./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2913439364
<...>
Warning: Permanently added '10.128.0.9' (ED25519) to the list of known hosts.
execve("./syz-executor2913439364", ["./syz-executor2913439364"], 0x7ffd72c0ec00 /* 10 vars */) = 0
brk(NULL) = 0x55555665b000
brk(0x55555665bd00) = 0x55555665bd00
arch_prctl(ARCH_SET_FS, 0x55555665b380) = 0
set_tid_address(0x55555665b650) = 5053
set_robust_list(0x55555665b660, 24) = 0
rseq(0x55555665bca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2913439364", 4096) = 28
getrandom("\xc6\xe0\x9e\xf3\x2d\x94\x78\x4a", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555665bd00
brk(0x55555667cd00) = 0x55555667cd00
brk(0x55555667d000) = 0x55555667d000
mprotect(0x7fc8ca160000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
[ 76.663441][ T26] audit: type=1400 audit(1701791379.824:83): avc: denied { execmem } for pid=5053 comm="syz-executor291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.Ij2Ey4", 0700) = 0
chmod("./syzkaller.Ij2Ey4", 0777) = 0
chdir("./syzkaller.Ij2Ey4") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555665b650) = 5054
[ 76.780515][ T26] audit: type=1400 audit(1701791379.934:84): avc: denied { read write } for pid=5053 comm="syz-executor291" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 76.805328][ T26] audit: type=1400 audit(1701791379.944:85): avc: denied { open } for pid=5053 comm="syz-executor291" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
./strace-static-x86_64: Process 5054 attached
[pid 5054] set_robust_list(0x55555665b660, 24) = 0
[pid 5054] chdir("./0") = 0
[pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5054] setpgid(0, 0) = 0
[pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5054] write(3, "1000", 4) = 4
[pid 5054] close(3) = 0
[pid 5054] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5054] memfd_create("syzkaller", 0) = 3
[pid 5054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5054] munmap(0x7fc8c1cad000, 138412032) = 0
[ 76.830355][ T26] audit: type=1400 audit(1701791379.944:86): avc: denied { ioctl } for pid=5053 comm="syz-executor291" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 76.857720][ T26] audit: type=1400 audit(1701791380.014:87): avc: denied { append } for pid=4491 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[pid 5054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5054] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5054] close(3) = 0
[pid 5054] mkdir("./bus", 0777) = 0
[ 76.881368][ T26] audit: type=1400 audit(1701791380.014:88): avc: denied { open } for pid=4491 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 76.892402][ T5054] loop0: detected capacity change from 0 to 64
[pid 5054] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5054] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[ 76.904734][ T26] audit: type=1400 audit(1701791380.014:89): avc: denied { getattr } for pid=4491 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 76.934438][ T26] audit: type=1400 audit(1701791380.084:90): avc: denied { mounton } for pid=5054 comm="syz-executor291" path="/root/syzkaller.Ij2Ey4/0/bus" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 76.936208][ T5054] hfs: unable to locate alternate MDB
[ 76.964489][ T5054] hfs: continuing without an alternate MDB
[pid 5054] chdir("./bus") = 0
[pid 5054] ioctl(4, LOOP_CLR_FD) = 0
[pid 5054] close(4) = 0
[ 76.975570][ T26] audit: type=1400 audit(1701791380.134:91): avc: denied { mount } for pid=5054 comm="syz-executor291" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[pid 5054] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5054] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5054] write(5, "9", 1) = 1
[ 77.061513][ T5054] FAULT_INJECTION: forcing a failure.
