 5086 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 63.304218][ T5086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 63.314393][ T5086] Call Trace:
[ 63.317690][ T5086]
[ 63.320632][ T5086] dump_stack_lvl+0x1e7/0x2d0
[ 63.325341][ T5086] ? nf_tcp_handle_invalid+0x650/0x650
[ 63.330827][ T5086] ? panic+0x770/0x770
[ 63.334911][ T5086] ? rcu_is_watching+0x15/0xb0
[ 63.339697][ T5086] ? trace_contention_end+0x3c/0xf0
[ 63.344923][ T5086] should_fail_ex+0x3aa/0x4e0
[ 63.349635][ T5086] should_failslab+0x9/0x20
[ 63.354159][ T5086] slab_pre_alloc_hook+0x59/0x2b0
[ 63.359237][ T5086] ? hfs_find_init+0x90/0x1f0
[ 63.363929][ T5086] __kmem_cache_alloc_node+0x4b/0x290
[ 63.369345][ T5086] ? hfs_find_init+0x90/0x1f0
[ 63.374035][ T5086] __kmalloc+0xa8/0x230
[ 63.378211][ T5086] hfs_find_init+0x90/0x1f0
[ 63.382730][ T5086] hfs_extend_file+0x31b/0x1440
[ 63.387606][ T5086] ? hfs_get_block+0xb60/0xb60
[ 63.392391][ T5086] ? find_lock_entries+0x1100/0x1100
[ 63.397710][ T5086] ? clean_bdev_aliases+0x7f9/0x920
[ 63.402932][ T5086] hfs_get_block+0x3e4/0xb60
[ 63.407550][ T5086] ? hfs_free_extents+0x420/0x420
[ 63.412598][ T5086] ? create_page_buffers+0x24e/0x4c0
[ 63.417916][ T5086] __block_write_begin_int+0x548/0x1a50
[ 63.423529][ T5086] ? hfs_free_extents+0x420/0x420
[ 63.428565][ T5086] ? page_zero_new_buffers+0x660/0x660
[ 63.434048][ T5086] ? PageHeadHuge+0xa5/0x1d0
[ 63.438666][ T5086] ? hfs_free_extents+0x420/0x420
[ 63.443706][ T5086] block_write_begin+0x9c/0x1f0
[ 63.448577][ T5086] ? cont_write_begin+0x626/0x880
[ 63.453627][ T5086] cont_write_begin+0x643/0x880
[ 63.458507][ T5086] ? fault_in_readable+0x1cc/0x350
[ 63.463633][ T5086] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 63.469549][ T5086] ? fault_in_readable+0x20d/0x350
[ 63.474677][ T5086] ? fault_in_safe_writeable+0x260/0x260
[ 63.480418][ T5086] hfs_write_begin+0x8a/0xd0
[ 63.485025][ T5086] ? hfs_free_extents+0x420/0x420
[ 63.490156][ T5086] generic_perform_write+0x300/0x5e0
[ 63.495558][ T5086] ? generic_file_direct_write+0x460/0x460
[ 63.501383][ T5086] ? __file_remove_privs+0x640/0x640
[ 63.506775][ T5086] ? generic_write_checks+0x160/0x1c0
[ 63.512165][ T5086] __generic_file_write_iter+0x17a/0x400
[ 63.517844][ T5086] generic_file_write_iter+0xaf/0x310
[ 63.523259][ T5086] vfs_write+0x7b2/0xbb0
[ 63.527542][ T5086] ? file_end_write+0x250/0x250
[ 63.532427][ T5086] ? lockdep_hardirqs_on+0x98/0x140
[ 63.537649][ T5086] ? __fdget_pos+0x265/0x2f0
[ 63.542264][ T5086] ksys_write+0x1a0/0x2c0
[ 63.546621][ T5086] ? __ia32_sys_read+0x90/0x90
[ 63.551433][ T5086] ? syscall_enter_from_user_mode+0x32/0x260
[ 63.557458][ T5086] ? syscall_enter_from_user_mode+0x8c/0x260
[ 63.563462][ T5086] do_syscall_64+0x41/0xc0
[ 63.567991][ T5086] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.573912][ T5086] RIP: 0033:0x7f37076379e9
[ 63.578358][ T5086] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.597976][ T5086] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5086] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5086] exit_group(0) = ?
[pid 5086] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./11/binderfs") = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5087
./strace-static-x86_64: Process 5087 attached
[pid 5087] chdir("./12") = 0
[pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5087] setpgid(0, 0) = 0
[pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5087] write(3, "1000", 4) = 4
[pid 5087] close(3) = 0
[pid 5087] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5087] memfd_create("syzkaller", 0) = 3
[pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5087] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 63.606420][ T5086] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 63.614406][ T5086] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 63.622390][ T5086] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 63.630461][ T5086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 63.638466][ T5086] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 000000000000000b
[ 63.646469][ T5086]
[pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5087] close(3) = 0
[pid 5087] mkdir("./file0", 0777) = 0
[pid 5087] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5087] chdir("./file0") = 0
[pid 5087] ioctl(4, LOOP_CLR_FD) = 0
[pid 5087] close(4) = 0
[pid 5087] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5087] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5087] write(5, "9", 1) = 1
[ 63.689479][ T5087] loop0: detected capacity change from 0 to 64
[ 63.713733][ T5087] FAULT_INJECTION: forcing a failure.
[ 63.713733][ T5087] name failslab, interval 1, probability 0, space 0, times 0
[ 63.726913][ T5087] CPU: 0 PID: 5087 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 63.737368][ T5087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 63.747536][ T5087] Call Trace:
[ 63.750941][ T5087]
[ 63.753913][ T5087] dump_stack_lvl+0x1e7/0x2d0
[ 63.758625][ T5087] ? nf_tcp_handle_invalid+0x650/0x650
[ 63.764375][ T5087] ? panic+0x770/0x770
[ 63.768479][ T5087] ? rcu_is_watching+0x15/0xb0
[ 63.773264][ T5087] ? trace_contention_end+0x3c/0xf0
[ 63.778484][ T5087] should_fail_ex+0x3aa/0x4e0
[ 63.783212][ T5087] should_failslab+0x9/0x20
[ 63.787738][ T5087] slab_pre_alloc_hook+0x59/0x2b0
[ 63.792801][ T5087] ? hfs_find_init+0x90/0x1f0
[ 63.797498][ T5087] __kmem_cache_alloc_node+0x4b/0x290
[ 63.802911][ T5087] ? hfs_find_init+0x90/0x1f0
[ 63.808821][ T5087] __kmalloc+0xa8/0x230
[ 63.813002][ T5087] hfs_find_init+0x90/0x1f0
[ 63.817528][ T5087] hfs_extend_file+0x31b/0x1440
[ 63.822420][ T5087] ? hfs_get_block+0xb60/0xb60
[ 63.827256][ T5087] ? find_lock_entries+0x1100/0x1100
[ 63.832594][ T5087] ? clean_bdev_aliases+0x7f9/0x920
[ 63.837852][ T5087] hfs_get_block+0x3e4/0xb60
[ 63.842514][ T5087] ? hfs_free_extents+0x420/0x420
[ 63.847602][ T5087] ? create_page_buffers+0x24e/0x4c0
[ 63.853060][ T5087] __block_write_begin_int+0x548/0x1a50
[ 63.858699][ T5087] ? hfs_free_extents+0x420/0x420
[ 63.863764][ T5087] ? page_zero_new_buffers+0x660/0x660
[ 63.869255][ T5087] ? PageHeadHuge+0xa5/0x1d0
[ 63.873876][ T5087] ? hfs_free_extents+0x420/0x420
[ 63.878941][ T5087] block_write_begin+0x9c/0x1f0
[ 63.883930][ T5087] ? cont_write_begin+0x626/0x880
[ 63.888986][ T5087] cont_write_begin+0x643/0x880
[ 63.893883][ T5087] ? fault_in_readable+0x1cc/0x350
[ 63.899045][ T5087] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 63.904955][ T5087] ? fault_in_readable+0x20d/0x350
[ 63.910080][ T5087] ? fault_in_safe_writeable+0x260/0x260
[ 63.915751][ T5087] hfs_write_begin+0x8a/0xd0
[ 63.920352][ T5087] ? hfs_free_extents+0x420/0x420
[ 63.925405][ T5087] generic_perform_write+0x300/0x5e0
[ 63.930745][ T5087] ? generic_file_direct_write+0x460/0x460
[ 63.936615][ T5087] ? __file_remove_privs+0x640/0x640
[ 63.941959][ T5087] ? generic_write_checks+0x160/0x1c0
[ 63.947347][ T5087] __generic_file_write_iter+0x17a/0x400
[ 63.953014][ T5087] generic_file_write_iter+0xaf/0x310
[ 63.958515][ T5087] vfs_write+0x7b2/0xbb0
[ 63.962792][ T5087] ? file_end_write+0x250/0x250
[ 63.967685][ T5087] ? lockdep_hardirqs_on+0x98/0x140
[ 63.972929][ T5087] ? __fdget_pos+0x265/0x2f0
[ 63.977534][ T5087] ksys_write+0x1a0/0x2c0
[ 63.981894][ T5087] ? __ia32_sys_read+0x90/0x90
[ 63.986697][ T5087] ? syscall_enter_from_user_mode+0x32/0x260
[ 63.992689][ T5087] ? syscall_enter_from_user_mode+0x8c/0x260
[ 63.998682][ T5087] do_syscall_64+0x41/0xc0
[ 64.003127][ T5087] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.009048][ T5087] RIP: 0033:0x7f37076379e9
[ 64.013502][ T5087] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5087] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5087] exit_group(0) = ?
[pid 5087] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./12/binderfs") = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 64.033158][ T5087] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 64.041623][ T5087] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 64.049608][ T5087] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 64.057605][ T5087] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 64.065716][ T5087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 64.073697][ T5087] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 000000000000000c
[ 64.081708][ T5087]
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached
[pid 5088] chdir("./13") = 0
[pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5088] setpgid(0, 0) = 0
[pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC
[pid 5073] <... clone resumed>, child_tidptr=0x55555663f5d0) = 5088
[pid 5088] <... openat resumed>) = 3
[pid 5088] write(3, "1000", 4) = 4
[pid 5088] close(3) = 0
[pid 5088] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5088] memfd_create("syzkaller", 0) = 3
[pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5088] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5088] close(3) = 0
[pid 5088] mkdir("./file0", 0777) = 0
[pid 5088] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5088] chdir("./file0") = 0
[pid 5088] ioctl(4, LOOP_CLR_FD) = 0
[pid 5088] close(4) = 0
[pid 5088] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5088] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5088] write(5, "9", 1) = 1
[pid 5088] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5088] exit_group(0) = ?
[pid 5088] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./13/binderfs") = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 64.157546][ T5088] loop0: detected capacity change from 0 to 64
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5089
./strace-static-x86_64: Process 5089 attached
[pid 5089] chdir("./14") = 0
[pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5089] setpgid(0, 0) = 0
[pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5089] write(3, "1000", 4) = 4
[pid 5089] close(3) = 0
[pid 5089] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5089] memfd_create("syzkaller", 0) = 3
[pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5089] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5089] close(3) = 0
[pid 5089] mkdir("./file0", 0777) = 0
[pid 5089] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5089] chdir("./file0") = 0
[pid 5089] ioctl(4, LOOP_CLR_FD) = 0
[pid 5089] close(4) = 0
[pid 5089] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5089] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5089] write(5, "9", 1) = 1
[ 64.246032][ T5089] loop0: detected capacity change from 0 to 64
[ 64.279257][ T5089] FAULT_INJECTION: forcing a failure.
[ 64.279257][ T5089] name failslab, interval 1, probability 0, space 0, times 0
[ 64.292319][ T5089] CPU: 0 PID: 5089 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 64.302812][ T5089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 64.312964][ T5089] Call Trace:
[ 64.316250][ T5089]
[ 64.319191][ T5089] dump_stack_lvl+0x1e7/0x2d0
[ 64.323924][ T5089] ? nf_tcp_handle_invalid+0x650/0x650
[ 64.329422][ T5089] ? panic+0x770/0x770
[ 64.333519][ T5089] ? rcu_is_watching+0x15/0xb0
[ 64.338294][ T5089] ? trace_contention_end+0x3c/0xf0
[ 64.343520][ T5089] should_fail_ex+0x3aa/0x4e0
[ 64.348225][ T5089] should_failslab+0x9/0x20
[ 64.352759][ T5089] slab_pre_alloc_hook+0x59/0x2b0
[ 64.357825][ T5089] ? hfs_find_init+0x90/0x1f0
[ 64.362543][ T5089] __kmem_cache_alloc_node+0x4b/0x290
[ 64.367965][ T5089] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 64.373870][ T5089] ? hfs_find_init+0x90/0x1f0
[ 64.378591][ T5089] __kmalloc+0xa8/0x230
[ 64.382780][ T5089] hfs_find_init+0x90/0x1f0
[ 64.387313][ T5089] hfs_extend_file+0x31b/0x1440
[ 64.392192][ T5089] ? hfs_get_block+0xb60/0xb60
[ 64.396987][ T5089] ? lru_cache_disable+0x30/0x30
[ 64.401992][ T5089] ? __might_sleep+0xc0/0xc0
[ 64.406708][ T5089] ? clean_bdev_aliases+0x80a/0x920
[ 64.411926][ T5089] hfs_get_block+0x3e4/0xb60
[ 64.416542][ T5089] ? hfs_free_extents+0x420/0x420
[ 64.421593][ T5089] ? create_page_buffers+0x24e/0x4c0
[ 64.426953][ T5089] __block_write_begin_int+0x548/0x1a50
[ 64.432684][ T5089] ? hfs_free_extents+0x420/0x420
[ 64.437740][ T5089] ? page_zero_new_buffers+0x660/0x660
[ 64.443233][ T5089] ? PageHeadHuge+0xa5/0x1d0
[ 64.447854][ T5089] ? hfs_free_extents+0x420/0x420
[ 64.452889][ T5089] block_write_begin+0x9c/0x1f0
[ 64.457757][ T5089] ? cont_write_begin+0x626/0x880
[ 64.462803][ T5089] cont_write_begin+0x643/0x880
[ 64.467678][ T5089] ? fault_in_readable+0x1cc/0x350
[ 64.472811][ T5089] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 64.478723][ T5089] ? fault_in_readable+0x20d/0x350
[ 64.483869][ T5089] ? fault_in_safe_writeable+0x260/0x260
[ 64.489556][ T5089] hfs_write_begin+0x8a/0xd0
[ 64.494178][ T5089] ? hfs_free_extents+0x420/0x420
[ 64.499338][ T5089] generic_perform_write+0x300/0x5e0
[ 64.504751][ T5089] ? generic_file_direct_write+0x460/0x460
[ 64.510786][ T5089] ? __file_remove_privs+0x640/0x640
[ 64.516233][ T5089] ? generic_write_checks+0x160/0x1c0
[ 64.521627][ T5089] __generic_file_write_iter+0x17a/0x400
[ 64.527293][ T5089] generic_file_write_iter+0xaf/0x310
[ 64.532694][ T5089] vfs_write+0x7b2/0xbb0
[ 64.536964][ T5089] ? file_end_write+0x250/0x250
[ 64.541842][ T5089] ? lockdep_hardirqs_on+0x98/0x140
[ 64.547109][ T5089] ? __fdget_pos+0x265/0x2f0
[ 64.551739][ T5089] ksys_write+0x1a0/0x2c0
[ 64.556186][ T5089] ? __ia32_sys_read+0x90/0x90
[ 64.560984][ T5089] ? syscall_enter_from_user_mode+0x32/0x260
[ 64.567014][ T5089] ? syscall_enter_from_user_mode+0x8c/0x260
[ 64.573013][ T5089] do_syscall_64+0x41/0xc0
[ 64.577452][ T5089] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.583364][ T5089] RIP: 0033:0x7f37076379e9
[ 64.587807][ T5089] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.607538][ T5089] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 64.616234][ T5089] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 64.624344][ T5089] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 64.632332][ T5089] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 64.640315][ T5089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5089] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5089] exit_group(0) = ?
[pid 5089] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./14/binderfs") = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 64.648305][ T5089] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 000000000000000e
[ 64.656324][ T5089]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5090
./strace-static-x86_64: Process 5090 attached
[pid 5090] chdir("./15") = 0
[pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5090] setpgid(0, 0) = 0
[pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5090] write(3, "1000", 4) = 4
[pid 5090] close(3) = 0
[pid 5090] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5090] memfd_create("syzkaller", 0) = 3
[pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5090] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5090] close(3) = 0
[pid 5090] mkdir("./file0", 0777) = 0
[pid 5090] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5090] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5090] chdir("./file0") = 0
[pid 5090] ioctl(4, LOOP_CLR_FD) = 0
[pid 5090] close(4) = 0
[pid 5090] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5090] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5090] write(5, "9", 1) = 1
[pid 5090] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5090] exit_group(0) = ?
[pid 5090] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./15/binderfs") = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
[ 64.734449][ T5090] loop0: detected capacity change from 0 to 64
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5091
./strace-static-x86_64: Process 5091 attached
[pid 5091] chdir("./16") = 0
[pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5091] setpgid(0, 0) = 0
[pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5091] write(3, "1000", 4) = 4
[pid 5091] close(3) = 0
[pid 5091] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5091] memfd_create("syzkaller", 0) = 3
[pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5091] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5091] close(3) = 0
[pid 5091] mkdir("./file0", 0777) = 0
[pid 5091] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5091] chdir("./file0") = 0
[pid 5091] ioctl(4, LOOP_CLR_FD) = 0
[pid 5091] close(4) = 0
[pid 5091] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5091] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5091] write(5, "9", 1) = 1
[pid 5091] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5091] exit_group(0) = ?
[pid 5091] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./16/binderfs") = 0
[ 64.805689][ T5091] loop0: detected capacity change from 0 to 64
[ 64.807238][ T5075] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5092
./strace-static-x86_64: Process 5092 attached
[pid 5092] chdir("./17") = 0
[pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5092] setpgid(0, 0) = 0
[pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5092] write(3, "1000", 4) = 4
[pid 5092] close(3) = 0
[pid 5092] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5092] memfd_create("syzkaller", 0) = 3
[pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5092] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5092] close(3) = 0
[pid 5092] mkdir("./file0", 0777) = 0
[pid 5092] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5092] chdir("./file0") = 0
[pid 5092] ioctl(4, LOOP_CLR_FD) = 0
[pid 5092] close(4) = 0
[pid 5092] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5092] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5092] write(5, "9", 1) = 1
[pid 5092] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5092] exit_group(0) = ?
[pid 5092] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./17/binderfs") = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
[ 64.910361][ T5092] loop0: detected capacity change from 0 to 64
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5093
./strace-static-x86_64: Process 5093 attached
[pid 5093] chdir("./18") = 0
[pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5093] setpgid(0, 0) = 0
[pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "1000", 4) = 4
[pid 5093] close(3) = 0
[pid 5093] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5093] memfd_create("syzkaller", 0) = 3
[pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5093] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5093] close(3) = 0
[pid 5093] mkdir("./file0", 0777) = 0
[pid 5093] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5093] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5093] chdir("./file0") = 0
[pid 5093] ioctl(4, LOOP_CLR_FD) = 0
[pid 5093] close(4) = 0
[pid 5093] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5093] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5093] write(5, "9", 1) = 1
[ 65.003814][ T5093] loop0: detected capacity change from 0 to 64
[ 65.036642][ T5093] FAULT_INJECTION: forcing a failure.