[ 77.061513][ T5054] name failslab, interval 1, probability 0, space 0, times 1
[ 77.074629][ T5054] CPU: 1 PID: 5054 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 77.085041][ T5054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 77.095080][ T5054] Call Trace:
[ 77.098344][ T5054]
[ 77.101261][ T5054] dump_stack_lvl+0x125/0x1b0
[ 77.105959][ T5054] should_fail_ex+0x496/0x5b0
[ 77.110630][ T5054] should_failslab+0x9/0x20
[ 77.115119][ T5054] __kmem_cache_alloc_node+0x5f/0x460
[ 77.120488][ T5054] ? hfs_find_init+0x95/0x220
[ 77.125153][ T5054] __kmalloc+0x49/0x90
[ 77.129214][ T5054] hfs_find_init+0x95/0x220
[ 77.133714][ T5054] hfs_ext_read_extent+0x19c/0x9d0
[ 77.138830][ T5054] ? mutex_trylock+0x130/0x130
[ 77.143603][ T5054] ? hfs_free_extents+0x2f0/0x2f0
[ 77.148631][ T5054] ? clean_bdev_aliases+0x50e/0x610
[ 77.153832][ T5054] hfs_extend_file+0x4e0/0xb10
[ 77.158602][ T5054] ? reacquire_held_locks+0x4c0/0x4c0
[ 77.163979][ T5054] ? hfs_free_fork+0x900/0x900
[ 77.168750][ T5054] hfs_get_block+0x17f/0x820
[ 77.173344][ T5054] ? hfs_extend_file+0xb10/0xb10
[ 77.178285][ T5054] __block_write_begin_int+0x3c0/0x1560
[ 77.183837][ T5054] ? hfs_extend_file+0xb10/0xb10
[ 77.188782][ T5054] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 77.194335][ T5054] block_write_begin+0xb1/0x490
[ 77.199204][ T5054] ? hfs_extend_file+0xb10/0xb10
[ 77.204155][ T5054] cont_write_begin+0x530/0x730
[ 77.209023][ T5054] ? hfs_extend_file+0xb10/0xb10
[ 77.213974][ T5054] ? block_write_begin+0x490/0x490
[ 77.219092][ T5054] ? fault_in_readable+0x106/0x200
[ 77.224214][ T5054] ? fault_in_readable+0x150/0x200
[ 77.229331][ T5054] ? fault_in_subpage_writeable+0x20/0x20
[ 77.235062][ T5054] hfs_write_begin+0x87/0x140
[ 77.239747][ T5054] ? hfs_extend_file+0xb10/0xb10
[ 77.244705][ T5054] generic_perform_write+0x278/0x600
[ 77.250006][ T5054] ? folio_add_wait_queue+0x1c0/0x1c0
[ 77.255382][ T5054] ? generic_update_time+0xcf/0xf0
[ 77.260501][ T5054] ? mnt_put_write_access_file+0x45/0xf0
[ 77.266142][ T5054] __generic_file_write_iter+0x1f9/0x240
[ 77.271795][ T5054] generic_file_write_iter+0xe3/0x350
[ 77.277179][ T5054] vfs_write+0x64f/0xdf0
[ 77.281424][ T5054] ? kernel_write+0x6c0/0x6c0
[ 77.286103][ T5054] ? __fget_light+0x1fc/0x260
[ 77.290781][ T5054] ksys_write+0x12f/0x250
[ 77.295109][ T5054] ? __ia32_sys_read+0xb0/0xb0
[ 77.299880][ T5054] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 77.306125][ T5054] do_syscall_64+0x40/0x110
[ 77.310631][ T5054] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 77.316532][ T5054] RIP: 0033:0x7fc8ca0ec1e9
[ 77.320942][ T5054] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 77.340551][ T5054] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 77.348980][ T5054] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5054] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5054] exit_group(0) = ?
[pid 5054] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5054, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
[ 77.356958][ T5054] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 77.364931][ T5054] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 77.372899][ T5054] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[ 77.380869][ T5054] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 77.388843][ T5054]
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/bus") = 0
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 77.418088][ T26] audit: type=1400 audit(1701791380.574:92): avc: denied { unmount } for pid=5053 comm="syz-executor291" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5056 attached
, child_tidptr=0x55555665b650) = 5056
[pid 5056] set_robust_list(0x55555665b660, 24) = 0
[pid 5056] chdir("./1") = 0
[pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5056] setpgid(0, 0) = 0
[pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5056] write(3, "1000", 4) = 4
[pid 5056] close(3) = 0
[pid 5056] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5056] memfd_create("syzkaller", 0) = 3
[pid 5056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5056] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5056] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5056] close(3) = 0
[pid 5056] mkdir("./bus", 0777) = 0
[pid 5056] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5056] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5056] chdir("./bus") = 0
[pid 5056] ioctl(4, LOOP_CLR_FD) = 0
[pid 5056] close(4) = 0
[ 77.607899][ T5056] loop0: detected capacity change from 0 to 64
[ 77.618220][ T5056] hfs: unable to locate alternate MDB
[ 77.623845][ T5056] hfs: continuing without an alternate MDB
[pid 5056] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5056] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5056] write(5, "9", 1) = 1
[pid 5056] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5056] exit_group(0) = ?