[ 65.036642][ T5093] name failslab, interval 1, probability 0, space 0, times 0
[ 65.049395][ T5093] CPU: 1 PID: 5093 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 65.059845][ T5093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 65.069925][ T5093] Call Trace:
[ 65.073237][ T5093]
[ 65.076183][ T5093] dump_stack_lvl+0x1e7/0x2d0
[ 65.080917][ T5093] ? nf_tcp_handle_invalid+0x650/0x650
[ 65.086426][ T5093] ? panic+0x770/0x770
[ 65.090615][ T5093] ? rcu_is_watching+0x15/0xb0
[ 65.095415][ T5093] ? trace_contention_end+0x3c/0xf0
[ 65.100652][ T5093] should_fail_ex+0x3aa/0x4e0
[ 65.105476][ T5093] should_failslab+0x9/0x20
[ 65.110000][ T5093] slab_pre_alloc_hook+0x59/0x2b0
[ 65.115053][ T5093] ? hfs_find_init+0x90/0x1f0
[ 65.119744][ T5093] __kmem_cache_alloc_node+0x4b/0x290
[ 65.125138][ T5093] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 65.130993][ T5093] ? hfs_find_init+0x90/0x1f0
[ 65.135685][ T5093] __kmalloc+0xa8/0x230
[ 65.139867][ T5093] hfs_find_init+0x90/0x1f0
[ 65.144390][ T5093] hfs_extend_file+0x31b/0x1440
[ 65.149291][ T5093] ? hfs_get_block+0xb60/0xb60
[ 65.154075][ T5093] ? lru_cache_disable+0x30/0x30
[ 65.159042][ T5093] ? __might_sleep+0xc0/0xc0
[ 65.163661][ T5093] ? clean_bdev_aliases+0x80a/0x920
[ 65.168885][ T5093] hfs_get_block+0x3e4/0xb60
[ 65.173506][ T5093] ? hfs_free_extents+0x420/0x420
[ 65.178556][ T5093] ? create_page_buffers+0x24e/0x4c0
[ 65.183877][ T5093] __block_write_begin_int+0x548/0x1a50
[ 65.189465][ T5093] ? hfs_free_extents+0x420/0x420
[ 65.194505][ T5093] ? page_zero_new_buffers+0x660/0x660
[ 65.199991][ T5093] ? PageHeadHuge+0xa5/0x1d0
[ 65.204606][ T5093] ? hfs_free_extents+0x420/0x420
[ 65.209648][ T5093] block_write_begin+0x9c/0x1f0
[ 65.214513][ T5093] ? cont_write_begin+0x626/0x880
[ 65.219563][ T5093] cont_write_begin+0x643/0x880
[ 65.224443][ T5093] ? fault_in_readable+0x1cc/0x350
[ 65.229569][ T5093] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 65.235484][ T5093] ? fault_in_readable+0x20d/0x350
[ 65.240639][ T5093] ? fault_in_safe_writeable+0x260/0x260
[ 65.246295][ T5093] hfs_write_begin+0x8a/0xd0
[ 65.250900][ T5093] ? hfs_free_extents+0x420/0x420
[ 65.255963][ T5093] generic_perform_write+0x300/0x5e0
[ 65.261380][ T5093] ? generic_file_direct_write+0x460/0x460
[ 65.267298][ T5093] ? __file_remove_privs+0x640/0x640
[ 65.272606][ T5093] ? generic_write_checks+0x160/0x1c0
[ 65.277999][ T5093] __generic_file_write_iter+0x17a/0x400
[ 65.283650][ T5093] generic_file_write_iter+0xaf/0x310
[ 65.289068][ T5093] vfs_write+0x7b2/0xbb0
[ 65.293340][ T5093] ? file_end_write+0x250/0x250
[ 65.298219][ T5093] ? lockdep_hardirqs_on+0x98/0x140
[ 65.303625][ T5093] ? __fdget_pos+0x265/0x2f0
[ 65.308242][ T5093] ksys_write+0x1a0/0x2c0
[ 65.312618][ T5093] ? __ia32_sys_read+0x90/0x90
[ 65.317422][ T5093] ? syscall_enter_from_user_mode+0x32/0x260
[ 65.323435][ T5093] ? syscall_enter_from_user_mode+0x8c/0x260
[ 65.329439][ T5093] do_syscall_64+0x41/0xc0
[ 65.333966][ T5093] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.339881][ T5093] RIP: 0033:0x7f37076379e9
[ 65.344310][ T5093] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.364059][ T5093] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 65.372577][ T5093] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 65.380586][ T5093] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 65.388577][ T5093] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 65.396565][ T5093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5093] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5093] exit_group(0) = ?
[pid 5093] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./18/binderfs") = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
[ 65.404651][ T5093] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000012
[ 65.412672][ T5093]
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5094
./strace-static-x86_64: Process 5094 attached
[pid 5094] chdir("./19") = 0
[pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5094] setpgid(0, 0) = 0
[pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5094] write(3, "1000", 4) = 4
[pid 5094] close(3) = 0
[pid 5094] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5094] memfd_create("syzkaller", 0) = 3
[pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5094] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5094] close(3) = 0
[pid 5094] mkdir("./file0", 0777) = 0
[pid 5094] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5094] chdir("./file0") = 0
[pid 5094] ioctl(4, LOOP_CLR_FD) = 0
[pid 5094] close(4) = 0
[pid 5094] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5094] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5094] write(5, "9", 1) = 1
[pid 5094] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5094] exit_group(0) = ?
[pid 5094] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./19/binderfs") = 0
[ 65.507401][ T5094] loop0: detected capacity change from 0 to 64
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5095
./strace-static-x86_64: Process 5095 attached
[pid 5095] chdir("./20") = 0
[pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5095] setpgid(0, 0) = 0
[pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5095] write(3, "1000", 4) = 4
[pid 5095] close(3) = 0
[pid 5095] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5095] memfd_create("syzkaller", 0) = 3
[pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5095] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5095] close(3) = 0
[pid 5095] mkdir("./file0", 0777) = 0
[pid 5095] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5095] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5095] chdir("./file0") = 0
[pid 5095] ioctl(4, LOOP_CLR_FD) = 0
[pid 5095] close(4) = 0
[pid 5095] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5095] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5095] write(5, "9", 1) = 1
[pid 5095] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5095] exit_group(0) = ?
[pid 5095] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 65.623588][ T5095] loop0: detected capacity change from 0 to 64
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./20/binderfs") = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5096
./strace-static-x86_64: Process 5096 attached
[pid 5096] chdir("./21") = 0
[pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5096] setpgid(0, 0) = 0
[pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5096] write(3, "1000", 4) = 4
[pid 5096] close(3) = 0
[pid 5096] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5096] memfd_create("syzkaller", 0) = 3
[pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5096] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5096] close(3) = 0
[pid 5096] mkdir("./file0", 0777) = 0
[pid 5096] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5096] chdir("./file0") = 0
[pid 5096] ioctl(4, LOOP_CLR_FD) = 0
[pid 5096] close(4) = 0
[pid 5096] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5096] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5096] write(5, "9", 1) = 1
[ 65.752813][ T5096] loop0: detected capacity change from 0 to 64
[ 65.784612][ T5096] FAULT_INJECTION: forcing a failure.
[ 65.784612][ T5096] name failslab, interval 1, probability 0, space 0, times 0
[ 65.798012][ T5096] CPU: 0 PID: 5096 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 65.808466][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 65.818817][ T5096] Call Trace:
[ 65.826746][ T5096]
[ 65.829729][ T5096] dump_stack_lvl+0x1e7/0x2d0
[ 65.834466][ T5096] ? nf_tcp_handle_invalid+0x650/0x650
[ 65.839962][ T5096] ? panic+0x770/0x770
[ 65.844070][ T5096] ? rcu_is_watching+0x15/0xb0
[ 65.848883][ T5096] ? trace_contention_end+0x3c/0xf0
[ 65.854229][ T5096] should_fail_ex+0x3aa/0x4e0
[ 65.858938][ T5096] should_failslab+0x9/0x20
[ 65.863472][ T5096] slab_pre_alloc_hook+0x59/0x2b0
[ 65.868558][ T5096] ? hfs_find_init+0x90/0x1f0
[ 65.873272][ T5096] __kmem_cache_alloc_node+0x4b/0x290
[ 65.878753][ T5096] ? hfs_find_init+0x90/0x1f0
[ 65.883478][ T5096] __kmalloc+0xa8/0x230
[ 65.887665][ T5096] hfs_find_init+0x90/0x1f0
[ 65.892233][ T5096] hfs_extend_file+0x31b/0x1440
[ 65.897169][ T5096] ? hfs_get_block+0xb60/0xb60
[ 65.902063][ T5096] ? find_lock_entries+0x1100/0x1100
[ 65.907396][ T5096] ? clean_bdev_aliases+0x7f9/0x920
[ 65.912654][ T5096] hfs_get_block+0x3e4/0xb60
[ 65.917292][ T5096] ? hfs_free_extents+0x420/0x420
[ 65.922358][ T5096] ? create_page_buffers+0x24e/0x4c0
[ 65.927678][ T5096] __block_write_begin_int+0x548/0x1a50
[ 65.933266][ T5096] ? hfs_free_extents+0x420/0x420
[ 65.938309][ T5096] ? page_zero_new_buffers+0x660/0x660
[ 65.943968][ T5096] ? PageHeadHuge+0xa5/0x1d0
[ 65.948631][ T5096] ? hfs_free_extents+0x420/0x420
[ 65.953764][ T5096] block_write_begin+0x9c/0x1f0
[ 65.958634][ T5096] ? cont_write_begin+0x626/0x880
[ 65.963772][ T5096] cont_write_begin+0x643/0x880
[ 65.968653][ T5096] ? fault_in_readable+0x1cc/0x350
[ 65.973777][ T5096] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 65.979690][ T5096] ? fault_in_readable+0x20d/0x350
[ 65.984820][ T5096] ? fault_in_safe_writeable+0x260/0x260
[ 65.990473][ T5096] hfs_write_begin+0x8a/0xd0
[ 65.995076][ T5096] ? hfs_free_extents+0x420/0x420
[ 66.000118][ T5096] generic_perform_write+0x300/0x5e0
[ 66.005434][ T5096] ? generic_file_direct_write+0x460/0x460
[ 66.011255][ T5096] ? __file_remove_privs+0x640/0x640
[ 66.016558][ T5096] ? generic_write_checks+0x160/0x1c0
[ 66.022056][ T5096] __generic_file_write_iter+0x17a/0x400
[ 66.027712][ T5096] generic_file_write_iter+0xaf/0x310
[ 66.033116][ T5096] vfs_write+0x7b2/0xbb0
[ 66.037399][ T5096] ? file_end_write+0x250/0x250
[ 66.042294][ T5096] ? lockdep_hardirqs_on+0x98/0x140
[ 66.047513][ T5096] ? __fdget_pos+0x265/0x2f0
[ 66.052125][ T5096] ksys_write+0x1a0/0x2c0
[ 66.056497][ T5096] ? __ia32_sys_read+0x90/0x90
[ 66.061370][ T5096] ? syscall_enter_from_user_mode+0x32/0x260
[ 66.067370][ T5096] ? syscall_enter_from_user_mode+0x8c/0x260
[ 66.073371][ T5096] do_syscall_64+0x41/0xc0
[ 66.077813][ T5096] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.083727][ T5096] RIP: 0033:0x7f37076379e9
[ 66.088155][ T5096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.107780][ T5096] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 66.116299][ T5096] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 66.124285][ T5096] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 66.132364][ T5096] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 66.140450][ T5096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5096] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5096] exit_group(0) = ?
[pid 5096] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./21/binderfs") = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
[ 66.148449][ T5096] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000015
[ 66.156446][ T5096]
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5097
./strace-static-x86_64: Process 5097 attached
[pid 5097] chdir("./22") = 0
[pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5097] setpgid(0, 0) = 0
[pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5097] write(3, "1000", 4) = 4
[pid 5097] close(3) = 0
[pid 5097] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5097] memfd_create("syzkaller", 0) = 3
[pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5097] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5097] close(3) = 0
[pid 5097] mkdir("./file0", 0777) = 0
[pid 5097] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5097] chdir("./file0") = 0
[pid 5097] ioctl(4, LOOP_CLR_FD) = 0
[pid 5097] close(4) = 0
[pid 5097] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5097] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5097] write(5, "9", 1) = 1
[pid 5097] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5097] exit_group(0) = ?
[pid 5097] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./22/binderfs") = 0
[ 66.209823][ T5097] loop0: detected capacity change from 0 to 64
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5098
./strace-static-x86_64: Process 5098 attached
[pid 5098] chdir("./23") = 0
[pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5098] setpgid(0, 0) = 0
[pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5098] write(3, "1000", 4) = 4
[pid 5098] close(3) = 0
[pid 5098] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5098] memfd_create("syzkaller", 0) = 3
[pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5098] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5098] close(3) = 0
[pid 5098] mkdir("./file0", 0777) = 0
[pid 5098] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5098] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5098] chdir("./file0") = 0
[pid 5098] ioctl(4, LOOP_CLR_FD) = 0
[pid 5098] close(4) = 0
[pid 5098] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5098] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5098] write(5, "9", 1) = 1
[pid 5098] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5098] exit_group(0) = ?
[pid 5098] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./23/binderfs") = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5099
[ 66.311502][ T5098] loop0: detected capacity change from 0 to 64
./strace-static-x86_64: Process 5099 attached
[pid 5099] chdir("./24") = 0
[pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5099] setpgid(0, 0) = 0
[pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5099] write(3, "1000", 4) = 4
[pid 5099] close(3) = 0
[pid 5099] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5099] memfd_create("syzkaller", 0) = 3
[pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5099] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5099] close(3) = 0
[pid 5099] mkdir("./file0", 0777) = 0
[pid 5099] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5099] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5099] chdir("./file0") = 0
[pid 5099] ioctl(4, LOOP_CLR_FD) = 0
[pid 5099] close(4) = 0
[pid 5099] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5099] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5099] write(5, "9", 1) = 1
[ 66.395489][ T5099] loop0: detected capacity change from 0 to 64
[ 66.431952][ T5099] FAULT_INJECTION: forcing a failure.
[ 66.431952][ T5099] name failslab, interval 1, probability 0, space 0, times 0
[ 66.444985][ T5099] CPU: 0 PID: 5099 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 66.455455][ T5099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 66.465553][ T5099] Call Trace:
[ 66.468870][ T5099]
[ 66.471843][ T5099] dump_stack_lvl+0x1e7/0x2d0
[ 66.476584][ T5099] ? nf_tcp_handle_invalid+0x650/0x650
[ 66.482099][ T5099] ? panic+0x770/0x770
[ 66.486189][ T5099] ? rcu_is_watching+0x15/0xb0
[ 66.490976][ T5099] ? trace_contention_end+0x3c/0xf0
[ 66.496208][ T5099] should_fail_ex+0x3aa/0x4e0
[ 66.501102][ T5099] should_failslab+0x9/0x20
[ 66.505637][ T5099] slab_pre_alloc_hook+0x59/0x2b0
[ 66.510707][ T5099] ? hfs_find_init+0x90/0x1f0
[ 66.515393][ T5099] __kmem_cache_alloc_node+0x4b/0x290
[ 66.520788][ T5099] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 66.526631][ T5099] ? hfs_find_init+0x90/0x1f0
[ 66.531550][ T5099] __kmalloc+0xa8/0x230
[ 66.535758][ T5099] hfs_find_init+0x90/0x1f0
[ 66.540294][ T5099] hfs_extend_file+0x31b/0x1440
[ 66.545185][ T5099] ? hfs_get_block+0xb60/0xb60
[ 66.549972][ T5099] ? lru_cache_disable+0x30/0x30
[ 66.554949][ T5099] ? __might_sleep+0xc0/0xc0
[ 66.559576][ T5099] ? clean_bdev_aliases+0x80a/0x920
[ 66.564821][ T5099] hfs_get_block+0x3e4/0xb60
[ 66.569449][ T5099] ? hfs_free_extents+0x420/0x420
[ 66.574507][ T5099] ? create_page_buffers+0x24e/0x4c0
[ 66.579860][ T5099] __block_write_begin_int+0x548/0x1a50
[ 66.585466][ T5099] ? hfs_free_extents+0x420/0x420
[ 66.590506][ T5099] ? page_zero_new_buffers+0x660/0x660
[ 66.596084][ T5099] ? PageHeadHuge+0xa5/0x1d0
[ 66.600786][ T5099] ? hfs_free_extents+0x420/0x420
[ 66.605827][ T5099] block_write_begin+0x9c/0x1f0
[ 66.610703][ T5099] ? cont_write_begin+0x626/0x880
[ 66.615930][ T5099] cont_write_begin+0x643/0x880
[ 66.620809][ T5099] ? fault_in_readable+0x1cc/0x350
[ 66.625952][ T5099] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 66.632038][ T5099] ? fault_in_readable+0x20d/0x350
[ 66.637165][ T5099] ? fault_in_safe_writeable+0x260/0x260
[ 66.642832][ T5099] hfs_write_begin+0x8a/0xd0
[ 66.647437][ T5099] ? hfs_free_extents+0x420/0x420
[ 66.652486][ T5099] generic_perform_write+0x300/0x5e0
[ 66.657798][ T5099] ? generic_file_direct_write+0x460/0x460
[ 66.663620][ T5099] ? __file_remove_privs+0x640/0x640
[ 66.668920][ T5099] ? generic_write_checks+0x160/0x1c0
[ 66.674394][ T5099] __generic_file_write_iter+0x17a/0x400
[ 66.680055][ T5099] generic_file_write_iter+0xaf/0x310
[ 66.685445][ T5099] vfs_write+0x7b2/0xbb0
[ 66.689716][ T5099] ? file_end_write+0x250/0x250
[ 66.694595][ T5099] ? lockdep_hardirqs_on+0x98/0x140
[ 66.699811][ T5099] ? __fdget_pos+0x265/0x2f0
[ 66.704429][ T5099] ksys_write+0x1a0/0x2c0
[ 66.708785][ T5099] ? __ia32_sys_read+0x90/0x90
[ 66.713580][ T5099] ? syscall_enter_from_user_mode+0x32/0x260
[ 66.719579][ T5099] ? syscall_enter_from_user_mode+0x8c/0x260
[ 66.725577][ T5099] do_syscall_64+0x41/0xc0
[ 66.730015][ T5099] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.735931][ T5099] RIP: 0033:0x7f37076379e9
[ 66.740374][ T5099] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.760003][ T5099] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 66.768432][ T5099] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 66.776415][ T5099] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 66.785442][ T5099] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[pid 5099] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5099] exit_group(0) = ?
[pid 5099] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./24/binderfs") = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 66.793423][ T5099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 66.801495][ T5099] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000018
[ 66.809584][ T5099]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5100
./strace-static-x86_64: Process 5100 attached
[pid 5100] chdir("./25") = 0
[pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5100] setpgid(0, 0) = 0
[pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5100] write(3, "1000", 4) = 4
[pid 5100] close(3) = 0
[pid 5100] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5100] memfd_create("syzkaller", 0) = 3
[pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5100] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5100] close(3) = 0
[pid 5100] mkdir("./file0", 0777) = 0
[pid 5100] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5100] chdir("./file0") = 0
[pid 5100] ioctl(4, LOOP_CLR_FD) = 0
[pid 5100] close(4) = 0
[pid 5100] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5100] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5100] write(5, "9", 1) = 1
[ 66.882086][ T5100] loop0: detected capacity change from 0 to 64
[ 66.912828][ T5100] FAULT_INJECTION: forcing a failure.
[ 66.912828][ T5100] name failslab, interval 1, probability 0, space 0, times 0
[ 66.926297][ T5100] CPU: 1 PID: 5100 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 66.936767][ T5100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 66.946861][ T5100] Call Trace:
[ 66.950184][ T5100]
[ 66.953210][ T5100] dump_stack_lvl+0x1e7/0x2d0
[ 66.957913][ T5100] ? nf_tcp_handle_invalid+0x650/0x650
[ 66.963409][ T5100] ? panic+0x770/0x770
[ 66.967515][ T5100] ? rcu_is_watching+0x15/0xb0
[ 66.972323][ T5100] ? trace_contention_end+0x3c/0xf0
[ 66.977550][ T5100] should_fail_ex+0x3aa/0x4e0
[ 66.982268][ T5100] should_failslab+0x9/0x20
[ 66.986800][ T5100] slab_pre_alloc_hook+0x59/0x2b0
[ 66.991880][ T5100] ? hfs_find_init+0x90/0x1f0
[ 66.996613][ T5100] __kmem_cache_alloc_node+0x4b/0x290
[ 67.002030][ T5100] ? hfs_find_init+0x90/0x1f0
[ 67.006747][ T5100] __kmalloc+0xa8/0x230
[ 67.010953][ T5100] hfs_find_init+0x90/0x1f0
[ 67.015526][ T5100] hfs_extend_file+0x31b/0x1440
[ 67.020511][ T5100] ? hfs_get_block+0xb60/0xb60
[ 67.025299][ T5100] ? find_lock_entries+0x1100/0x1100
[ 67.030640][ T5100] ? clean_bdev_aliases+0x7f9/0x920
[ 67.035902][ T5100] hfs_get_block+0x3e4/0xb60
[ 67.040579][ T5100] ? hfs_free_extents+0x420/0x420
[ 67.045660][ T5100] ? create_page_buffers+0x24e/0x4c0
[ 67.051085][ T5100] __block_write_begin_int+0x548/0x1a50
[ 67.056711][ T5100] ? hfs_free_extents+0x420/0x420
[ 67.061782][ T5100] ? page_zero_new_buffers+0x660/0x660
[ 67.067276][ T5100] ? PageHeadHuge+0xa5/0x1d0
[ 67.071896][ T5100] ? hfs_free_extents+0x420/0x420
[ 67.076949][ T5100] block_write_begin+0x9c/0x1f0
[ 67.081853][ T5100] ? cont_write_begin+0x626/0x880
[ 67.086916][ T5100] cont_write_begin+0x643/0x880
[ 67.091826][ T5100] ? fault_in_readable+0x1cc/0x350
[ 67.096981][ T5100] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 67.102949][ T5100] ? fault_in_readable+0x20d/0x350
[ 67.108111][ T5100] ? fault_in_safe_writeable+0x260/0x260
[ 67.113772][ T5100] hfs_write_begin+0x8a/0xd0
[ 67.118394][ T5100] ? hfs_free_extents+0x420/0x420
[ 67.123481][ T5100] generic_perform_write+0x300/0x5e0
[ 67.128832][ T5100] ? generic_file_direct_write+0x460/0x460
[ 67.134803][ T5100] ? __file_remove_privs+0x640/0x640
[ 67.140138][ T5100] ? generic_write_checks+0x160/0x1c0
[ 67.145636][ T5100] __generic_file_write_iter+0x17a/0x400
[ 67.151316][ T5100] generic_file_write_iter+0xaf/0x310
[ 67.156827][ T5100] vfs_write+0x7b2/0xbb0
[ 67.161154][ T5100] ? file_end_write+0x250/0x250
[ 67.166079][ T5100] ? lockdep_hardirqs_on+0x98/0x140
[ 67.171321][ T5100] ? __fdget_pos+0x265/0x2f0
[ 67.175971][ T5100] ksys_write+0x1a0/0x2c0
[ 67.180372][ T5100] ? __ia32_sys_read+0x90/0x90
[ 67.185225][ T5100] ? syscall_enter_from_user_mode+0x32/0x260
[ 67.191233][ T5100] ? syscall_enter_from_user_mode+0x8c/0x260
[ 67.197230][ T5100] do_syscall_64+0x41/0xc0
[ 67.201755][ T5100] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.207688][ T5100] RIP: 0033:0x7f37076379e9
[ 67.212139][ T5100] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5100] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5100] exit_group(0) = ?
[pid 5100] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./25/binderfs") = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5101
./strace-static-x86_64: Process 5101 attached
[ 67.231791][ T5100] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 67.240430][ T5100] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 67.248451][ T5100] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 67.256436][ T5100] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 67.264417][ T5100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 67.272402][ T5100] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000019
[ 67.280423][ T5100]
[pid 5101] chdir("./26") = 0
[pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5101] setpgid(0, 0) = 0
[pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5101] write(3, "1000", 4) = 4
[pid 5101] close(3) = 0
[pid 5101] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5101] memfd_create("syzkaller", 0) = 3
[pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5101] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5101] close(3) = 0
[pid 5101] mkdir("./file0", 0777) = 0
[pid 5101] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5101] chdir("./file0") = 0
[pid 5101] ioctl(4, LOOP_CLR_FD) = 0
[pid 5101] close(4) = 0
[pid 5101] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5101] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5101] write(5, "9", 1) = 1
[pid 5101] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5101] exit_group(0) = ?
[pid 5101] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./26/binderfs") = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
[ 67.327723][ T5101] loop0: detected capacity change from 0 to 64
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5102
./strace-static-x86_64: Process 5102 attached
[pid 5102] chdir("./27") = 0
[pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5102] setpgid(0, 0) = 0
[pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5102] write(3, "1000", 4) = 4
[pid 5102] close(3) = 0
[pid 5102] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5102] memfd_create("syzkaller", 0) = 3
[pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5102] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5102] close(3) = 0
[pid 5102] mkdir("./file0", 0777) = 0
[pid 5102] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5102] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5102] chdir("./file0") = 0
[pid 5102] ioctl(4, LOOP_CLR_FD) = 0
[pid 5102] close(4) = 0
[pid 5102] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5102] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5102] write(5, "9", 1) = 1
[ 67.417555][ T5102] loop0: detected capacity change from 0 to 64
[ 67.439343][ T5102] FAULT_INJECTION: forcing a failure.
[ 67.439343][ T5102] name failslab, interval 1, probability 0, space 0, times 0
[ 67.452266][ T5102] CPU: 0 PID: 5102 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 67.462737][ T5102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 67.472828][ T5102] Call Trace:
[ 67.476131][ T5102]
[ 67.479092][ T5102] dump_stack_lvl+0x1e7/0x2d0
[ 67.483883][ T5102] ? nf_tcp_handle_invalid+0x650/0x650
[ 67.489397][ T5102] ? panic+0x770/0x770
[ 67.493519][ T5102] ? rcu_is_watching+0x15/0xb0
[ 67.498330][ T5102] ? trace_contention_end+0x3c/0xf0
[ 67.503758][ T5102] should_fail_ex+0x3aa/0x4e0
[ 67.508576][ T5102] should_failslab+0x9/0x20
[ 67.513123][ T5102] slab_pre_alloc_hook+0x59/0x2b0
[ 67.518267][ T5102] ? hfs_find_init+0x90/0x1f0
[ 67.522955][ T5102] __kmem_cache_alloc_node+0x4b/0x290
[ 67.528358][ T5102] ? hfs_find_init+0x90/0x1f0
[ 67.533046][ T5102] __kmalloc+0xa8/0x230
[ 67.537255][ T5102] hfs_find_init+0x90/0x1f0
[ 67.541860][ T5102] hfs_extend_file+0x31b/0x1440
[ 67.546738][ T5102] ? hfs_get_block+0xb60/0xb60
[ 67.551560][ T5102] ? find_lock_entries+0x1100/0x1100
[ 67.556878][ T5102] ? clean_bdev_aliases+0x7f9/0x920
[ 67.562103][ T5102] hfs_get_block+0x3e4/0xb60
[ 67.566895][ T5102] ? hfs_free_extents+0x420/0x420
[ 67.571942][ T5102] ? create_page_buffers+0x24e/0x4c0
[ 67.577257][ T5102] __block_write_begin_int+0x548/0x1a50
[ 67.582927][ T5102] ? hfs_free_extents+0x420/0x420
[ 67.587968][ T5102] ? page_zero_new_buffers+0x660/0x660
[ 67.593456][ T5102] ? PageHeadHuge+0xa5/0x1d0
[ 67.598070][ T5102] ? hfs_free_extents+0x420/0x420
[ 67.603109][ T5102] block_write_begin+0x9c/0x1f0
[ 67.607977][ T5102] ? cont_write_begin+0x626/0x880
[ 67.613038][ T5102] cont_write_begin+0x643/0x880
[ 67.617919][ T5102] ? fault_in_readable+0x1cc/0x350
[ 67.623054][ T5102] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 67.628967][ T5102] ? fault_in_readable+0x20d/0x350
[ 67.634095][ T5102] ? fault_in_safe_writeable+0x260/0x260
[ 67.639746][ T5102] hfs_write_begin+0x8a/0xd0
[ 67.644354][ T5102] ? hfs_free_extents+0x420/0x420
[ 67.649400][ T5102] generic_perform_write+0x300/0x5e0
[ 67.654729][ T5102] ? generic_file_direct_write+0x460/0x460
[ 67.660550][ T5102] ? __file_remove_privs+0x640/0x640
[ 67.665862][ T5102] ? generic_write_checks+0x160/0x1c0
[ 67.671276][ T5102] __generic_file_write_iter+0x17a/0x400
[ 67.676928][ T5102] generic_file_write_iter+0xaf/0x310
[ 67.682328][ T5102] vfs_write+0x7b2/0xbb0
[ 67.686694][ T5102] ? file_end_write+0x250/0x250
[ 67.691576][ T5102] ? lockdep_hardirqs_on+0x98/0x140
[ 67.696788][ T5102] ? __fdget_pos+0x265/0x2f0
[ 67.701397][ T5102] ksys_write+0x1a0/0x2c0
[ 67.705749][ T5102] ? __ia32_sys_read+0x90/0x90
[ 67.710528][ T5102] ? syscall_enter_from_user_mode+0x32/0x260
[ 67.716524][ T5102] ? syscall_enter_from_user_mode+0x8c/0x260
[ 67.722533][ T5102] do_syscall_64+0x41/0xc0
[ 67.726972][ T5102] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.732897][ T5102] RIP: 0033:0x7f37076379e9
[ 67.737333][ T5102] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 67.756957][ T5102] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5102] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5102] exit_group(0) = ?
[pid 5102] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./27/binderfs") = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 67.765385][ T5102] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 67.773371][ T5102] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 67.781356][ T5102] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 67.789335][ T5102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 67.797573][ T5102] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 000000000000001b
[ 67.805569][ T5102]
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5103
./strace-static-x86_64: Process 5103 attached
[pid 5103] chdir("./28") = 0
[pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5103] setpgid(0, 0) = 0
[pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5103] write(3, "1000", 4) = 4
[pid 5103] close(3) = 0
[pid 5103] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5103] memfd_create("syzkaller", 0) = 3
[pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5103] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5103] close(3) = 0
[pid 5103] mkdir("./file0", 0777) = 0
[pid 5103] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5103] chdir("./file0") = 0
[pid 5103] ioctl(4, LOOP_CLR_FD) = 0
[pid 5103] close(4) = 0
[pid 5103] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5103] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5103] write(5, "9", 1) = 1
[pid 5103] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5103] exit_group(0) = ?
[pid 5103] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./28/binderfs") = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
[ 67.894496][ T5103] loop0: detected capacity change from 0 to 64
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5104
./strace-static-x86_64: Process 5104 attached
[pid 5104] chdir("./29") = 0
[pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5104] setpgid(0, 0) = 0
[pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5104] write(3, "1000", 4) = 4
[pid 5104] close(3) = 0
[pid 5104] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5104] memfd_create("syzkaller", 0) = 3
[pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5104] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5104] close(3) = 0
[pid 5104] mkdir("./file0", 0777) = 0
[pid 5104] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5104] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5104] chdir("./file0") = 0
[pid 5104] ioctl(4, LOOP_CLR_FD) = 0
[pid 5104] close(4) = 0
[pid 5104] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5104] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5104] write(5, "9", 1) = 1
[ 67.998373][ T5104] loop0: detected capacity change from 0 to 64
[ 68.033367][ T5104] FAULT_INJECTION: forcing a failure.
[ 68.033367][ T5104] name failslab, interval 1, probability 0, space 0, times 0
[ 68.046771][ T5104] CPU: 0 PID: 5104 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 68.057299][ T5104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 68.067370][ T5104] Call Trace:
[ 68.070665][ T5104]
[ 68.073595][ T5104] dump_stack_lvl+0x1e7/0x2d0
[ 68.078290][ T5104] ? nf_tcp_handle_invalid+0x650/0x650
[ 68.083757][ T5104] ? panic+0x770/0x770
[ 68.087833][ T5104] ? rcu_is_watching+0x15/0xb0
[ 68.092613][ T5104] ? trace_contention_end+0x3c/0xf0
[ 68.097821][ T5104] should_fail_ex+0x3aa/0x4e0
[ 68.102514][ T5104] should_failslab+0x9/0x20
[ 68.107026][ T5104] slab_pre_alloc_hook+0x59/0x2b0
[ 68.112180][ T5104] ? hfs_find_init+0x90/0x1f0
[ 68.116862][ T5104] __kmem_cache_alloc_node+0x4b/0x290
[ 68.122421][ T5104] ? hfs_find_init+0x90/0x1f0
[ 68.127103][ T5104] __kmalloc+0xa8/0x230
[ 68.131267][ T5104] hfs_find_init+0x90/0x1f0
[ 68.135771][ T5104] hfs_extend_file+0x31b/0x1440
[ 68.140645][ T5104] ? hfs_get_block+0xb60/0xb60
[ 68.145513][ T5104] ? find_lock_entries+0x1100/0x1100
[ 68.150814][ T5104] ? clean_bdev_aliases+0x7f9/0x920
[ 68.156052][ T5104] hfs_get_block+0x3e4/0xb60
[ 68.160718][ T5104] ? hfs_free_extents+0x420/0x420
[ 68.165778][ T5104] ? create_page_buffers+0x24e/0x4c0
[ 68.171103][ T5104] __block_write_begin_int+0x548/0x1a50
[ 68.176697][ T5104] ? hfs_free_extents+0x420/0x420
[ 68.181748][ T5104] ? page_zero_new_buffers+0x660/0x660
[ 68.187227][ T5104] ? PageHeadHuge+0xa5/0x1d0
[ 68.191844][ T5104] ? hfs_free_extents+0x420/0x420
[ 68.196886][ T5104] block_write_begin+0x9c/0x1f0
[ 68.201767][ T5104] ? cont_write_begin+0x626/0x880
[ 68.206821][ T5104] cont_write_begin+0x643/0x880
[ 68.211716][ T5104] ? fault_in_readable+0x1cc/0x350
[ 68.216840][ T5104] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 68.222752][ T5104] ? fault_in_readable+0x20d/0x350
[ 68.227881][ T5104] ? fault_in_safe_writeable+0x260/0x260
[ 68.233536][ T5104] hfs_write_begin+0x8a/0xd0
[ 68.238147][ T5104] ? hfs_free_extents+0x420/0x420
[ 68.243187][ T5104] generic_perform_write+0x300/0x5e0
[ 68.248499][ T5104] ? generic_file_direct_write+0x460/0x460
[ 68.254320][ T5104] ? __file_remove_privs+0x640/0x640
[ 68.259626][ T5104] ? generic_write_checks+0x160/0x1c0
[ 68.265014][ T5104] __generic_file_write_iter+0x17a/0x400
[ 68.270664][ T5104] generic_file_write_iter+0xaf/0x310
[ 68.276055][ T5104] vfs_write+0x7b2/0xbb0
[ 68.280320][ T5104] ? file_end_write+0x250/0x250
[ 68.285203][ T5104] ? lockdep_hardirqs_on+0x98/0x140
[ 68.290418][ T5104] ? __fdget_pos+0x265/0x2f0
[ 68.295025][ T5104] ksys_write+0x1a0/0x2c0
[ 68.299374][ T5104] ? __ia32_sys_read+0x90/0x90
[ 68.304157][ T5104] ? syscall_enter_from_user_mode+0x32/0x260
[ 68.310160][ T5104] ? syscall_enter_from_user_mode+0x8c/0x260
[ 68.316156][ T5104] do_syscall_64+0x41/0xc0
[ 68.320625][ T5104] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.327949][ T5104] RIP: 0033:0x7f37076379e9
[ 68.332395][ T5104] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 68.352035][ T5104] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 68.360473][ T5104] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 68.368461][ T5104] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 68.376440][ T5104] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 68.384433][ T5104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5104] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5104] exit_group(0) = ?
[pid 5104] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./29/binderfs") = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5105
./strace-static-x86_64: Process 5105 attached
[ 68.392435][ T5104] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 000000000000001d
[ 68.400453][ T5104]
[pid 5105] chdir("./30") = 0
[pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5105] setpgid(0, 0) = 0
[pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5105] write(3, "1000", 4) = 4
[pid 5105] close(3) = 0
[pid 5105] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5105] memfd_create("syzkaller", 0) = 3
[pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5105] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5105] close(3) = 0
[pid 5105] mkdir("./file0", 0777) = 0
[pid 5105] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5105] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5105] chdir("./file0") = 0
[pid 5105] ioctl(4, LOOP_CLR_FD) = 0
[pid 5105] close(4) = 0
[pid 5105] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5105] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5105] write(5, "9", 1) = 1
[ 68.452936][ T5105] loop0: detected capacity change from 0 to 64
[ 68.480961][ T5105] FAULT_INJECTION: forcing a failure.
[ 68.480961][ T5105] name failslab, interval 1, probability 0, space 0, times 0
[ 68.493742][ T5105] CPU: 1 PID: 5105 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 68.504194][ T5105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 68.514669][ T5105] Call Trace:
[ 68.517973][ T5105]
[ 68.520916][ T5105] dump_stack_lvl+0x1e7/0x2d0
[ 68.525618][ T5105] ? nf_tcp_handle_invalid+0x650/0x650
[ 68.531100][ T5105] ? panic+0x770/0x770
[ 68.535226][ T5105] ? rcu_is_watching+0x15/0xb0
[ 68.540047][ T5105] ? trace_contention_end+0x3c/0xf0
[ 68.545270][ T5105] should_fail_ex+0x3aa/0x4e0
[ 68.550001][ T5105] should_failslab+0x9/0x20
[ 68.554563][ T5105] slab_pre_alloc_hook+0x59/0x2b0
[ 68.559651][ T5105] ? hfs_find_init+0x90/0x1f0
[ 68.564429][ T5105] __kmem_cache_alloc_node+0x4b/0x290
[ 68.569833][ T5105] ? hfs_find_init+0x90/0x1f0
[ 68.574525][ T5105] __kmalloc+0xa8/0x230
[ 68.578702][ T5105] hfs_find_init+0x90/0x1f0
[ 68.583347][ T5105] hfs_extend_file+0x31b/0x1440
[ 68.588261][ T5105] ? hfs_get_block+0xb60/0xb60
[ 68.593051][ T5105] ? find_lock_entries+0x1100/0x1100
[ 68.598389][ T5105] ? clean_bdev_aliases+0x7f9/0x920
[ 68.603619][ T5105] hfs_get_block+0x3e4/0xb60
[ 68.608255][ T5105] ? hfs_free_extents+0x420/0x420
[ 68.613342][ T5105] ? create_page_buffers+0x24e/0x4c0
[ 68.618654][ T5105] __block_write_begin_int+0x548/0x1a50
[ 68.624278][ T5105] ? hfs_free_extents+0x420/0x420
[ 68.629368][ T5105] ? page_zero_new_buffers+0x660/0x660
[ 68.634947][ T5105] ? PageHeadHuge+0xa5/0x1d0
[ 68.639576][ T5105] ? hfs_free_extents+0x420/0x420
[ 68.644662][ T5105] block_write_begin+0x9c/0x1f0
[ 68.649560][ T5105] ? cont_write_begin+0x626/0x880
[ 68.654629][ T5105] cont_write_begin+0x643/0x880
[ 68.659529][ T5105] ? fault_in_readable+0x1cc/0x350
[ 68.664665][ T5105] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 68.670609][ T5105] ? fault_in_readable+0x20d/0x350
[ 68.676036][ T5105] ? fault_in_safe_writeable+0x260/0x260
[ 68.681891][ T5105] hfs_write_begin+0x8a/0xd0
[ 68.686511][ T5105] ? hfs_free_extents+0x420/0x420
[ 68.691548][ T5105] generic_perform_write+0x300/0x5e0
[ 68.696858][ T5105] ? generic_file_direct_write+0x460/0x460
[ 68.702701][ T5105] ? __file_remove_privs+0x640/0x640
[ 68.708094][ T5105] ? generic_write_checks+0x160/0x1c0
[ 68.713529][ T5105] __generic_file_write_iter+0x17a/0x400
[ 68.719332][ T5105] generic_file_write_iter+0xaf/0x310
[ 68.724767][ T5105] vfs_write+0x7b2/0xbb0
[ 68.729047][ T5105] ? file_end_write+0x250/0x250
[ 68.733943][ T5105] ? lockdep_hardirqs_on+0x98/0x140
[ 68.739174][ T5105] ? __fdget_pos+0x265/0x2f0
[ 68.743800][ T5105] ksys_write+0x1a0/0x2c0
[ 68.748192][ T5105] ? __ia32_sys_read+0x90/0x90
[ 68.753019][ T5105] ? syscall_enter_from_user_mode+0x32/0x260
[ 68.759014][ T5105] ? syscall_enter_from_user_mode+0x8c/0x260
[ 68.765018][ T5105] do_syscall_64+0x41/0xc0
[ 68.769483][ T5105] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.775420][ T5105] RIP: 0033:0x7f37076379e9
[ 68.779844][ T5105] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5105] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5105] exit_group(0) = ?