[pid 5056] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5056, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/bus") = 0
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5057 attached
, child_tidptr=0x55555665b650) = 5057
[pid 5057] set_robust_list(0x55555665b660, 24) = 0
[pid 5057] chdir("./2") = 0
[pid 5057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5057] setpgid(0, 0) = 0
[pid 5057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5057] write(3, "1000", 4) = 4
[pid 5057] close(3) = 0
[pid 5057] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5057] memfd_create("syzkaller", 0) = 3
[pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5057] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5057] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5057] close(3) = 0
[pid 5057] mkdir("./bus", 0777) = 0
[pid 5057] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5057] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5057] chdir("./bus") = 0
[pid 5057] ioctl(4, LOOP_CLR_FD) = 0
[pid 5057] close(4) = 0
[ 77.939371][ T5057] loop0: detected capacity change from 0 to 64
[ 77.955713][ T5057] hfs: unable to locate alternate MDB
[ 77.961120][ T5057] hfs: continuing without an alternate MDB
[pid 5057] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5057] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5057] write(5, "9", 1) = 1
[ 78.066073][ T5057] FAULT_INJECTION: forcing a failure.
[ 78.066073][ T5057] name failslab, interval 1, probability 0, space 0, times 0
[ 78.079156][ T5057] CPU: 0 PID: 5057 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 78.089565][ T5057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 78.099620][ T5057] Call Trace:
[ 78.102888][ T5057]
[ 78.105808][ T5057] dump_stack_lvl+0x125/0x1b0
[ 78.110479][ T5057] should_fail_ex+0x496/0x5b0
[ 78.115151][ T5057] should_failslab+0x9/0x20
[ 78.119645][ T5057] __kmem_cache_alloc_node+0x5f/0x460
[ 78.125016][ T5057] ? hfs_find_init+0x95/0x220
[ 78.129685][ T5057] __kmalloc+0x49/0x90
[ 78.133750][ T5057] hfs_find_init+0x95/0x220
[ 78.138247][ T5057] hfs_ext_read_extent+0x19c/0x9d0
[ 78.143355][ T5057] ? mutex_trylock+0x130/0x130
[ 78.148114][ T5057] ? hfs_free_extents+0x2f0/0x2f0
[ 78.153133][ T5057] ? clean_bdev_aliases+0x50e/0x610
[ 78.158322][ T5057] hfs_extend_file+0x4e0/0xb10
[ 78.163086][ T5057] ? reacquire_held_locks+0x4c0/0x4c0
[ 78.168453][ T5057] ? hfs_free_fork+0x900/0x900
[ 78.173213][ T5057] hfs_get_block+0x17f/0x820
[ 78.177807][ T5057] ? hfs_extend_file+0xb10/0xb10
[ 78.182771][ T5057] __block_write_begin_int+0x3c0/0x1560
[ 78.188325][ T5057] ? hfs_extend_file+0xb10/0xb10
[ 78.193271][ T5057] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 78.198833][ T5057] block_write_begin+0xb1/0x490
[ 78.203696][ T5057] ? hfs_extend_file+0xb10/0xb10
[ 78.208641][ T5057] cont_write_begin+0x530/0x730
[ 78.213500][ T5057] ? hfs_extend_file+0xb10/0xb10
[ 78.218446][ T5057] ? block_write_begin+0x490/0x490
[ 78.223564][ T5057] ? fault_in_readable+0x106/0x200
[ 78.228704][ T5057] ? fault_in_readable+0x150/0x200
[ 78.233828][ T5057] ? fault_in_subpage_writeable+0x20/0x20
[ 78.239561][ T5057] hfs_write_begin+0x87/0x140
[ 78.244257][ T5057] ? hfs_extend_file+0xb10/0xb10
[ 78.249200][ T5057] generic_perform_write+0x278/0x600
[ 78.254491][ T5057] ? folio_add_wait_queue+0x1c0/0x1c0
[ 78.259866][ T5057] ? generic_update_time+0xcf/0xf0
[ 78.264985][ T5057] ? mnt_put_write_access_file+0x45/0xf0
[ 78.270621][ T5057] __generic_file_write_iter+0x1f9/0x240
[ 78.276260][ T5057] generic_file_write_iter+0xe3/0x350
[ 78.281639][ T5057] vfs_write+0x64f/0xdf0
[ 78.285884][ T5057] ? kernel_write+0x6c0/0x6c0
[ 78.290566][ T5057] ? __fget_light+0x1fc/0x260
[ 78.295242][ T5057] ksys_write+0x12f/0x250
[ 78.299570][ T5057] ? __ia32_sys_read+0xb0/0xb0
[ 78.304347][ T5057] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 78.310596][ T5057] do_syscall_64+0x40/0x110
[ 78.315098][ T5057] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 78.320996][ T5057] RIP: 0033:0x7fc8ca0ec1e9
[ 78.325407][ T5057] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 78.345010][ T5057] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 78.353421][ T5057] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5057] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5057] exit_group(0) = ?