[pid 5105] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./30/binderfs") = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
[ 68.799475][ T5105] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 68.807921][ T5105] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 68.815924][ T5105] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 68.823923][ T5105] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 68.831917][ T5105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 68.839921][ T5105] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 000000000000001e
[ 68.847942][ T5105]
rmdir("./30/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5106
./strace-static-x86_64: Process 5106 attached
[pid 5106] chdir("./31") = 0
[pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5106] setpgid(0, 0) = 0
[pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5106] write(3, "1000", 4) = 4
[pid 5106] close(3) = 0
[pid 5106] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5106] memfd_create("syzkaller", 0) = 3
[pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5106] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5106] close(3) = 0
[pid 5106] mkdir("./file0", 0777) = 0
[pid 5106] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5106] chdir("./file0") = 0
[pid 5106] ioctl(4, LOOP_CLR_FD) = 0
[pid 5106] close(4) = 0
[pid 5106] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5106] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5106] write(5, "9", 1) = 1
[ 68.914448][ T5106] loop0: detected capacity change from 0 to 64
[ 68.941794][ T5106] FAULT_INJECTION: forcing a failure.
[ 68.941794][ T5106] name failslab, interval 1, probability 0, space 0, times 0
[ 68.954625][ T5106] CPU: 0 PID: 5106 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 68.965095][ T5106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 68.975181][ T5106] Call Trace:
[ 68.978502][ T5106]
[ 68.981463][ T5106] dump_stack_lvl+0x1e7/0x2d0
[ 68.986181][ T5106] ? nf_tcp_handle_invalid+0x650/0x650
[ 68.991672][ T5106] ? panic+0x770/0x770
[ 68.995805][ T5106] ? rcu_is_watching+0x15/0xb0
[ 69.000606][ T5106] ? trace_contention_end+0x3c/0xf0
[ 69.005842][ T5106] should_fail_ex+0x3aa/0x4e0
[ 69.010556][ T5106] should_failslab+0x9/0x20
[ 69.015099][ T5106] slab_pre_alloc_hook+0x59/0x2b0
[ 69.020148][ T5106] ? hfs_find_init+0x90/0x1f0
[ 69.024840][ T5106] __kmem_cache_alloc_node+0x4b/0x290
[ 69.030253][ T5106] ? hfs_find_init+0x90/0x1f0
[ 69.034951][ T5106] __kmalloc+0xa8/0x230
[ 69.039141][ T5106] hfs_find_init+0x90/0x1f0
[ 69.043675][ T5106] hfs_extend_file+0x31b/0x1440
[ 69.048547][ T5106] ? hfs_get_block+0xb60/0xb60
[ 69.053340][ T5106] ? find_lock_entries+0x1100/0x1100
[ 69.058666][ T5106] ? clean_bdev_aliases+0x7f9/0x920
[ 69.063881][ T5106] hfs_get_block+0x3e4/0xb60
[ 69.068493][ T5106] ? hfs_free_extents+0x420/0x420
[ 69.073535][ T5106] ? create_page_buffers+0x24e/0x4c0
[ 69.078853][ T5106] __block_write_begin_int+0x548/0x1a50
[ 69.084473][ T5106] ? hfs_free_extents+0x420/0x420
[ 69.089526][ T5106] ? page_zero_new_buffers+0x660/0x660
[ 69.095002][ T5106] ? PageHeadHuge+0xa5/0x1d0
[ 69.099627][ T5106] ? hfs_free_extents+0x420/0x420
[ 69.104674][ T5106] block_write_begin+0x9c/0x1f0
[ 69.109565][ T5106] ? cont_write_begin+0x626/0x880
[ 69.114624][ T5106] cont_write_begin+0x643/0x880
[ 69.119519][ T5106] ? fault_in_readable+0x1cc/0x350
[ 69.124649][ T5106] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 69.130586][ T5106] ? fault_in_readable+0x20d/0x350
[ 69.135707][ T5106] ? fault_in_safe_writeable+0x260/0x260
[ 69.141366][ T5106] hfs_write_begin+0x8a/0xd0
[ 69.145974][ T5106] ? hfs_free_extents+0x420/0x420
[ 69.151032][ T5106] generic_perform_write+0x300/0x5e0
[ 69.156338][ T5106] ? generic_file_direct_write+0x460/0x460
[ 69.162157][ T5106] ? __file_remove_privs+0x640/0x640
[ 69.167466][ T5106] ? generic_write_checks+0x160/0x1c0
[ 69.172869][ T5106] __generic_file_write_iter+0x17a/0x400
[ 69.178521][ T5106] generic_file_write_iter+0xaf/0x310
[ 69.183906][ T5106] vfs_write+0x7b2/0xbb0
[ 69.188168][ T5106] ? file_end_write+0x250/0x250
[ 69.193062][ T5106] ? lockdep_hardirqs_on+0x98/0x140
[ 69.198291][ T5106] ? __fdget_pos+0x265/0x2f0
[ 69.202896][ T5106] ksys_write+0x1a0/0x2c0
[ 69.207776][ T5106] ? __ia32_sys_read+0x90/0x90
[ 69.212555][ T5106] ? syscall_enter_from_user_mode+0x32/0x260
[ 69.218548][ T5106] ? syscall_enter_from_user_mode+0x8c/0x260
[ 69.224554][ T5106] do_syscall_64+0x41/0xc0
[ 69.229030][ T5106] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.235001][ T5106] RIP: 0033:0x7f37076379e9
[ 69.239423][ T5106] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5106] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5106] exit_group(0) = ?
[pid 5106] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./31/binderfs") = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 69.259123][ T5106] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 69.267652][ T5106] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 69.275638][ T5106] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 69.283631][ T5106] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 69.291623][ T5106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 69.299630][ T5106] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 000000000000001f
[ 69.307652][ T5106]
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5107
./strace-static-x86_64: Process 5107 attached
[pid 5107] chdir("./32") = 0
[pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5107] setpgid(0, 0) = 0
[pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5107] write(3, "1000", 4) = 4
[pid 5107] close(3) = 0
[pid 5107] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5107] memfd_create("syzkaller", 0) = 3
[pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5107] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5107] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5107] close(3) = 0
[pid 5107] mkdir("./file0", 0777) = 0
[pid 5107] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5107] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5107] chdir("./file0") = 0
[pid 5107] ioctl(4, LOOP_CLR_FD) = 0
[pid 5107] close(4) = 0
[pid 5107] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5107] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5107] write(5, "9", 1) = 1
[ 69.378043][ T5107] loop0: detected capacity change from 0 to 64
[ 69.410960][ T5107] FAULT_INJECTION: forcing a failure.
[ 69.410960][ T5107] name failslab, interval 1, probability 0, space 0, times 0
[ 69.424154][ T5107] CPU: 1 PID: 5107 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 69.434611][ T5107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 69.444680][ T5107] Call Trace:
[ 69.447977][ T5107]
[ 69.450917][ T5107] dump_stack_lvl+0x1e7/0x2d0
[ 69.455626][ T5107] ? nf_tcp_handle_invalid+0x650/0x650
[ 69.461120][ T5107] ? panic+0x770/0x770
[ 69.465213][ T5107] ? rcu_is_watching+0x15/0xb0
[ 69.469992][ T5107] ? trace_contention_end+0x3c/0xf0
[ 69.475234][ T5107] should_fail_ex+0x3aa/0x4e0
[ 69.479962][ T5107] should_failslab+0x9/0x20
[ 69.484493][ T5107] slab_pre_alloc_hook+0x59/0x2b0
[ 69.489866][ T5107] ? hfs_find_init+0x90/0x1f0
[ 69.494645][ T5107] __kmem_cache_alloc_node+0x4b/0x290
[ 69.500034][ T5107] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 69.505872][ T5107] ? hfs_find_init+0x90/0x1f0
[ 69.510564][ T5107] __kmalloc+0xa8/0x230
[ 69.514755][ T5107] hfs_find_init+0x90/0x1f0
[ 69.519275][ T5107] hfs_extend_file+0x31b/0x1440
[ 69.524146][ T5107] ? hfs_get_block+0xb60/0xb60
[ 69.528949][ T5107] ? lru_cache_disable+0x30/0x30
[ 69.533901][ T5107] ? __might_sleep+0xc0/0xc0
[ 69.538543][ T5107] ? clean_bdev_aliases+0x80a/0x920
[ 69.543779][ T5107] hfs_get_block+0x3e4/0xb60
[ 69.548408][ T5107] ? hfs_free_extents+0x420/0x420
[ 69.553460][ T5107] ? create_page_buffers+0x24e/0x4c0
[ 69.558787][ T5107] __block_write_begin_int+0x548/0x1a50
[ 69.564401][ T5107] ? hfs_free_extents+0x420/0x420
[ 69.569453][ T5107] ? page_zero_new_buffers+0x660/0x660
[ 69.574942][ T5107] ? PageHeadHuge+0xa5/0x1d0
[ 69.579554][ T5107] ? hfs_free_extents+0x420/0x420
[ 69.584592][ T5107] block_write_begin+0x9c/0x1f0
[ 69.589464][ T5107] ? cont_write_begin+0x626/0x880
[ 69.594515][ T5107] cont_write_begin+0x643/0x880
[ 69.599394][ T5107] ? fault_in_readable+0x1cc/0x350
[ 69.604528][ T5107] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 69.610533][ T5107] ? fault_in_readable+0x20d/0x350
[ 69.615699][ T5107] ? fault_in_safe_writeable+0x260/0x260
[ 69.621351][ T5107] hfs_write_begin+0x8a/0xd0
[ 69.625962][ T5107] ? hfs_free_extents+0x420/0x420
[ 69.631009][ T5107] generic_perform_write+0x300/0x5e0
[ 69.636328][ T5107] ? generic_file_direct_write+0x460/0x460
[ 69.642151][ T5107] ? __file_remove_privs+0x640/0x640
[ 69.647453][ T5107] ? generic_write_checks+0x160/0x1c0
[ 69.652840][ T5107] __generic_file_write_iter+0x17a/0x400
[ 69.658493][ T5107] generic_file_write_iter+0xaf/0x310
[ 69.663890][ T5107] vfs_write+0x7b2/0xbb0
[ 69.668161][ T5107] ? file_end_write+0x250/0x250
[ 69.673064][ T5107] ? lockdep_hardirqs_on+0x98/0x140
[ 69.678277][ T5107] ? __fdget_pos+0x265/0x2f0
[ 69.682889][ T5107] ksys_write+0x1a0/0x2c0
[ 69.687245][ T5107] ? __ia32_sys_read+0x90/0x90
[ 69.692033][ T5107] ? syscall_enter_from_user_mode+0x32/0x260
[ 69.698041][ T5107] ? syscall_enter_from_user_mode+0x8c/0x260
[ 69.704037][ T5107] do_syscall_64+0x41/0xc0
[ 69.708478][ T5107] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.714388][ T5107] RIP: 0033:0x7f37076379e9
[ 69.719162][ T5107] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 69.738782][ T5107] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 69.747208][ T5107] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 69.755187][ T5107] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 69.763166][ T5107] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 69.771151][ T5107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5107] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5107] exit_group(0) = ?
[pid 5107] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5107, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./32/binderfs") = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5108
./strace-static-x86_64: Process 5108 attached
[pid 5108] chdir("./33") = 0
[pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5108] setpgid(0, 0) = 0
[pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5108] write(3, "1000", 4) = 4
[pid 5108] close(3) = 0
[pid 5108] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5108] memfd_create("syzkaller", 0) = 3
[pid 5108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5108] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 69.779135][ T5107] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000020
[ 69.787139][ T5107]
[pid 5108] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5108] close(3) = 0
[pid 5108] mkdir("./file0", 0777) = 0
[pid 5108] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5108] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5108] chdir("./file0") = 0
[pid 5108] ioctl(4, LOOP_CLR_FD) = 0
[pid 5108] close(4) = 0
[pid 5108] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5108] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5108] write(5, "9", 1) = 1
[ 69.832632][ T5108] loop0: detected capacity change from 0 to 64
[ 69.856694][ T5108] FAULT_INJECTION: forcing a failure.
[ 69.856694][ T5108] name failslab, interval 1, probability 0, space 0, times 0
[ 69.870216][ T5108] CPU: 0 PID: 5108 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 69.880744][ T5108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 69.890823][ T5108] Call Trace:
[ 69.894114][ T5108]
[ 69.897060][ T5108] dump_stack_lvl+0x1e7/0x2d0
[ 69.901769][ T5108] ? nf_tcp_handle_invalid+0x650/0x650
[ 69.907250][ T5108] ? panic+0x770/0x770
[ 69.911340][ T5108] ? rcu_is_watching+0x15/0xb0
[ 69.916115][ T5108] ? trace_contention_end+0x3c/0xf0
[ 69.921331][ T5108] should_fail_ex+0x3aa/0x4e0
[ 69.926134][ T5108] should_failslab+0x9/0x20
[ 69.930662][ T5108] slab_pre_alloc_hook+0x59/0x2b0
[ 69.935792][ T5108] ? hfs_find_init+0x90/0x1f0
[ 69.940501][ T5108] __kmem_cache_alloc_node+0x4b/0x290
[ 69.945901][ T5108] ? hfs_find_init+0x90/0x1f0
[ 69.950628][ T5108] __kmalloc+0xa8/0x230
[ 69.954840][ T5108] hfs_find_init+0x90/0x1f0
[ 69.959400][ T5108] hfs_extend_file+0x31b/0x1440
[ 69.964280][ T5108] ? hfs_get_block+0xb60/0xb60
[ 69.969071][ T5108] ? find_lock_entries+0x1100/0x1100
[ 69.974498][ T5108] ? clean_bdev_aliases+0x7f9/0x920
[ 69.979753][ T5108] hfs_get_block+0x3e4/0xb60
[ 69.984369][ T5108] ? hfs_free_extents+0x420/0x420
[ 69.989425][ T5108] ? create_page_buffers+0x24e/0x4c0
[ 69.994747][ T5108] __block_write_begin_int+0x548/0x1a50
[ 70.000339][ T5108] ? hfs_free_extents+0x420/0x420
[ 70.005390][ T5108] ? page_zero_new_buffers+0x660/0x660
[ 70.010866][ T5108] ? PageHeadHuge+0xa5/0x1d0
[ 70.015484][ T5108] ? hfs_free_extents+0x420/0x420
[ 70.020531][ T5108] block_write_begin+0x9c/0x1f0
[ 70.025433][ T5108] ? cont_write_begin+0x626/0x880
[ 70.030582][ T5108] cont_write_begin+0x643/0x880
[ 70.035481][ T5108] ? fault_in_readable+0x1cc/0x350
[ 70.040640][ T5108] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 70.046594][ T5108] ? fault_in_readable+0x20d/0x350
[ 70.051743][ T5108] ? fault_in_safe_writeable+0x260/0x260
[ 70.057403][ T5108] hfs_write_begin+0x8a/0xd0
[ 70.062029][ T5108] ? hfs_free_extents+0x420/0x420
[ 70.067060][ T5108] generic_perform_write+0x300/0x5e0
[ 70.072366][ T5108] ? generic_file_direct_write+0x460/0x460
[ 70.078388][ T5108] ? __file_remove_privs+0x640/0x640
[ 70.083710][ T5108] ? generic_write_checks+0x160/0x1c0
[ 70.089091][ T5108] __generic_file_write_iter+0x17a/0x400
[ 70.094823][ T5108] generic_file_write_iter+0xaf/0x310
[ 70.100200][ T5108] vfs_write+0x7b2/0xbb0
[ 70.104455][ T5108] ? file_end_write+0x250/0x250
[ 70.109342][ T5108] ? lockdep_hardirqs_on+0x98/0x140
[ 70.114556][ T5108] ? __fdget_pos+0x265/0x2f0
[ 70.119423][ T5108] ksys_write+0x1a0/0x2c0
[ 70.123771][ T5108] ? __ia32_sys_read+0x90/0x90
[ 70.128559][ T5108] ? syscall_enter_from_user_mode+0x32/0x260
[ 70.134557][ T5108] ? syscall_enter_from_user_mode+0x8c/0x260
[ 70.140546][ T5108] do_syscall_64+0x41/0xc0
[ 70.144984][ T5108] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.150899][ T5108] RIP: 0033:0x7f37076379e9
[ 70.155315][ T5108] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 70.174926][ T5108] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5108] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5108] exit_group(0) = ?
[pid 5108] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./33/binderfs") = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
[ 70.183363][ T5108] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 70.191338][ T5108] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 70.199318][ T5108] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 70.207376][ T5108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 70.215359][ T5108] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000021
[ 70.223431][ T5108]
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5109
./strace-static-x86_64: Process 5109 attached
[pid 5109] chdir("./34") = 0
[pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5109] setpgid(0, 0) = 0
[pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5109] write(3, "1000", 4) = 4
[pid 5109] close(3) = 0
[pid 5109] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5109] memfd_create("syzkaller", 0) = 3
[pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5109] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5109] close(3) = 0
[pid 5109] mkdir("./file0", 0777) = 0
[pid 5109] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5109] chdir("./file0") = 0
[pid 5109] ioctl(4, LOOP_CLR_FD) = 0
[pid 5109] close(4) = 0
[pid 5109] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5109] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5109] write(5, "9", 1) = 1
[pid 5109] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5109] exit_group(0) = ?
[pid 5109] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./34/binderfs") = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 70.294252][ T5109] loop0: detected capacity change from 0 to 64
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5110
./strace-static-x86_64: Process 5110 attached
[pid 5110] chdir("./35") = 0
[pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5110] setpgid(0, 0) = 0
[pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5110] write(3, "1000", 4) = 4
[pid 5110] close(3) = 0
[pid 5110] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5110] memfd_create("syzkaller", 0) = 3
[pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5110] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5110] close(3) = 0
[pid 5110] mkdir("./file0", 0777) = 0
[pid 5110] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5110] chdir("./file0") = 0
[pid 5110] ioctl(4, LOOP_CLR_FD) = 0
[pid 5110] close(4) = 0
[pid 5110] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5110] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5110] write(5, "9", 1) = 1
[ 70.363811][ T5110] loop0: detected capacity change from 0 to 64
[ 70.391087][ T5110] FAULT_INJECTION: forcing a failure.
[ 70.391087][ T5110] name failslab, interval 1, probability 0, space 0, times 0
[ 70.403974][ T5110] CPU: 1 PID: 5110 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 70.414431][ T5110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 70.424518][ T5110] Call Trace:
[ 70.427937][ T5110]
[ 70.430966][ T5110] dump_stack_lvl+0x1e7/0x2d0
[ 70.435726][ T5110] ? nf_tcp_handle_invalid+0x650/0x650
[ 70.441233][ T5110] ? panic+0x770/0x770
[ 70.445330][ T5110] ? rcu_is_watching+0x15/0xb0
[ 70.450114][ T5110] ? trace_contention_end+0x3c/0xf0
[ 70.455346][ T5110] should_fail_ex+0x3aa/0x4e0
[ 70.460075][ T5110] should_failslab+0x9/0x20
[ 70.464591][ T5110] slab_pre_alloc_hook+0x59/0x2b0
[ 70.469642][ T5110] ? hfs_find_init+0x90/0x1f0
[ 70.474677][ T5110] __kmem_cache_alloc_node+0x4b/0x290
[ 70.480087][ T5110] ? hfs_find_init+0x90/0x1f0
[ 70.484791][ T5110] __kmalloc+0xa8/0x230
[ 70.488978][ T5110] hfs_find_init+0x90/0x1f0
[ 70.493512][ T5110] hfs_extend_file+0x31b/0x1440
[ 70.498400][ T5110] ? hfs_get_block+0xb60/0xb60
[ 70.505015][ T5110] ? find_lock_entries+0x1100/0x1100
[ 70.510691][ T5110] ? clean_bdev_aliases+0x7f9/0x920
[ 70.515930][ T5110] hfs_get_block+0x3e4/0xb60
[ 70.520596][ T5110] ? hfs_free_extents+0x420/0x420
[ 70.525655][ T5110] ? create_page_buffers+0x24e/0x4c0
[ 70.530994][ T5110] __block_write_begin_int+0x548/0x1a50
[ 70.536581][ T5110] ? hfs_free_extents+0x420/0x420
[ 70.541625][ T5110] ? page_zero_new_buffers+0x660/0x660
[ 70.547146][ T5110] ? PageHeadHuge+0xa5/0x1d0
[ 70.551768][ T5110] ? hfs_free_extents+0x420/0x420
[ 70.556817][ T5110] block_write_begin+0x9c/0x1f0
[ 70.561691][ T5110] ? cont_write_begin+0x626/0x880
[ 70.566757][ T5110] cont_write_begin+0x643/0x880
[ 70.571636][ T5110] ? fault_in_readable+0x1cc/0x350
[ 70.576762][ T5110] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 70.582689][ T5110] ? fault_in_readable+0x20d/0x350
[ 70.587871][ T5110] ? fault_in_safe_writeable+0x260/0x260
[ 70.593557][ T5110] hfs_write_begin+0x8a/0xd0
[ 70.598188][ T5110] ? hfs_free_extents+0x420/0x420
[ 70.603349][ T5110] generic_perform_write+0x300/0x5e0
[ 70.608674][ T5110] ? generic_file_direct_write+0x460/0x460
[ 70.614519][ T5110] ? __file_remove_privs+0x640/0x640
[ 70.619853][ T5110] ? generic_write_checks+0x160/0x1c0
[ 70.625287][ T5110] __generic_file_write_iter+0x17a/0x400
[ 70.630999][ T5110] generic_file_write_iter+0xaf/0x310
[ 70.636415][ T5110] vfs_write+0x7b2/0xbb0
[ 70.640687][ T5110] ? file_end_write+0x250/0x250
[ 70.645599][ T5110] ? lockdep_hardirqs_on+0x98/0x140
[ 70.650818][ T5110] ? __fdget_pos+0x265/0x2f0
[ 70.655435][ T5110] ksys_write+0x1a0/0x2c0
[ 70.659846][ T5110] ? __ia32_sys_read+0x90/0x90
[ 70.664645][ T5110] ? syscall_enter_from_user_mode+0x32/0x260
[ 70.670656][ T5110] ? syscall_enter_from_user_mode+0x8c/0x260
[ 70.676688][ T5110] do_syscall_64+0x41/0xc0
[ 70.681194][ T5110] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.687159][ T5110] RIP: 0033:0x7f37076379e9
[ 70.691620][ T5110] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5110] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5110] exit_group(0) = ?
[pid 5110] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./35/binderfs") = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
[ 70.711272][ T5110] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 70.719706][ T5110] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 70.727713][ T5110] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 70.735810][ T5110] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 70.743815][ T5110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 70.751830][ T5110] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000023
[ 70.759846][ T5110]
close(4) = 0
rmdir("./35/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5111
./strace-static-x86_64: Process 5111 attached
[pid 5111] chdir("./36") = 0
[pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5111] setpgid(0, 0) = 0
[pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5111] write(3, "1000", 4) = 4
[pid 5111] close(3) = 0
[pid 5111] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5111] memfd_create("syzkaller", 0) = 3
[pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5111] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5111] close(3) = 0
[pid 5111] mkdir("./file0", 0777) = 0
[pid 5111] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5111] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5111] chdir("./file0") = 0
[pid 5111] ioctl(4, LOOP_CLR_FD) = 0
[pid 5111] close(4) = 0
[pid 5111] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5111] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5111] write(5, "9", 1) = 1
[ 70.850478][ T5111] loop0: detected capacity change from 0 to 64
[ 70.873391][ T5111] FAULT_INJECTION: forcing a failure.
[ 70.873391][ T5111] name failslab, interval 1, probability 0, space 0, times 0
[ 70.888660][ T5111] CPU: 0 PID: 5111 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 70.899119][ T5111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 70.909533][ T5111] Call Trace:
[ 70.912878][ T5111]
[ 70.915840][ T5111] dump_stack_lvl+0x1e7/0x2d0
[ 70.920548][ T5111] ? nf_tcp_handle_invalid+0x650/0x650
[ 70.926039][ T5111] ? panic+0x770/0x770
[ 70.930138][ T5111] ? rcu_is_watching+0x15/0xb0
[ 70.935003][ T5111] ? trace_contention_end+0x3c/0xf0
[ 70.940222][ T5111] should_fail_ex+0x3aa/0x4e0
[ 70.944924][ T5111] should_failslab+0x9/0x20
[ 70.949444][ T5111] slab_pre_alloc_hook+0x59/0x2b0
[ 70.954503][ T5111] ? hfs_find_init+0x90/0x1f0
[ 70.959292][ T5111] __kmem_cache_alloc_node+0x4b/0x290
[ 70.964700][ T5111] ? hfs_find_init+0x90/0x1f0
[ 70.969758][ T5111] __kmalloc+0xa8/0x230
[ 70.973947][ T5111] hfs_find_init+0x90/0x1f0
[ 70.978465][ T5111] hfs_extend_file+0x31b/0x1440
[ 70.983356][ T5111] ? hfs_get_block+0xb60/0xb60
[ 70.988237][ T5111] ? find_lock_entries+0x1100/0x1100
[ 70.993550][ T5111] ? clean_bdev_aliases+0x7f9/0x920
[ 70.999039][ T5111] hfs_get_block+0x3e4/0xb60
[ 71.003672][ T5111] ? hfs_free_extents+0x420/0x420
[ 71.008723][ T5111] ? create_page_buffers+0x24e/0x4c0
[ 71.014036][ T5111] __block_write_begin_int+0x548/0x1a50
[ 71.019790][ T5111] ? hfs_free_extents+0x420/0x420
[ 71.024855][ T5111] ? page_zero_new_buffers+0x660/0x660
[ 71.030335][ T5111] ? PageHeadHuge+0xa5/0x1d0
[ 71.034981][ T5111] ? hfs_free_extents+0x420/0x420
[ 71.040021][ T5111] block_write_begin+0x9c/0x1f0
[ 71.044894][ T5111] ? cont_write_begin+0x626/0x880
[ 71.049946][ T5111] cont_write_begin+0x643/0x880
[ 71.054838][ T5111] ? fault_in_readable+0x1cc/0x350
[ 71.059964][ T5111] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 71.066313][ T5111] ? fault_in_readable+0x20d/0x350
[ 71.071437][ T5111] ? fault_in_safe_writeable+0x260/0x260
[ 71.077090][ T5111] hfs_write_begin+0x8a/0xd0
[ 71.081692][ T5111] ? hfs_free_extents+0x420/0x420
[ 71.087011][ T5111] generic_perform_write+0x300/0x5e0
[ 71.092322][ T5111] ? generic_file_direct_write+0x460/0x460
[ 71.098155][ T5111] ? __file_remove_privs+0x640/0x640
[ 71.103481][ T5111] ? generic_write_checks+0x160/0x1c0
[ 71.108871][ T5111] __generic_file_write_iter+0x17a/0x400
[ 71.114526][ T5111] generic_file_write_iter+0xaf/0x310
[ 71.119916][ T5111] vfs_write+0x7b2/0xbb0
[ 71.124189][ T5111] ? file_end_write+0x250/0x250
[ 71.129065][ T5111] ? lockdep_hardirqs_on+0x98/0x140
[ 71.134285][ T5111] ? __fdget_pos+0x265/0x2f0
[ 71.138922][ T5111] ksys_write+0x1a0/0x2c0
[ 71.143282][ T5111] ? __ia32_sys_read+0x90/0x90
[ 71.148068][ T5111] ? syscall_enter_from_user_mode+0x32/0x260
[ 71.154066][ T5111] ? syscall_enter_from_user_mode+0x8c/0x260
[ 71.160061][ T5111] do_syscall_64+0x41/0xc0
[ 71.164500][ T5111] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.170426][ T5111] RIP: 0033:0x7f37076379e9
[ 71.174943][ T5111] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5111] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5111] exit_group(0) = ?
[pid 5111] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5111, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./36/binderfs") = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/file0") = 0
[ 71.194563][ T5111] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 71.202995][ T5111] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 71.210983][ T5111] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 71.218967][ T5111] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 71.227041][ T5111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 71.235025][ T5111] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000024
[ 71.243026][ T5111]
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5112 attached
[pid 5112] chdir("./37") = 0
[pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5112] setpgid(0, 0) = 0
[pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC
[pid 5073] <... clone resumed>, child_tidptr=0x55555663f5d0) = 5112
[pid 5112] <... openat resumed>) = 3
[pid 5112] write(3, "1000", 4) = 4
[pid 5112] close(3) = 0
[pid 5112] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5112] memfd_create("syzkaller", 0) = 3
[pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5112] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5112] close(3) = 0
[pid 5112] mkdir("./file0", 0777) = 0
[pid 5112] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5112] chdir("./file0") = 0
[pid 5112] ioctl(4, LOOP_CLR_FD) = 0
[pid 5112] close(4) = 0
[pid 5112] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5112] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5112] write(5, "9", 1) = 1
[pid 5112] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5112] exit_group(0) = ?
[pid 5112] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./37/binderfs") = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 71.311249][ T5112] loop0: detected capacity change from 0 to 64
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5113
./strace-static-x86_64: Process 5113 attached
[pid 5113] chdir("./38") = 0
[pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5113] setpgid(0, 0) = 0
[pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5113] write(3, "1000", 4) = 4
[pid 5113] close(3) = 0
[pid 5113] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5113] memfd_create("syzkaller", 0) = 3
[pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5113] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5113] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5113] close(3) = 0
[pid 5113] mkdir("./file0", 0777) = 0
[pid 5113] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5113] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5113] chdir("./file0") = 0
[pid 5113] ioctl(4, LOOP_CLR_FD) = 0
[pid 5113] close(4) = 0
[pid 5113] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5113] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5113] write(5, "9", 1) = 1
[ 71.417866][ T5113] loop0: detected capacity change from 0 to 64
[ 71.450998][ T5113] FAULT_INJECTION: forcing a failure.
[ 71.450998][ T5113] name failslab, interval 1, probability 0, space 0, times 0
[ 71.463785][ T5113] CPU: 0 PID: 5113 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 71.474255][ T5113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 71.484330][ T5113] Call Trace:
[ 71.487625][ T5113]
[ 71.490621][ T5113] dump_stack_lvl+0x1e7/0x2d0
[ 71.495348][ T5113] ? nf_tcp_handle_invalid+0x650/0x650
[ 71.501121][ T5113] ? panic+0x770/0x770
[ 71.505240][ T5113] ? rcu_is_watching+0x15/0xb0
[ 71.510285][ T5113] ? trace_contention_end+0x3c/0xf0
[ 71.515540][ T5113] should_fail_ex+0x3aa/0x4e0
[ 71.520256][ T5113] should_failslab+0x9/0x20
[ 71.524821][ T5113] slab_pre_alloc_hook+0x59/0x2b0
[ 71.529902][ T5113] ? hfs_find_init+0x90/0x1f0
[ 71.534610][ T5113] __kmem_cache_alloc_node+0x4b/0x290
[ 71.540092][ T5113] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 71.546180][ T5113] ? hfs_find_init+0x90/0x1f0
[ 71.550886][ T5113] __kmalloc+0xa8/0x230
[ 71.555097][ T5113] hfs_find_init+0x90/0x1f0
[ 71.559645][ T5113] hfs_extend_file+0x31b/0x1440
[ 71.564549][ T5113] ? hfs_get_block+0xb60/0xb60
[ 71.569332][ T5113] ? lru_cache_disable+0x30/0x30
[ 71.574288][ T5113] ? __might_sleep+0xc0/0xc0
[ 71.578913][ T5113] ? clean_bdev_aliases+0x80a/0x920
[ 71.584137][ T5113] hfs_get_block+0x3e4/0xb60
[ 71.588771][ T5113] ? hfs_free_extents+0x420/0x420
[ 71.593821][ T5113] ? create_page_buffers+0x24e/0x4c0
[ 71.599222][ T5113] __block_write_begin_int+0x548/0x1a50
[ 71.604899][ T5113] ? hfs_free_extents+0x420/0x420
[ 71.609940][ T5113] ? page_zero_new_buffers+0x660/0x660
[ 71.615419][ T5113] ? PageHeadHuge+0xa5/0x1d0
[ 71.620033][ T5113] ? hfs_free_extents+0x420/0x420
[ 71.625071][ T5113] block_write_begin+0x9c/0x1f0
[ 71.630030][ T5113] ? cont_write_begin+0x626/0x880
[ 71.635079][ T5113] cont_write_begin+0x643/0x880
[ 71.639961][ T5113] ? fault_in_readable+0x1cc/0x350
[ 71.645087][ T5113] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 71.651000][ T5113] ? fault_in_readable+0x20d/0x350
[ 71.656128][ T5113] ? fault_in_safe_writeable+0x260/0x260
[ 71.661786][ T5113] hfs_write_begin+0x8a/0xd0
[ 71.666395][ T5113] ? hfs_free_extents+0x420/0x420
[ 71.671450][ T5113] generic_perform_write+0x300/0x5e0
[ 71.676769][ T5113] ? generic_file_direct_write+0x460/0x460
[ 71.682596][ T5113] ? __file_remove_privs+0x640/0x640
[ 71.687900][ T5113] ? generic_write_checks+0x160/0x1c0
[ 71.693291][ T5113] __generic_file_write_iter+0x17a/0x400
[ 71.698968][ T5113] generic_file_write_iter+0xaf/0x310
[ 71.704359][ T5113] vfs_write+0x7b2/0xbb0
[ 71.708633][ T5113] ? file_end_write+0x250/0x250
[ 71.713529][ T5113] ? lockdep_hardirqs_on+0x98/0x140
[ 71.718844][ T5113] ? __fdget_pos+0x265/0x2f0
[ 71.723462][ T5113] ksys_write+0x1a0/0x2c0
[ 71.727924][ T5113] ? __ia32_sys_read+0x90/0x90
[ 71.732709][ T5113] ? syscall_enter_from_user_mode+0x32/0x260
[ 71.738709][ T5113] ? syscall_enter_from_user_mode+0x8c/0x260
[ 71.744712][ T5113] do_syscall_64+0x41/0xc0
[ 71.749155][ T5113] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 71.755066][ T5113] RIP: 0033:0x7f37076379e9
[ 71.759497][ T5113] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 71.779222][ T5113] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 71.787924][ T5113] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 71.795912][ T5113] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 71.803923][ T5113] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[pid 5113] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5113] exit_group(0) = ?
[pid 5113] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./38/binderfs") = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 71.812138][ T5113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 71.820414][ T5113] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000026
[ 71.828502][ T5113]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5114
./strace-static-x86_64: Process 5114 attached
[pid 5114] chdir("./39") = 0
[pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5114] setpgid(0, 0) = 0
[pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5114] write(3, "1000", 4) = 4
[pid 5114] close(3) = 0
[pid 5114] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5114] memfd_create("syzkaller", 0) = 3
[pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5114] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5114] close(3) = 0
[pid 5114] mkdir("./file0", 0777) = 0
[pid 5114] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5114] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5114] chdir("./file0") = 0
[pid 5114] ioctl(4, LOOP_CLR_FD) = 0
[pid 5114] close(4) = 0
[pid 5114] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5114] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5114] write(5, "9", 1) = 1
[pid 5114] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5114] exit_group(0) = ?
[pid 5114] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./39/binderfs") = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5115
./strace-static-x86_64: Process 5115 attached
[pid 5115] chdir("./40") = 0
[pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5115] setpgid(0, 0) = 0
[pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5115] write(3, "1000", 4) = 4
[pid 5115] close(3) = 0
[pid 5115] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5115] memfd_create("syzkaller", 0) = 3
[pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5115] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 71.918157][ T5114] loop0: detected capacity change from 0 to 64
[pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5115] close(3) = 0
[pid 5115] mkdir("./file0", 0777) = 0
[pid 5115] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5115] chdir("./file0") = 0
[pid 5115] ioctl(4, LOOP_CLR_FD) = 0
[pid 5115] close(4) = 0
[pid 5115] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5115] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5115] write(5, "9", 1) = 1
[pid 5115] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5115] exit_group(0) = ?
[pid 5115] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./40/binderfs") = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5116
./strace-static-x86_64: Process 5116 attached
[pid 5116] chdir("./41") = 0
[pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5116] setpgid(0, 0) = 0
[pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5116] write(3, "1000", 4) = 4
[pid 5116] close(3) = 0
[pid 5116] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5116] memfd_create("syzkaller", 0) = 3
[pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[ 71.976150][ T5115] loop0: detected capacity change from 0 to 64
[pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5116] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5116] close(3) = 0
[pid 5116] mkdir("./file0", 0777) = 0
[pid 5116] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5116] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5116] chdir("./file0") = 0
[pid 5116] ioctl(4, LOOP_CLR_FD) = 0
[pid 5116] close(4) = 0
[pid 5116] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5116] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5116] write(5, "9", 1) = 1
[ 72.039045][ T5116] loop0: detected capacity change from 0 to 64
[ 72.041204][ T5075] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 72.073756][ T5116] FAULT_INJECTION: forcing a failure.
[ 72.073756][ T5116] name failslab, interval 1, probability 0, space 0, times 0
[ 72.086645][ T5116] CPU: 1 PID: 5116 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 72.097108][ T5116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 72.107220][ T5116] Call Trace:
[ 72.110588][ T5116]
[ 72.113560][ T5116] dump_stack_lvl+0x1e7/0x2d0
[ 72.118287][ T5116] ? nf_tcp_handle_invalid+0x650/0x650
[ 72.123776][ T5116] ? panic+0x770/0x770
[ 72.127873][ T5116] ? rcu_is_watching+0x15/0xb0
[ 72.133094][ T5116] ? trace_contention_end+0x3c/0xf0
[ 72.138314][ T5116] should_fail_ex+0x3aa/0x4e0
[ 72.143017][ T5116] should_failslab+0x9/0x20
[ 72.147542][ T5116] slab_pre_alloc_hook+0x59/0x2b0
[ 72.152604][ T5116] ? hfs_find_init+0x90/0x1f0
[ 72.157326][ T5116] __kmem_cache_alloc_node+0x4b/0x290
[ 72.162810][ T5116] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 72.168665][ T5116] ? hfs_find_init+0x90/0x1f0
[ 72.173455][ T5116] __kmalloc+0xa8/0x230
[ 72.177754][ T5116] hfs_find_init+0x90/0x1f0
[ 72.182274][ T5116] hfs_extend_file+0x31b/0x1440
[ 72.187148][ T5116] ? hfs_get_block+0xb60/0xb60
[ 72.191933][ T5116] ? lru_cache_disable+0x30/0x30
[ 72.196891][ T5116] ? __might_sleep+0xc0/0xc0
[ 72.201514][ T5116] ? clean_bdev_aliases+0x80a/0x920
[ 72.206741][ T5116] hfs_get_block+0x3e4/0xb60
[ 72.211361][ T5116] ? hfs_free_extents+0x420/0x420
[ 72.216498][ T5116] ? create_page_buffers+0x24e/0x4c0
[ 72.221820][ T5116] __block_write_begin_int+0x548/0x1a50
[ 72.227410][ T5116] ? hfs_free_extents+0x420/0x420
[ 72.232471][ T5116] ? page_zero_new_buffers+0x660/0x660
[ 72.237955][ T5116] ? PageHeadHuge+0xa5/0x1d0
[ 72.242594][ T5116] ? hfs_free_extents+0x420/0x420
[ 72.247636][ T5116] block_write_begin+0x9c/0x1f0
[ 72.252518][ T5116] ? cont_write_begin+0x626/0x880
[ 72.257565][ T5116] cont_write_begin+0x643/0x880
[ 72.262466][ T5116] ? fault_in_readable+0x1cc/0x350
[ 72.267599][ T5116] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 72.273531][ T5116] ? fault_in_readable+0x20d/0x350
[ 72.278660][ T5116] ? fault_in_safe_writeable+0x260/0x260
[ 72.284322][ T5116] hfs_write_begin+0x8a/0xd0
[ 72.288952][ T5116] ? hfs_free_extents+0x420/0x420
[ 72.293999][ T5116] generic_perform_write+0x300/0x5e0
[ 72.299311][ T5116] ? generic_file_direct_write+0x460/0x460
[ 72.305131][ T5116] ? __file_remove_privs+0x640/0x640
[ 72.310442][ T5116] ? generic_write_checks+0x160/0x1c0
[ 72.315831][ T5116] __generic_file_write_iter+0x17a/0x400
[ 72.321594][ T5116] generic_file_write_iter+0xaf/0x310
[ 72.326986][ T5116] vfs_write+0x7b2/0xbb0
[ 72.331250][ T5116] ? file_end_write+0x250/0x250
[ 72.336136][ T5116] ? lockdep_hardirqs_on+0x98/0x140
[ 72.341361][ T5116] ? __fdget_pos+0x265/0x2f0
[ 72.345978][ T5116] ksys_write+0x1a0/0x2c0
[ 72.350333][ T5116] ? __ia32_sys_read+0x90/0x90
[ 72.355147][ T5116] ? syscall_enter_from_user_mode+0x32/0x260
[ 72.361185][ T5116] ? syscall_enter_from_user_mode+0x8c/0x260
[ 72.367201][ T5116] do_syscall_64+0x41/0xc0
[ 72.371660][ T5116] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.377571][ T5116] RIP: 0033:0x7f37076379e9
[ 72.381996][ T5116] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 72.401800][ T5116] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 72.410234][ T5116] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 72.418219][ T5116] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 72.426205][ T5116] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[pid 5116] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5116] exit_group(0) = ?