[pid 5057] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5057, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 78.361391][ T5057] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 78.369378][ T5057] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 78.377361][ T5057] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 78.385333][ T5057] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 78.393303][ T5057]
umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/bus") = 0
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5058 attached
, child_tidptr=0x55555665b650) = 5058
[pid 5058] set_robust_list(0x55555665b660, 24) = 0
[pid 5058] chdir("./3") = 0
[pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5058] setpgid(0, 0) = 0
[pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5058] write(3, "1000", 4) = 4
[pid 5058] close(3) = 0
[pid 5058] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5058] memfd_create("syzkaller", 0) = 3
[pid 5058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5058] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5058] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5058] close(3) = 0
[pid 5058] mkdir("./bus", 0777) = 0
[pid 5058] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5058] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5058] chdir("./bus") = 0
[pid 5058] ioctl(4, LOOP_CLR_FD) = 0
[pid 5058] close(4) = 0
[pid 5058] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 78.605494][ T5058] loop0: detected capacity change from 0 to 64
[ 78.625645][ T5058] hfs: unable to locate alternate MDB
[ 78.631238][ T5058] hfs: continuing without an alternate MDB
[pid 5058] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5058] write(5, "9", 1) = 1
[ 78.699571][ T5058] FAULT_INJECTION: forcing a failure.
[ 78.699571][ T5058] name failslab, interval 1, probability 0, space 0, times 0
[ 78.712314][ T5058] CPU: 1 PID: 5058 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 78.722733][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 78.732802][ T5058] Call Trace:
[ 78.736071][ T5058]
[ 78.738990][ T5058] dump_stack_lvl+0x125/0x1b0
[ 78.743666][ T5058] should_fail_ex+0x496/0x5b0
[ 78.748358][ T5058] should_failslab+0x9/0x20
[ 78.752862][ T5058] __kmem_cache_alloc_node+0x5f/0x460
[ 78.758245][ T5058] ? hfs_find_init+0x95/0x220
[ 78.762932][ T5058] __kmalloc+0x49/0x90
[ 78.767003][ T5058] hfs_find_init+0x95/0x220
[ 78.771510][ T5058] hfs_ext_read_extent+0x19c/0x9d0
[ 78.776630][ T5058] ? mutex_trylock+0x130/0x130
[ 78.781401][ T5058] ? hfs_free_extents+0x2f0/0x2f0
[ 78.786430][ T5058] ? clean_bdev_aliases+0x50e/0x610
[ 78.791633][ T5058] hfs_extend_file+0x4e0/0xb10
[ 78.796400][ T5058] ? reacquire_held_locks+0x4c0/0x4c0
[ 78.801778][ T5058] ? hfs_free_fork+0x900/0x900
[ 78.806546][ T5058] hfs_get_block+0x17f/0x820
[ 78.811142][ T5058] ? hfs_extend_file+0xb10/0xb10
[ 78.816081][ T5058] __block_write_begin_int+0x3c0/0x1560
[ 78.821634][ T5058] ? hfs_extend_file+0xb10/0xb10
[ 78.826578][ T5058] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 78.832130][ T5058] block_write_begin+0xb1/0x490
[ 78.836986][ T5058] ? hfs_extend_file+0xb10/0xb10
[ 78.841927][ T5058] cont_write_begin+0x530/0x730
[ 78.846784][ T5058] ? hfs_extend_file+0xb10/0xb10
[ 78.851730][ T5058] ? block_write_begin+0x490/0x490
[ 78.856845][ T5058] ? fault_in_readable+0x106/0x200
[ 78.861965][ T5058] ? fault_in_readable+0x150/0x200
[ 78.867083][ T5058] ? fault_in_subpage_writeable+0x20/0x20
[ 78.872812][ T5058] hfs_write_begin+0x87/0x140
[ 78.877494][ T5058] ? hfs_extend_file+0xb10/0xb10
[ 78.882435][ T5058] generic_perform_write+0x278/0x600
[ 78.887728][ T5058] ? folio_add_wait_queue+0x1c0/0x1c0
[ 78.893101][ T5058] ? generic_update_time+0xcf/0xf0
[ 78.898217][ T5058] ? mnt_put_write_access_file+0x45/0xf0
[ 78.903853][ T5058] __generic_file_write_iter+0x1f9/0x240
[ 78.909489][ T5058] generic_file_write_iter+0xe3/0x350
[ 78.914868][ T5058] vfs_write+0x64f/0xdf0
[ 78.919111][ T5058] ? kernel_write+0x6c0/0x6c0
[ 78.923792][ T5058] ? __fget_light+0x1fc/0x260
[ 78.928468][ T5058] ksys_write+0x12f/0x250
[ 78.932800][ T5058] ? __ia32_sys_read+0xb0/0xb0
[ 78.937564][ T5058] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 78.943806][ T5058] do_syscall_64+0x40/0x110
[ 78.948315][ T5058] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 78.954217][ T5058] RIP: 0033:0x7fc8ca0ec1e9
[ 78.958629][ T5058] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 78.978231][ T5058] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 78.986648][ T5058] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5058] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5058] exit_group(0) = ?