[pid 5116] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./41/binderfs") = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5117
./strace-static-x86_64: Process 5117 attached
[pid 5117] chdir("./42") = 0
[pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5117] setpgid(0, 0) = 0
[pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5117] write(3, "1000", 4) = 4
[pid 5117] close(3) = 0
[pid 5117] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5117] memfd_create("syzkaller", 0) = 3
[pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5117] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 72.434206][ T5116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 72.442185][ T5116] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000029
[ 72.450200][ T5116]
[pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5117] close(3) = 0
[pid 5117] mkdir("./file0", 0777) = 0
[pid 5117] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5117] chdir("./file0") = 0
[pid 5117] ioctl(4, LOOP_CLR_FD) = 0
[pid 5117] close(4) = 0
[pid 5117] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5117] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5117] write(5, "9", 1) = 1
[ 72.498493][ T5117] loop0: detected capacity change from 0 to 64
[ 72.533439][ T5117] FAULT_INJECTION: forcing a failure.
[ 72.533439][ T5117] name failslab, interval 1, probability 0, space 0, times 0
[ 72.546465][ T5117] CPU: 1 PID: 5117 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 72.556930][ T5117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 72.567099][ T5117] Call Trace:
[ 72.570397][ T5117]
[ 72.573362][ T5117] dump_stack_lvl+0x1e7/0x2d0
[ 72.578107][ T5117] ? nf_tcp_handle_invalid+0x650/0x650
[ 72.583622][ T5117] ? panic+0x770/0x770
[ 72.587744][ T5117] ? rcu_is_watching+0x15/0xb0
[ 72.592528][ T5117] ? trace_contention_end+0x3c/0xf0
[ 72.597774][ T5117] should_fail_ex+0x3aa/0x4e0
[ 72.602492][ T5117] should_failslab+0x9/0x20
[ 72.607124][ T5117] slab_pre_alloc_hook+0x59/0x2b0
[ 72.612197][ T5117] ? hfs_find_init+0x90/0x1f0
[ 72.616908][ T5117] __kmem_cache_alloc_node+0x4b/0x290
[ 72.622351][ T5117] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 72.628202][ T5117] ? hfs_find_init+0x90/0x1f0
[ 72.632980][ T5117] __kmalloc+0xa8/0x230
[ 72.637155][ T5117] hfs_find_init+0x90/0x1f0
[ 72.641677][ T5117] hfs_extend_file+0x31b/0x1440
[ 72.646568][ T5117] ? hfs_get_block+0xb60/0xb60
[ 72.651359][ T5117] ? lru_cache_disable+0x30/0x30
[ 72.656332][ T5117] ? __might_sleep+0xc0/0xc0
[ 72.660985][ T5117] ? clean_bdev_aliases+0x80a/0x920
[ 72.666233][ T5117] hfs_get_block+0x3e4/0xb60
[ 72.670880][ T5117] ? hfs_free_extents+0x420/0x420
[ 72.675970][ T5117] ? create_page_buffers+0x24e/0x4c0
[ 72.681292][ T5117] __block_write_begin_int+0x548/0x1a50
[ 72.686905][ T5117] ? hfs_free_extents+0x420/0x420
[ 72.691961][ T5117] ? page_zero_new_buffers+0x660/0x660
[ 72.697441][ T5117] ? PageHeadHuge+0xa5/0x1d0
[ 72.702071][ T5117] ? hfs_free_extents+0x420/0x420
[ 72.707118][ T5117] block_write_begin+0x9c/0x1f0
[ 72.712078][ T5117] ? cont_write_begin+0x626/0x880
[ 72.717129][ T5117] cont_write_begin+0x643/0x880
[ 72.722042][ T5117] ? fault_in_readable+0x1cc/0x350
[ 72.727197][ T5117] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 72.733142][ T5117] ? fault_in_readable+0x20d/0x350
[ 72.738292][ T5117] ? fault_in_safe_writeable+0x260/0x260
[ 72.743957][ T5117] hfs_write_begin+0x8a/0xd0
[ 72.748575][ T5117] ? hfs_free_extents+0x420/0x420
[ 72.753643][ T5117] generic_perform_write+0x300/0x5e0
[ 72.758985][ T5117] ? generic_file_direct_write+0x460/0x460
[ 72.764820][ T5117] ? __file_remove_privs+0x640/0x640
[ 72.770145][ T5117] ? generic_write_checks+0x160/0x1c0
[ 72.775574][ T5117] __generic_file_write_iter+0x17a/0x400
[ 72.781275][ T5117] generic_file_write_iter+0xaf/0x310
[ 72.786751][ T5117] vfs_write+0x7b2/0xbb0
[ 72.791045][ T5117] ? file_end_write+0x250/0x250
[ 72.795964][ T5117] ? lockdep_hardirqs_on+0x98/0x140
[ 72.801214][ T5117] ? __fdget_pos+0x265/0x2f0
[ 72.805869][ T5117] ksys_write+0x1a0/0x2c0
[ 72.810412][ T5117] ? __ia32_sys_read+0x90/0x90
[ 72.815197][ T5117] ? syscall_enter_from_user_mode+0x32/0x260
[ 72.821210][ T5117] ? syscall_enter_from_user_mode+0x8c/0x260
[ 72.827403][ T5117] do_syscall_64+0x41/0xc0
[ 72.831843][ T5117] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 72.838987][ T5117] RIP: 0033:0x7f37076379e9
[ 72.843416][ T5117] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 72.863235][ T5117] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 72.871852][ T5117] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 72.879856][ T5117] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 72.887859][ T5117] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[pid 5117] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5117] exit_group(0) = ?
[pid 5117] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5117, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./42/binderfs") = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 72.895948][ T5117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 72.903978][ T5117] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 000000000000002a
[ 72.911996][ T5117]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5118
./strace-static-x86_64: Process 5118 attached
[pid 5118] chdir("./43") = 0
[pid 5118] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5118] setpgid(0, 0) = 0
[pid 5118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5118] write(3, "1000", 4) = 4
[pid 5118] close(3) = 0
[pid 5118] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5118] memfd_create("syzkaller", 0) = 3
[pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5118] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5118] close(3) = 0
[pid 5118] mkdir("./file0", 0777) = 0
[pid 5118] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5118] chdir("./file0") = 0
[pid 5118] ioctl(4, LOOP_CLR_FD) = 0
[pid 5118] close(4) = 0
[pid 5118] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5118] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5118] write(5, "9", 1) = 1
[pid 5118] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5118] exit_group(0) = ?
[pid 5118] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5118, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./43/binderfs") = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 72.978619][ T5118] loop0: detected capacity change from 0 to 64
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5119
./strace-static-x86_64: Process 5119 attached
[pid 5119] chdir("./44") = 0
[pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5119] setpgid(0, 0) = 0
[pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5119] write(3, "1000", 4) = 4
[pid 5119] close(3) = 0
[pid 5119] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5119] memfd_create("syzkaller", 0) = 3
[pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5119] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5119] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5119] close(3) = 0
[pid 5119] mkdir("./file0", 0777) = 0
[pid 5119] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5119] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5119] chdir("./file0") = 0
[pid 5119] ioctl(4, LOOP_CLR_FD) = 0
[pid 5119] close(4) = 0
[pid 5119] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5119] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5119] write(5, "9", 1) = 1
[pid 5119] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5119] exit_group(0) = ?
[pid 5119] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./44/binderfs") = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 73.077330][ T5119] loop0: detected capacity change from 0 to 64
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5120
./strace-static-x86_64: Process 5120 attached
[pid 5120] chdir("./45") = 0
[pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5120] setpgid(0, 0) = 0
[pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5120] write(3, "1000", 4) = 4
[pid 5120] close(3) = 0
[pid 5120] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5120] memfd_create("syzkaller", 0) = 3
[pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5120] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5120] close(3) = 0
[pid 5120] mkdir("./file0", 0777) = 0
[pid 5120] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5120] chdir("./file0") = 0
[pid 5120] ioctl(4, LOOP_CLR_FD) = 0
[pid 5120] close(4) = 0
[pid 5120] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5120] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5120] write(5, "9", 1) = 1
[ 73.155296][ T5120] loop0: detected capacity change from 0 to 64
[ 73.187028][ T5120] FAULT_INJECTION: forcing a failure.
[ 73.187028][ T5120] name failslab, interval 1, probability 0, space 0, times 0
[ 73.199760][ T5120] CPU: 1 PID: 5120 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 73.210298][ T5120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 73.220376][ T5120] Call Trace:
[ 73.223668][ T5120]
[ 73.226613][ T5120] dump_stack_lvl+0x1e7/0x2d0
[ 73.231315][ T5120] ? nf_tcp_handle_invalid+0x650/0x650
[ 73.236794][ T5120] ? panic+0x770/0x770
[ 73.240886][ T5120] ? rcu_is_watching+0x15/0xb0
[ 73.245662][ T5120] ? trace_contention_end+0x3c/0xf0
[ 73.250899][ T5120] should_fail_ex+0x3aa/0x4e0
[ 73.255623][ T5120] should_failslab+0x9/0x20
[ 73.260146][ T5120] slab_pre_alloc_hook+0x59/0x2b0
[ 73.265214][ T5120] ? hfs_find_init+0x90/0x1f0
[ 73.269920][ T5120] __kmem_cache_alloc_node+0x4b/0x290
[ 73.275339][ T5120] ? hfs_find_init+0x90/0x1f0
[ 73.280055][ T5120] __kmalloc+0xa8/0x230
[ 73.284229][ T5120] hfs_find_init+0x90/0x1f0
[ 73.288774][ T5120] hfs_extend_file+0x31b/0x1440
[ 73.293683][ T5120] ? hfs_get_block+0xb60/0xb60
[ 73.298483][ T5120] ? find_lock_entries+0x1100/0x1100
[ 73.303815][ T5120] ? clean_bdev_aliases+0x7f9/0x920
[ 73.309057][ T5120] hfs_get_block+0x3e4/0xb60
[ 73.313690][ T5120] ? hfs_free_extents+0x420/0x420
[ 73.318760][ T5120] ? create_page_buffers+0x24e/0x4c0
[ 73.324071][ T5120] __block_write_begin_int+0x548/0x1a50
[ 73.329694][ T5120] ? hfs_free_extents+0x420/0x420
[ 73.334739][ T5120] ? page_zero_new_buffers+0x660/0x660
[ 73.340217][ T5120] ? PageHeadHuge+0xa5/0x1d0
[ 73.344828][ T5120] ? hfs_free_extents+0x420/0x420
[ 73.349867][ T5120] block_write_begin+0x9c/0x1f0
[ 73.355963][ T5120] ? cont_write_begin+0x626/0x880
[ 73.361021][ T5120] cont_write_begin+0x643/0x880
[ 73.365901][ T5120] ? fault_in_readable+0x1cc/0x350
[ 73.371067][ T5120] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 73.376985][ T5120] ? fault_in_readable+0x20d/0x350
[ 73.382218][ T5120] ? fault_in_safe_writeable+0x260/0x260
[ 73.387912][ T5120] hfs_write_begin+0x8a/0xd0
[ 73.392551][ T5120] ? hfs_free_extents+0x420/0x420
[ 73.397604][ T5120] generic_perform_write+0x300/0x5e0
[ 73.402922][ T5120] ? generic_file_direct_write+0x460/0x460
[ 73.408751][ T5120] ? __file_remove_privs+0x640/0x640
[ 73.414083][ T5120] ? generic_write_checks+0x160/0x1c0
[ 73.419501][ T5120] __generic_file_write_iter+0x17a/0x400
[ 73.425160][ T5120] generic_file_write_iter+0xaf/0x310
[ 73.430580][ T5120] vfs_write+0x7b2/0xbb0
[ 73.434853][ T5120] ? file_end_write+0x250/0x250
[ 73.439745][ T5120] ? lockdep_hardirqs_on+0x98/0x140
[ 73.444982][ T5120] ? __fdget_pos+0x265/0x2f0
[ 73.449626][ T5120] ksys_write+0x1a0/0x2c0
[ 73.454033][ T5120] ? __ia32_sys_read+0x90/0x90
[ 73.458833][ T5120] ? syscall_enter_from_user_mode+0x32/0x260
[ 73.464828][ T5120] ? syscall_enter_from_user_mode+0x8c/0x260
[ 73.471020][ T5120] do_syscall_64+0x41/0xc0
[ 73.475507][ T5120] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 73.481477][ T5120] RIP: 0033:0x7f37076379e9
[ 73.485937][ T5120] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 73.505614][ T5120] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 73.514146][ T5120] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 73.522140][ T5120] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 73.530130][ T5120] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 73.538124][ T5120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 73.546123][ T5120] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 000000000000002d
[ 73.554119][ T5120]
[pid 5120] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5120] exit_group(0) = ?
[pid 5120] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./45/binderfs") = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5121 attached
, child_tidptr=0x55555663f5d0) = 5121
[pid 5121] chdir("./46") = 0
[pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5121] setpgid(0, 0) = 0
[pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5121] write(3, "1000", 4) = 4
[pid 5121] close(3) = 0
[pid 5121] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5121] memfd_create("syzkaller", 0) = 3
[pid 5121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5121] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5121] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5121] close(3) = 0
[pid 5121] mkdir("./file0", 0777) = 0
[pid 5121] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5121] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5121] chdir("./file0") = 0
[pid 5121] ioctl(4, LOOP_CLR_FD) = 0
[pid 5121] close(4) = 0
[pid 5121] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5121] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5121] write(5, "9", 1) = 1
[pid 5121] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5121] exit_group(0) = ?
[pid 5121] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} ---
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./46/binderfs") = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
[ 73.630890][ T5121] loop0: detected capacity change from 0 to 64
rmdir("./46/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5122 attached
, child_tidptr=0x55555663f5d0) = 5122
[pid 5122] chdir("./47") = 0
[pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5122] setpgid(0, 0) = 0
[pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5122] write(3, "1000", 4) = 4
[pid 5122] close(3) = 0
[pid 5122] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5122] memfd_create("syzkaller", 0) = 3
[pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5122] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5122] close(3) = 0
[pid 5122] mkdir("./file0", 0777) = 0
[pid 5122] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5122] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5122] chdir("./file0") = 0
[pid 5122] ioctl(4, LOOP_CLR_FD) = 0
[pid 5122] close(4) = 0
[pid 5122] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5122] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5122] write(5, "9", 1) = 1
[pid 5122] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5122] exit_group(0) = ?
[pid 5122] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./47/binderfs") = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 73.718402][ T5122] loop0: detected capacity change from 0 to 64
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5123 attached
[pid 5123] chdir("./48") = 0
[pid 5123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5123] setpgid(0, 0) = 0
[pid 5073] <... clone resumed>, child_tidptr=0x55555663f5d0) = 5123
[pid 5123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5123] write(3, "1000", 4) = 4
[pid 5123] close(3) = 0
[pid 5123] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5123] memfd_create("syzkaller", 0) = 3
[pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5123] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5123] close(3) = 0
[pid 5123] mkdir("./file0", 0777) = 0
[pid 5123] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5123] chdir("./file0") = 0
[pid 5123] ioctl(4, LOOP_CLR_FD) = 0
[pid 5123] close(4) = 0
[pid 5123] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5123] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5123] write(5, "9", 1) = 1
[ 73.798429][ T5123] loop0: detected capacity change from 0 to 64
[ 73.820588][ T5123] FAULT_INJECTION: forcing a failure.
[ 73.820588][ T5123] name failslab, interval 1, probability 0, space 0, times 0
[ 73.833710][ T5123] CPU: 1 PID: 5123 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 73.844350][ T5123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 73.854647][ T5123] Call Trace:
[ 73.857986][ T5123]
[ 73.860955][ T5123] dump_stack_lvl+0x1e7/0x2d0
[ 73.865707][ T5123] ? nf_tcp_handle_invalid+0x650/0x650
[ 73.871227][ T5123] ? panic+0x770/0x770
[ 73.875339][ T5123] ? rcu_is_watching+0x15/0xb0
[ 73.880171][ T5123] ? trace_contention_end+0x3c/0xf0
[ 73.885435][ T5123] should_fail_ex+0x3aa/0x4e0
[ 73.890233][ T5123] should_failslab+0x9/0x20
[ 73.894757][ T5123] slab_pre_alloc_hook+0x59/0x2b0
[ 73.899903][ T5123] ? hfs_find_init+0x90/0x1f0
[ 73.904628][ T5123] __kmem_cache_alloc_node+0x4b/0x290
[ 73.910045][ T5123] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 73.915900][ T5123] ? hfs_find_init+0x90/0x1f0
[ 73.920729][ T5123] __kmalloc+0xa8/0x230
[ 73.925006][ T5123] hfs_find_init+0x90/0x1f0
[ 73.929534][ T5123] hfs_extend_file+0x31b/0x1440
[ 73.934413][ T5123] ? hfs_get_block+0xb60/0xb60
[ 73.939212][ T5123] ? lru_cache_disable+0x30/0x30
[ 73.944221][ T5123] ? __might_sleep+0xc0/0xc0
[ 73.948862][ T5123] ? clean_bdev_aliases+0x80a/0x920
[ 73.954089][ T5123] hfs_get_block+0x3e4/0xb60
[ 73.958796][ T5123] ? hfs_free_extents+0x420/0x420
[ 73.963867][ T5123] ? create_page_buffers+0x24e/0x4c0
[ 73.969204][ T5123] __block_write_begin_int+0x548/0x1a50
[ 73.974853][ T5123] ? hfs_free_extents+0x420/0x420
[ 73.979917][ T5123] ? page_zero_new_buffers+0x660/0x660
[ 73.985864][ T5123] ? PageHeadHuge+0xa5/0x1d0
[ 73.990487][ T5123] ? hfs_free_extents+0x420/0x420
[ 73.995551][ T5123] block_write_begin+0x9c/0x1f0
[ 74.000424][ T5123] ? cont_write_begin+0x626/0x880
[ 74.005480][ T5123] cont_write_begin+0x643/0x880
[ 74.010470][ T5123] ? fault_in_readable+0x1cc/0x350
[ 74.015620][ T5123] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 74.021633][ T5123] ? fault_in_readable+0x20d/0x350
[ 74.026793][ T5123] ? fault_in_safe_writeable+0x260/0x260
[ 74.032466][ T5123] hfs_write_begin+0x8a/0xd0
[ 74.037082][ T5123] ? hfs_free_extents+0x420/0x420
[ 74.042143][ T5123] generic_perform_write+0x300/0x5e0
[ 74.047477][ T5123] ? generic_file_direct_write+0x460/0x460
[ 74.053304][ T5123] ? __file_remove_privs+0x640/0x640
[ 74.058613][ T5123] ? generic_write_checks+0x160/0x1c0
[ 74.064016][ T5123] __generic_file_write_iter+0x17a/0x400
[ 74.069713][ T5123] generic_file_write_iter+0xaf/0x310
[ 74.075209][ T5123] vfs_write+0x7b2/0xbb0
[ 74.079516][ T5123] ? file_end_write+0x250/0x250
[ 74.084421][ T5123] ? lockdep_hardirqs_on+0x98/0x140
[ 74.089654][ T5123] ? __fdget_pos+0x265/0x2f0
[ 74.094297][ T5123] ksys_write+0x1a0/0x2c0
[ 74.098649][ T5123] ? __ia32_sys_read+0x90/0x90
[ 74.103436][ T5123] ? syscall_enter_from_user_mode+0x32/0x260
[ 74.109470][ T5123] ? syscall_enter_from_user_mode+0x8c/0x260
[ 74.115504][ T5123] do_syscall_64+0x41/0xc0
[ 74.119982][ T5123] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.125897][ T5123] RIP: 0033:0x7f37076379e9
[ 74.130338][ T5123] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 74.149960][ T5123] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 74.158408][ T5123] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 74.166412][ T5123] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 74.174406][ T5123] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 74.182491][ T5123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 74.190496][ T5123] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000030
[pid 5123] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5123] exit_group(0) = ?
[pid 5123] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5123, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./48/binderfs") = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
[ 74.198501][ T5123]
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5124
./strace-static-x86_64: Process 5124 attached
[pid 5124] chdir("./49") = 0
[pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5124] setpgid(0, 0) = 0
[pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5124] write(3, "1000", 4) = 4
[pid 5124] close(3) = 0
[pid 5124] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5124] memfd_create("syzkaller", 0) = 3
[pid 5124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5124] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5124] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5124] close(3) = 0
[pid 5124] mkdir("./file0", 0777) = 0
[pid 5124] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5124] chdir("./file0") = 0
[pid 5124] ioctl(4, LOOP_CLR_FD) = 0
[pid 5124] close(4) = 0
[pid 5124] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5124] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5124] write(5, "9", 1) = 1
[ 74.265572][ T5124] loop0: detected capacity change from 0 to 64
[ 74.291867][ T5124] FAULT_INJECTION: forcing a failure.
[ 74.291867][ T5124] name failslab, interval 1, probability 0, space 0, times 0
[ 74.305086][ T5124] CPU: 1 PID: 5124 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 74.315557][ T5124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 74.325667][ T5124] Call Trace:
[ 74.328971][ T5124]
[ 74.331916][ T5124] dump_stack_lvl+0x1e7/0x2d0
[ 74.336627][ T5124] ? nf_tcp_handle_invalid+0x650/0x650
[ 74.342132][ T5124] ? panic+0x770/0x770
[ 74.346220][ T5124] ? rcu_is_watching+0x15/0xb0
[ 74.351098][ T5124] ? trace_contention_end+0x3c/0xf0
[ 74.356321][ T5124] should_fail_ex+0x3aa/0x4e0
[ 74.361062][ T5124] should_failslab+0x9/0x20
[ 74.365614][ T5124] slab_pre_alloc_hook+0x59/0x2b0
[ 74.370677][ T5124] ? hfs_find_init+0x90/0x1f0
[ 74.375373][ T5124] __kmem_cache_alloc_node+0x4b/0x290
[ 74.380788][ T5124] ? hfs_find_init+0x90/0x1f0
[ 74.385480][ T5124] __kmalloc+0xa8/0x230
[ 74.389661][ T5124] hfs_find_init+0x90/0x1f0
[ 74.394203][ T5124] hfs_extend_file+0x31b/0x1440
[ 74.399091][ T5124] ? hfs_get_block+0xb60/0xb60
[ 74.403878][ T5124] ? find_lock_entries+0x1100/0x1100
[ 74.409199][ T5124] ? clean_bdev_aliases+0x7f9/0x920
[ 74.414423][ T5124] hfs_get_block+0x3e4/0xb60
[ 74.419040][ T5124] ? hfs_free_extents+0x420/0x420
[ 74.424090][ T5124] ? create_page_buffers+0x24e/0x4c0
[ 74.429946][ T5124] __block_write_begin_int+0x548/0x1a50
[ 74.435535][ T5124] ? hfs_free_extents+0x420/0x420
[ 74.440575][ T5124] ? page_zero_new_buffers+0x660/0x660
[ 74.446058][ T5124] ? PageHeadHuge+0xa5/0x1d0
[ 74.450674][ T5124] ? hfs_free_extents+0x420/0x420
[ 74.455715][ T5124] block_write_begin+0x9c/0x1f0
[ 74.460586][ T5124] ? cont_write_begin+0x626/0x880
[ 74.465664][ T5124] cont_write_begin+0x643/0x880
[ 74.470602][ T5124] ? fault_in_readable+0x1cc/0x350
[ 74.475758][ T5124] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 74.481691][ T5124] ? fault_in_readable+0x20d/0x350
[ 74.486827][ T5124] ? fault_in_safe_writeable+0x260/0x260
[ 74.492658][ T5124] hfs_write_begin+0x8a/0xd0
[ 74.497355][ T5124] ? hfs_free_extents+0x420/0x420
[ 74.502837][ T5124] generic_perform_write+0x300/0x5e0
[ 74.508151][ T5124] ? generic_file_direct_write+0x460/0x460
[ 74.513972][ T5124] ? __file_remove_privs+0x640/0x640
[ 74.519276][ T5124] ? generic_write_checks+0x160/0x1c0
[ 74.524665][ T5124] __generic_file_write_iter+0x17a/0x400
[ 74.530436][ T5124] generic_file_write_iter+0xaf/0x310
[ 74.535851][ T5124] vfs_write+0x7b2/0xbb0
[ 74.540131][ T5124] ? file_end_write+0x250/0x250
[ 74.545017][ T5124] ? lockdep_hardirqs_on+0x98/0x140
[ 74.550238][ T5124] ? __fdget_pos+0x265/0x2f0
[ 74.554850][ T5124] ksys_write+0x1a0/0x2c0
[ 74.559203][ T5124] ? __ia32_sys_read+0x90/0x90
[ 74.563990][ T5124] ? syscall_enter_from_user_mode+0x32/0x260
[ 74.569988][ T5124] ? syscall_enter_from_user_mode+0x8c/0x260
[ 74.575992][ T5124] do_syscall_64+0x41/0xc0
[ 74.580433][ T5124] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.586346][ T5124] RIP: 0033:0x7f37076379e9
[ 74.590785][ T5124] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5124] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5124] exit_group(0) = ?
[pid 5124] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./49/binderfs") = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 74.610539][ T5124] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 74.618973][ T5124] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 74.626964][ T5124] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 74.634949][ T5124] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 74.642933][ T5124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 74.651007][ T5124] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000031
[ 74.659008][ T5124]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5125
./strace-static-x86_64: Process 5125 attached
[pid 5125] chdir("./50") = 0
[pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5125] setpgid(0, 0) = 0
[pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5125] write(3, "1000", 4) = 4
[pid 5125] close(3) = 0
[pid 5125] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5125] memfd_create("syzkaller", 0) = 3
[pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5125] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5125] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5125] close(3) = 0
[pid 5125] mkdir("./file0", 0777) = 0
[pid 5125] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5125] chdir("./file0") = 0
[pid 5125] ioctl(4, LOOP_CLR_FD) = 0
[pid 5125] close(4) = 0
[pid 5125] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5125] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5125] write(5, "9", 1) = 1
[pid 5125] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5125] exit_group(0) = ?
[pid 5125] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./50/binderfs") = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
[ 74.722380][ T5125] loop0: detected capacity change from 0 to 64
rmdir("./50/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./50") = 0
mkdir("./51", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5126
./strace-static-x86_64: Process 5126 attached
[pid 5126] chdir("./51") = 0
[pid 5126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5126] setpgid(0, 0) = 0
[pid 5126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5126] write(3, "1000", 4) = 4
[pid 5126] close(3) = 0
[pid 5126] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5126] memfd_create("syzkaller", 0) = 3
[pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5126] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5126] close(3) = 0
[pid 5126] mkdir("./file0", 0777) = 0
[pid 5126] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5126] chdir("./file0") = 0
[pid 5126] ioctl(4, LOOP_CLR_FD) = 0
[pid 5126] close(4) = 0
[pid 5126] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5126] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5126] write(5, "9", 1) = 1
[pid 5126] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5126] exit_group(0) = ?
[pid 5126] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5126, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./51/binderfs") = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 74.824343][ T5126] loop0: detected capacity change from 0 to 64
openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./51/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./51") = 0
mkdir("./52", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5127
./strace-static-x86_64: Process 5127 attached
[pid 5127] chdir("./52") = 0
[pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5127] setpgid(0, 0) = 0
[pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5127] write(3, "1000", 4) = 4
[pid 5127] close(3) = 0
[pid 5127] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5127] memfd_create("syzkaller", 0) = 3
[pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5127] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5127] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5127] close(3) = 0
[pid 5127] mkdir("./file0", 0777) = 0
[pid 5127] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5127] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5127] chdir("./file0") = 0
[pid 5127] ioctl(4, LOOP_CLR_FD) = 0
[pid 5127] close(4) = 0
[pid 5127] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5127] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5127] write(5, "9", 1) = 1
[ 74.919608][ T5127] loop0: detected capacity change from 0 to 64
[ 74.950234][ T5127] FAULT_INJECTION: forcing a failure.
[ 74.950234][ T5127] name failslab, interval 1, probability 0, space 0, times 0
[ 74.966005][ T5127] CPU: 1 PID: 5127 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 74.976473][ T5127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 74.986634][ T5127] Call Trace:
[ 74.989917][ T5127]
[ 74.992879][ T5127] dump_stack_lvl+0x1e7/0x2d0
[ 74.997601][ T5127] ? nf_tcp_handle_invalid+0x650/0x650
[ 75.003186][ T5127] ? panic+0x770/0x770
[ 75.007286][ T5127] ? rcu_is_watching+0x15/0xb0
[ 75.012073][ T5127] ? trace_contention_end+0x3c/0xf0
[ 75.017302][ T5127] should_fail_ex+0x3aa/0x4e0
[ 75.022009][ T5127] should_failslab+0x9/0x20
[ 75.026534][ T5127] slab_pre_alloc_hook+0x59/0x2b0
[ 75.031594][ T5127] ? hfs_find_init+0x90/0x1f0
[ 75.036296][ T5127] __kmem_cache_alloc_node+0x4b/0x290
[ 75.041693][ T5127] ? __mem_cgroup_uncharge_list+0x8f/0x150
[ 75.047641][ T5127] ? hfs_find_init+0x90/0x1f0
[ 75.052419][ T5127] __kmalloc+0xa8/0x230
[ 75.056655][ T5127] hfs_find_init+0x90/0x1f0
[ 75.061190][ T5127] hfs_extend_file+0x31b/0x1440
[ 75.066070][ T5127] ? hfs_get_block+0xb60/0xb60
[ 75.070858][ T5127] ? lru_cache_disable+0x30/0x30
[ 75.075811][ T5127] ? __might_sleep+0xc0/0xc0
[ 75.080433][ T5127] ? clean_bdev_aliases+0x80a/0x920
[ 75.085922][ T5127] hfs_get_block+0x3e4/0xb60
[ 75.090550][ T5127] ? hfs_free_extents+0x420/0x420
[ 75.095607][ T5127] ? create_page_buffers+0x24e/0x4c0
[ 75.101093][ T5127] __block_write_begin_int+0x548/0x1a50
[ 75.106754][ T5127] ? hfs_free_extents+0x420/0x420
[ 75.111793][ T5127] ? page_zero_new_buffers+0x660/0x660
[ 75.117278][ T5127] ? PageHeadHuge+0xa5/0x1d0
[ 75.121921][ T5127] ? hfs_free_extents+0x420/0x420
[ 75.126972][ T5127] block_write_begin+0x9c/0x1f0
[ 75.131845][ T5127] ? cont_write_begin+0x626/0x880
[ 75.136894][ T5127] cont_write_begin+0x643/0x880
[ 75.141779][ T5127] ? fault_in_readable+0x1cc/0x350
[ 75.146992][ T5127] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 75.152910][ T5127] ? fault_in_readable+0x20d/0x350
[ 75.158040][ T5127] ? fault_in_safe_writeable+0x260/0x260
[ 75.163791][ T5127] hfs_write_begin+0x8a/0xd0
[ 75.168593][ T5127] ? hfs_free_extents+0x420/0x420
[ 75.173727][ T5127] generic_perform_write+0x300/0x5e0
[ 75.179040][ T5127] ? generic_file_direct_write+0x460/0x460
[ 75.184954][ T5127] ? __file_remove_privs+0x640/0x640
[ 75.190261][ T5127] ? generic_write_checks+0x160/0x1c0
[ 75.195650][ T5127] __generic_file_write_iter+0x17a/0x400
[ 75.201305][ T5127] generic_file_write_iter+0xaf/0x310
[ 75.206697][ T5127] vfs_write+0x7b2/0xbb0
[ 75.211055][ T5127] ? file_end_write+0x250/0x250
[ 75.215944][ T5127] ? lockdep_hardirqs_on+0x98/0x140
[ 75.221163][ T5127] ? __fdget_pos+0x265/0x2f0
[ 75.225781][ T5127] ksys_write+0x1a0/0x2c0
[ 75.230135][ T5127] ? __ia32_sys_read+0x90/0x90
[ 75.234923][ T5127] ? syscall_enter_from_user_mode+0x32/0x260
[ 75.240961][ T5127] ? syscall_enter_from_user_mode+0x8c/0x260
[ 75.246960][ T5127] do_syscall_64+0x41/0xc0
[ 75.251400][ T5127] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 75.257321][ T5127] RIP: 0033:0x7f37076379e9
[ 75.261754][ T5127] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 75.281528][ T5127] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 75.289964][ T5127] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 75.297963][ T5127] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 75.306053][ T5127] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[pid 5127] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5127] exit_group(0) = ?
[pid 5127] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./52/binderfs") = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./52/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./52") = 0
mkdir("./53", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5128
./strace-static-x86_64: Process 5128 attached
[pid 5128] chdir("./53") = 0
[pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5128] setpgid(0, 0) = 0
[pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5128] write(3, "1000", 4) = 4
[pid 5128] close(3) = 0
[pid 5128] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5128] memfd_create("syzkaller", 0) = 3
[pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[ 75.314048][ T5127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 75.322052][ T5127] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000034
[ 75.330092][ T5127]
[pid 5128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5128] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5128] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5128] close(3) = 0
[pid 5128] mkdir("./file0", 0777) = 0
[pid 5128] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5128] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5128] chdir("./file0") = 0
[pid 5128] ioctl(4, LOOP_CLR_FD) = 0
[pid 5128] close(4) = 0
[pid 5128] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5128] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5128] write(5, "9", 1) = 1
[ 75.392476][ T5128] loop0: detected capacity change from 0 to 64
[ 75.415992][ T5128] FAULT_INJECTION: forcing a failure.
[ 75.415992][ T5128] name failslab, interval 1, probability 0, space 0, times 0
[ 75.429790][ T5128] CPU: 1 PID: 5128 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 75.440259][ T5128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 75.450357][ T5128] Call Trace:
[ 75.453674][ T5128]
[ 75.456623][ T5128] dump_stack_lvl+0x1e7/0x2d0
[ 75.461343][ T5128] ? nf_tcp_handle_invalid+0x650/0x650
[ 75.466852][ T5128] ? panic+0x770/0x770
[ 75.470959][ T5128] ? rcu_is_watching+0x15/0xb0
[ 75.475759][ T5128] ? trace_contention_end+0x3c/0xf0
[ 75.481083][ T5128] should_fail_ex+0x3aa/0x4e0
[ 75.485813][ T5128] should_failslab+0x9/0x20
[ 75.490451][ T5128] slab_pre_alloc_hook+0x59/0x2b0
[ 75.495524][ T5128] ? hfs_find_init+0x90/0x1f0
[ 75.500228][ T5128] __kmem_cache_alloc_node+0x4b/0x290
[ 75.505637][ T5128] ? hfs_find_init+0x90/0x1f0
[ 75.510334][ T5128] __kmalloc+0xa8/0x230
[ 75.514521][ T5128] hfs_find_init+0x90/0x1f0
[ 75.519045][ T5128] hfs_extend_file+0x31b/0x1440
[ 75.523954][ T5128] ? hfs_get_block+0xb60/0xb60
[ 75.528754][ T5128] ? find_lock_entries+0x1100/0x1100
[ 75.534076][ T5128] ? clean_bdev_aliases+0x7f9/0x920
[ 75.539389][ T5128] hfs_get_block+0x3e4/0xb60
[ 75.544116][ T5128] ? hfs_free_extents+0x420/0x420
[ 75.549174][ T5128] ? __block_write_begin_int+0x79a/0x1a50
[ 75.554957][ T5128] ? __block_write_begin_int+0x7ae/0x1a50
[ 75.560716][ T5128] __block_write_begin_int+0x548/0x1a50
[ 75.566335][ T5128] ? hfs_free_extents+0x420/0x420
[ 75.571378][ T5128] ? page_zero_new_buffers+0x660/0x660
[ 75.576858][ T5128] ? PageHeadHuge+0xa5/0x1d0
[ 75.581476][ T5128] ? hfs_free_extents+0x420/0x420
[ 75.586709][ T5128] block_write_begin+0x9c/0x1f0
[ 75.591582][ T5128] ? cont_write_begin+0x626/0x880
[ 75.596630][ T5128] cont_write_begin+0x643/0x880
[ 75.601859][ T5128] ? fault_in_readable+0x1cc/0x350
[ 75.606990][ T5128] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 75.612911][ T5128] ? fault_in_readable+0x20d/0x350
[ 75.618167][ T5128] ? fault_in_safe_writeable+0x260/0x260
[ 75.623848][ T5128] hfs_write_begin+0x8a/0xd0
[ 75.628465][ T5128] ? hfs_free_extents+0x420/0x420
[ 75.633513][ T5128] generic_perform_write+0x300/0x5e0
[ 75.638833][ T5128] ? generic_file_direct_write+0x460/0x460
[ 75.644660][ T5128] ? __file_remove_privs+0x640/0x640
[ 75.649967][ T5128] ? generic_write_checks+0x160/0x1c0
[ 75.655381][ T5128] __generic_file_write_iter+0x17a/0x400
[ 75.661056][ T5128] generic_file_write_iter+0xaf/0x310
[ 75.666450][ T5128] vfs_write+0x7b2/0xbb0
[ 75.670723][ T5128] ? file_end_write+0x250/0x250
[ 75.675611][ T5128] ? lockdep_hardirqs_on+0x98/0x140
[ 75.680836][ T5128] ? __fdget_pos+0x265/0x2f0
[ 75.685813][ T5128] ksys_write+0x1a0/0x2c0
[ 75.690194][ T5128] ? __ia32_sys_read+0x90/0x90
[ 75.695152][ T5128] ? syscall_enter_from_user_mode+0x32/0x260
[ 75.701160][ T5128] ? syscall_enter_from_user_mode+0x8c/0x260
[ 75.707159][ T5128] do_syscall_64+0x41/0xc0
[ 75.711602][ T5128] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 75.717514][ T5128] RIP: 0033:0x7f37076379e9
[ 75.721943][ T5128] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5128] write(4, "\x74\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5128] exit_group(0) = ?
[pid 5128] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556640620 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./53/binderfs") = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556648660 /* 2 entries */, 32768) = 48
[ 75.741838][ T5128] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 75.750287][ T5128] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 75.758285][ T5128] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 75.766356][ T5128] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 75.774372][ T5128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 75.782357][ T5128] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000035
[ 75.790359][ T5128]
getdents64(4, 0x555556648660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./53/file0") = 0
getdents64(3, 0x555556640620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./53") = 0
mkdir("./54", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555663f5d0) = 5129
./strace-static-x86_64: Process 5129 attached
[pid 5129] chdir("./54") = 0
[pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5129] setpgid(0, 0) = 0
[pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5129] write(3, "1000", 4) = 4
[pid 5129] close(3) = 0
[pid 5129] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5129] memfd_create("syzkaller", 0) = 3
[pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36ff1ea000
[pid 5129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5129] munmap(0x7f36ff1ea000, 32768) = 0
[pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5129] close(3) = 0
[pid 5129] mkdir("./file0", 0777) = 0
[pid 5129] mount("/dev/loop0", "./file0", "hfs", MS_REC, "") = 0
[pid 5129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5129] chdir("./file0") = 0
[pid 5129] ioctl(4, LOOP_CLR_FD) = 0
[pid 5129] close(4) = 0
[pid 5129] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5129] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5129] write(5, "9", 1) = 1
[ 75.862359][ T5129] loop0: detected capacity change from 0 to 64
[ 75.884828][ T5129] FAULT_INJECTION: forcing a failure.
[ 75.884828][ T5129] name failslab, interval 1, probability 0, space 0, times 0
[ 75.898498][ T5129] CPU: 0 PID: 5129 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 75.908968][ T5129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 75.919166][ T5129] Call Trace:
[ 75.922475][ T5129]
[ 75.925428][ T5129] dump_stack_lvl+0x1e7/0x2d0
[ 75.930153][ T5129] ? nf_tcp_handle_invalid+0x650/0x650
[ 75.936072][ T5129] ? panic+0x770/0x770
[ 75.940202][ T5129] should_fail_ex+0x3aa/0x4e0
[ 75.944911][ T5129] should_failslab+0x9/0x20
[ 75.949441][ T5129] slab_pre_alloc_hook+0x59/0x2b0
[ 75.954503][ T5129] ? __hfs_bnode_create+0xf8/0x7b0
[ 75.959636][ T5129] __kmem_cache_alloc_node+0x4b/0x290
[ 75.965037][ T5129] ? __hfs_bnode_create+0xf8/0x7b0
[ 75.970180][ T5129] __kmalloc+0xa8/0x230
[ 75.974360][ T5129] __hfs_bnode_create+0xf8/0x7b0
[ 75.979324][ T5129] ? do_raw_spin_lock+0x14d/0x3a0
[ 75.984469][ T5129] ? hfs_bnode_get+0x40/0x40
[ 75.989085][ T5129] ? do_raw_spin_unlock+0x13b/0x8b0
[ 75.994369][ T5129] hfs_bnode_find+0x244/0xf50
[ 75.999078][ T5129] ? unwind_next_frame+0x19a7/0x2180
[ 76.004386][ T5129] ? preempt_count_add+0x93/0x180
[ 76.009435][ T5129] ? hfs_bnode_unlink+0x7f0/0x7f0
[ 76.014488][ T5129] ? register_lock_class+0x104/0x990
[ 76.019788][ T5129] ? hfs_bmap_reserve+0x3b1/0x3f0
[ 76.024919][ T5129] ? kernel_text_address+0xa3/0xe0
[ 76.030060][ T5129] ? is_dynamic_key+0x1f0/0x1f0
[ 76.034925][ T5129] ? unwind_get_return_address+0x4d/0x90
[ 76.040670][ T5129] hfs_bmap_alloc+0xc9/0x640
[ 76.045291][ T5129] ? __lock_acquire+0x125b/0x1f80
[ 76.050343][ T5129] ? hfs_bmap_reserve+0x3f0/0x3f0
[ 76.055489][ T5129] hfs_btree_inc_height+0x11e/0xd20
[ 76.060889][ T5129] ? hfs_brec_insert+0xbd0/0xbd0
[ 76.065939][ T5129] ? __mutex_trylock_common+0x182/0x2e0
[ 76.071667][ T5129] ? __might_sleep+0xc0/0xc0
[ 76.076284][ T5129] hfs_brec_insert+0x15b/0xbd0
[ 76.081065][ T5129] ? rcu_is_watching+0x15/0xb0
[ 76.085853][ T5129] ? trace_contention_end+0x3c/0xf0
[ 76.091082][ T5129] ? hfs_brec_find+0x197/0x570
[ 76.095872][ T5129] ? hfs_brec_keylen+0x360/0x360
[ 76.100835][ T5129] ? mutex_lock_io_nested+0x60/0x60
[ 76.106062][ T5129] __hfs_ext_write_extent+0x2f2/0x4f0
[ 76.111496][ T5129] __hfs_ext_cache_extent+0x6a/0x990
[ 76.116800][ T5129] ? mutex_lock_nested+0x1b/0x20
[ 76.121764][ T5129] ? hfs_find_init+0x16e/0x1f0
[ 76.126547][ T5129] hfs_extend_file+0x344/0x1440
[ 76.131535][ T5129] ? hfs_get_block+0xb60/0xb60
[ 76.136337][ T5129] ? find_lock_entries+0x1100/0x1100
[ 76.141653][ T5129] ? clean_bdev_aliases+0x7f9/0x920
[ 76.146883][ T5129] hfs_get_block+0x3e4/0xb60
[ 76.151506][ T5129] ? hfs_free_extents+0x420/0x420
[ 76.156557][ T5129] ? create_page_buffers+0x24e/0x4c0
[ 76.161975][ T5129] __block_write_begin_int+0x548/0x1a50
[ 76.167566][ T5129] ? hfs_free_extents+0x420/0x420
[ 76.172642][ T5129] ? page_zero_new_buffers+0x660/0x660
[ 76.178125][ T5129] ? PageHeadHuge+0xa5/0x1d0
[ 76.182746][ T5129] ? hfs_free_extents+0x420/0x420
[ 76.187787][ T5129] block_write_begin+0x9c/0x1f0
[ 76.192661][ T5129] ? cont_write_begin+0x626/0x880
[ 76.197713][ T5129] cont_write_begin+0x643/0x880
[ 76.202596][ T5129] ? fault_in_readable+0x1cc/0x350
[ 76.207726][ T5129] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 76.213642][ T5129] ? fault_in_readable+0x20d/0x350
[ 76.218770][ T5129] ? fault_in_safe_writeable+0x260/0x260
[ 76.224434][ T5129] hfs_write_begin+0x8a/0xd0
[ 76.229037][ T5129] ? hfs_free_extents+0x420/0x420
[ 76.234080][ T5129] generic_perform_write+0x300/0x5e0
[ 76.239411][ T5129] ? generic_file_direct_write+0x460/0x460
[ 76.245242][ T5129] ? __file_remove_privs+0x640/0x640
[ 76.250551][ T5129] ? generic_write_checks+0x160/0x1c0
[ 76.255946][ T5129] __generic_file_write_iter+0x17a/0x400
[ 76.261606][ T5129] generic_file_write_iter+0xaf/0x310
[ 76.267002][ T5129] vfs_write+0x7b2/0xbb0
[ 76.271276][ T5129] ? file_end_write+0x250/0x250
[ 76.276247][ T5129] ? lockdep_hardirqs_on+0x98/0x140
[ 76.281465][ T5129] ? __fdget_pos+0x265/0x2f0
[ 76.286081][ T5129] ksys_write+0x1a0/0x2c0
[ 76.290449][ T5129] ? __ia32_sys_read+0x90/0x90
[ 76.295234][ T5129] ? syscall_enter_from_user_mode+0x32/0x260
[ 76.301238][ T5129] ? syscall_enter_from_user_mode+0x8c/0x260
[ 76.307277][ T5129] do_syscall_64+0x41/0xc0
[ 76.311717][ T5129] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 76.317638][ T5129] RIP: 0033:0x7f37076379e9
[ 76.322093][ T5129] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 76.341760][ T5129] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 76.350228][ T5129] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 76.358216][ T5129] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 76.366202][ T5129] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 76.374188][ T5129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 76.382275][ T5129] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000036
[ 76.390282][ T5129]
[ 76.407906][ T5129] hfs: new node 0 already hashed?
[ 76.413703][ T5129] ------------[ cut here ]------------
[ 76.419321][ T5129] WARNING: CPU: 0 PID: 5129 at fs/hfs/bnode.c:422 hfs_bnode_create+0x3b1/0x440
[ 76.428369][ T5129] Modules linked in:
[ 76.432297][ T5129] CPU: 0 PID: 5129 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 76.442869][ T5129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 76.453026][ T5129] RIP: 0010:hfs_bnode_create+0x3b1/0x440
[ 76.458755][ T5129] Code: 8a 44 89 e6 e8 20 3e 3e 08 e9 7c fd ff ff e8 36 6e 2a ff 4c 89 ff e8 4e 23 4a 08 48 c7 c7 e0 8e ff 8a 44 89 e6 e8 ff 3d 3e 08 <0f> 0b eb b5 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 89 fc ff ff 48 89
[ 76.478489][ T5129] RSP: 0018:ffffc90003ceef98 EFLAGS: 00010246
[ 76.484605][ T5129] RAX: 000000000000001f RBX: ffff88802c93e200 RCX: a4a76b8699ff3a00
[ 76.492669][ T5129] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 76.500758][ T5129] RBP: 0000000000000000 R08: ffffffff816dfe9c R09: fffff5200079ddad
[ 76.508909][ T5129] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[ 76.517104][ T5129] R13: dffffc0000000000 R14: ffff8880764e8000 R15: ffff8880764e80e0
[ 76.525140][ T5129] FS: 000055555663f300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 76.534184][ T5129] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 76.540908][ T5129] CR2: 0000000020008000 CR3: 000000002265d000 CR4: 00000000003506f0
[ 76.548978][ T5129] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 76.557186][ T5129] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 76.565286][ T5129] Call Trace:
[ 76.568775][ T5129]
[ 76.571747][ T5129] hfs_bmap_alloc+0x5a6/0x640
[ 76.576644][ T5129] ? hfs_bmap_reserve+0x3f0/0x3f0
[ 76.581725][ T5129] hfs_btree_inc_height+0x11e/0xd20
[ 76.587027][ T5129] ? hfs_brec_insert+0x6e0/0xbd0
[ 76.592015][ T5129] ? workingset_activation+0x593/0x850
[ 76.597615][ T5129] ? hfs_brec_insert+0xbd0/0xbd0
[ 76.602606][ T5129] ? do_raw_spin_unlock+0x13b/0x8b0
[ 76.607944][ T5129] ? hfs_bnode_put+0x1c0/0x370
[ 76.612757][ T5129] hfs_brec_insert+0x723/0xbd0
[ 76.617661][ T5129] ? hfs_brec_keylen+0x360/0x360
[ 76.622729][ T5129] ? mutex_lock_io_nested+0x60/0x60
[ 76.628046][ T5129] __hfs_ext_write_extent+0x2f2/0x4f0
[ 76.633475][ T5129] __hfs_ext_cache_extent+0x6a/0x990
[ 76.639010][ T5129] ? mutex_lock_nested+0x1b/0x20
[ 76.644011][ T5129] ? hfs_find_init+0x16e/0x1f0
[ 76.648890][ T5129] hfs_extend_file+0x344/0x1440
[ 76.653813][ T5129] ? hfs_get_block+0xb60/0xb60
[ 76.658755][ T5129] ? find_lock_entries+0x1100/0x1100
[ 76.664215][ T5129] ? clean_bdev_aliases+0x7f9/0x920
[ 76.669528][ T5129] hfs_get_block+0x3e4/0xb60
[ 76.674187][ T5129] ? hfs_free_extents+0x420/0x420
[ 76.679354][ T5129] ? create_page_buffers+0x24e/0x4c0
[ 76.685399][ T5129] __block_write_begin_int+0x548/0x1a50
[ 76.691186][ T5129] ? hfs_free_extents+0x420/0x420
[ 76.696410][ T5129] ? page_zero_new_buffers+0x660/0x660
[ 76.701918][ T5129] ? PageHeadHuge+0xa5/0x1d0
[ 76.706620][ T5129] ? hfs_free_extents+0x420/0x420
[ 76.711685][ T5129] block_write_begin+0x9c/0x1f0
[ 76.716675][ T5129] ? cont_write_begin+0x626/0x880
[ 76.721755][ T5129] cont_write_begin+0x643/0x880
[ 76.726725][ T5129] ? fault_in_readable+0x1cc/0x350
[ 76.731874][ T5129] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 76.737891][ T5129] ? fault_in_readable+0x20d/0x350
[ 76.743078][ T5129] ? fault_in_safe_writeable+0x260/0x260
[ 76.748864][ T5129] hfs_write_begin+0x8a/0xd0
[ 76.753521][ T5129] ? hfs_free_extents+0x420/0x420
[ 76.758691][ T5129] generic_perform_write+0x300/0x5e0
[ 76.764044][ T5129] ? generic_file_direct_write+0x460/0x460
[ 76.769962][ T5129] ? __file_remove_privs+0x640/0x640
[ 76.775323][ T5129] ? generic_write_checks+0x160/0x1c0
[ 76.780842][ T5129] __generic_file_write_iter+0x17a/0x400
[ 76.786712][ T5129] generic_file_write_iter+0xaf/0x310
[ 76.792141][ T5129] vfs_write+0x7b2/0xbb0
[ 76.796523][ T5129] ? file_end_write+0x250/0x250
[ 76.801700][ T5129] ? lockdep_hardirqs_on+0x98/0x140
[ 76.807011][ T5129] ? __fdget_pos+0x265/0x2f0
[ 76.811657][ T5129] ksys_write+0x1a0/0x2c0
[ 76.816123][ T5129] ? __ia32_sys_read+0x90/0x90
[ 76.821026][ T5129] ? syscall_enter_from_user_mode+0x32/0x260
[ 76.827143][ T5129] ? syscall_enter_from_user_mode+0x8c/0x260
[ 76.833218][ T5129] do_syscall_64+0x41/0xc0
[ 76.837880][ T5129] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 76.843831][ T5129] RIP: 0033:0x7f37076379e9
[ 76.848698][ T5129] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 76.868600][ T5129] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 76.877209][ T5129] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 76.885221][ T5129] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 76.893356][ T5129] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 76.901424][ T5129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 76.909503][ T5129] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000036
[ 76.917578][ T5129]
[ 76.920656][ T5129] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 76.928052][ T5129] CPU: 0 PID: 5129 Comm: syz-executor401 Not tainted 6.3.0-rc2-syzkaller-00405-ga3671bd86a97 #0
[ 76.938498][ T5129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 76.948686][ T5129] Call Trace:
[ 76.952032][ T5129]
[ 76.954994][ T5129] dump_stack_lvl+0x1e7/0x2d0
[ 76.959729][ T5129] ? nf_tcp_handle_invalid+0x650/0x650
[ 76.965236][ T5129] ? panic+0x770/0x770
[ 76.969363][ T5129] ? vscnprintf+0x5d/0x80
[ 76.973738][ T5129] panic+0x31c/0x770
[ 76.977673][ T5129] ? __warn+0x171/0x4a0
[ 76.981850][ T5129] ? memcpy_page_flushcache+0x100/0x100
[ 76.987431][ T5129] __warn+0x314/0x4a0
[ 76.991427][ T5129] ? hfs_bnode_create+0x3b1/0x440
[ 76.996478][ T5129] report_bug+0x2b3/0x500
[ 77.000828][ T5129] ? hfs_bnode_create+0x3b1/0x440
[ 77.005870][ T5129] handle_bug+0x3d/0x70
[ 77.010049][ T5129] exc_invalid_op+0x1a/0x50
[ 77.014577][ T5129] asm_exc_invalid_op+0x1a/0x20
[ 77.019539][ T5129] RIP: 0010:hfs_bnode_create+0x3b1/0x440
[ 77.025197][ T5129] Code: 8a 44 89 e6 e8 20 3e 3e 08 e9 7c fd ff ff e8 36 6e 2a ff 4c 89 ff e8 4e 23 4a 08 48 c7 c7 e0 8e ff 8a 44 89 e6 e8 ff 3d 3e 08 <0f> 0b eb b5 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 89 fc ff ff 48 89
[ 77.045101][ T5129] RSP: 0018:ffffc90003ceef98 EFLAGS: 00010246
[ 77.051190][ T5129] RAX: 000000000000001f RBX: ffff88802c93e200 RCX: a4a76b8699ff3a00
[ 77.059182][ T5129] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 77.067255][ T5129] RBP: 0000000000000000 R08: ffffffff816dfe9c R09: fffff5200079ddad
[ 77.075261][ T5129] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[ 77.083278][ T5129] R13: dffffc0000000000 R14: ffff8880764e8000 R15: ffff8880764e80e0
[ 77.091286][ T5129] ? __wake_up_klogd+0xcc/0x100
[ 77.096170][ T5129] ? hfs_bnode_create+0x3b1/0x440
[ 77.101215][ T5129] hfs_bmap_alloc+0x5a6/0x640
[ 77.105970][ T5129] ? hfs_bmap_reserve+0x3f0/0x3f0
[ 77.111036][ T5129] hfs_btree_inc_height+0x11e/0xd20
[ 77.116260][ T5129] ? hfs_brec_insert+0x6e0/0xbd0
[ 77.121319][ T5129] ? workingset_activation+0x593/0x850
[ 77.126798][ T5129] ? hfs_brec_insert+0xbd0/0xbd0
[ 77.131758][ T5129] ? do_raw_spin_unlock+0x13b/0x8b0
[ 77.136984][ T5129] ? hfs_bnode_put+0x1c0/0x370
[ 77.141766][ T5129] hfs_brec_insert+0x723/0xbd0
[ 77.146567][ T5129] ? hfs_brec_keylen+0x360/0x360
[ 77.151518][ T5129] ? mutex_lock_io_nested+0x60/0x60
[ 77.156750][ T5129] __hfs_ext_write_extent+0x2f2/0x4f0
[ 77.162155][ T5129] __hfs_ext_cache_extent+0x6a/0x990
[ 77.167461][ T5129] ? mutex_lock_nested+0x1b/0x20
[ 77.172413][ T5129] ? hfs_find_init+0x16e/0x1f0
[ 77.177258][ T5129] hfs_extend_file+0x344/0x1440
[ 77.182150][ T5129] ? hfs_get_block+0xb60/0xb60
[ 77.186932][ T5129] ? find_lock_entries+0x1100/0x1100
[ 77.192279][ T5129] ? clean_bdev_aliases+0x7f9/0x920
[ 77.197508][ T5129] hfs_get_block+0x3e4/0xb60
[ 77.202127][ T5129] ? hfs_free_extents+0x420/0x420
[ 77.207176][ T5129] ? create_page_buffers+0x24e/0x4c0
[ 77.212501][ T5129] __block_write_begin_int+0x548/0x1a50
[ 77.218091][ T5129] ? hfs_free_extents+0x420/0x420
[ 77.223138][ T5129] ? page_zero_new_buffers+0x660/0x660
[ 77.228625][ T5129] ? PageHeadHuge+0xa5/0x1d0
[ 77.233243][ T5129] ? hfs_free_extents+0x420/0x420
[ 77.238391][ T5129] block_write_begin+0x9c/0x1f0
[ 77.243268][ T5129] ? cont_write_begin+0x626/0x880
[ 77.248318][ T5129] cont_write_begin+0x643/0x880
[ 77.253203][ T5129] ? fault_in_readable+0x1cc/0x350
[ 77.258355][ T5129] ? generic_cont_expand_simple+0x2a0/0x2a0
[ 77.264269][ T5129] ? fault_in_readable+0x20d/0x350
[ 77.269403][ T5129] ? fault_in_safe_writeable+0x260/0x260
[ 77.275065][ T5129] hfs_write_begin+0x8a/0xd0
[ 77.279686][ T5129] ? hfs_free_extents+0x420/0x420
[ 77.284733][ T5129] generic_perform_write+0x300/0x5e0
[ 77.290048][ T5129] ? generic_file_direct_write+0x460/0x460
[ 77.295967][ T5129] ? __file_remove_privs+0x640/0x640
[ 77.301279][ T5129] ? generic_write_checks+0x160/0x1c0
[ 77.306673][ T5129] __generic_file_write_iter+0x17a/0x400
[ 77.312329][ T5129] generic_file_write_iter+0xaf/0x310
[ 77.317723][ T5129] vfs_write+0x7b2/0xbb0
[ 77.322002][ T5129] ? file_end_write+0x250/0x250
[ 77.326881][ T5129] ? lockdep_hardirqs_on+0x98/0x140
[ 77.332102][ T5129] ? __fdget_pos+0x265/0x2f0
[ 77.336719][ T5129] ksys_write+0x1a0/0x2c0
[ 77.341119][ T5129] ? __ia32_sys_read+0x90/0x90
[ 77.346017][ T5129] ? syscall_enter_from_user_mode+0x32/0x260
[ 77.352021][ T5129] ? syscall_enter_from_user_mode+0x8c/0x260
[ 77.358020][ T5129] do_syscall_64+0x41/0xc0
[ 77.362459][ T5129] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 77.368371][ T5129] RIP: 0033:0x7f37076379e9
[ 77.372804][ T5129] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 77.392446][ T5129] RSP: 002b:00007ffc9785bf58 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 77.400878][ T5129] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f37076379e9
[ 77.408864][ T5129] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 77.416851][ T5129] RBP: 00007ffc9785bf80 R08: 0000000000000001 R09: 00007ffc9785bf90
[ 77.424834][ T5129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 77.432820][ T5129] R13: 00007ffc9785bfc0 R14: 00007ffc9785bfa0 R15: 0000000000000036
[ 77.440824][ T5129]
[ 77.444118][ T5129] Kernel Offset: disabled
[ 77.448567][ T5129] Rebooting in 86400 seconds..