[pid 5058] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5058, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
[ 78.994616][ T5058] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 79.002587][ T5058] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 79.010555][ T5058] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 79.018524][ T5058] R13: 0000000000000003 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 79.026494][ T5058]
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/bus") = 0
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5059 attached
, child_tidptr=0x55555665b650) = 5059
[pid 5059] set_robust_list(0x55555665b660, 24) = 0
[pid 5059] chdir("./4") = 0
[pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5059] setpgid(0, 0) = 0
[pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5059] write(3, "1000", 4) = 4
[pid 5059] close(3) = 0
[pid 5059] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5059] memfd_create("syzkaller", 0) = 3
[pid 5059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5059] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5059] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5059] close(3) = 0
[pid 5059] mkdir("./bus", 0777) = 0
[pid 5059] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5059] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5059] chdir("./bus") = 0
[pid 5059] ioctl(4, LOOP_CLR_FD) = 0
[pid 5059] close(4) = 0
[pid 5059] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 79.278494][ T5059] loop0: detected capacity change from 0 to 64
[ 79.302114][ T5059] hfs: unable to locate alternate MDB
[ 79.307492][ T5059] hfs: continuing without an alternate MDB
[pid 5059] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5059] write(5, "9", 1) = 1
[ 79.364563][ T5059] FAULT_INJECTION: forcing a failure.
[ 79.364563][ T5059] name failslab, interval 1, probability 0, space 0, times 0
[ 79.377199][ T5059] CPU: 0 PID: 5059 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 79.387601][ T5059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 79.397648][ T5059] Call Trace:
[ 79.400920][ T5059]
[ 79.403842][ T5059] dump_stack_lvl+0x125/0x1b0
[ 79.408514][ T5059] should_fail_ex+0x496/0x5b0
[ 79.413189][ T5059] should_failslab+0x9/0x20
[ 79.417681][ T5059] __kmem_cache_alloc_node+0x5f/0x460
[ 79.423053][ T5059] ? hfs_find_init+0x95/0x220
[ 79.427723][ T5059] __kmalloc+0x49/0x90
[ 79.431780][ T5059] hfs_find_init+0x95/0x220
[ 79.436276][ T5059] hfs_ext_read_extent+0x19c/0x9d0
[ 79.441381][ T5059] ? mutex_trylock+0x130/0x130
[ 79.446136][ T5059] ? hfs_free_extents+0x2f0/0x2f0
[ 79.451152][ T5059] ? clean_bdev_aliases+0x50e/0x610
[ 79.456339][ T5059] hfs_extend_file+0x4e0/0xb10
[ 79.461096][ T5059] ? reacquire_held_locks+0x4c0/0x4c0
[ 79.466459][ T5059] ? hfs_free_fork+0x900/0x900
[ 79.471222][ T5059] hfs_get_block+0x17f/0x820
[ 79.475808][ T5059] ? hfs_extend_file+0xb10/0xb10
[ 79.480745][ T5059] __block_write_begin_int+0x3c0/0x1560
[ 79.486298][ T5059] ? hfs_extend_file+0xb10/0xb10
[ 79.491238][ T5059] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 79.496785][ T5059] block_write_begin+0xb1/0x490
[ 79.501643][ T5059] ? hfs_extend_file+0xb10/0xb10
[ 79.506583][ T5059] cont_write_begin+0x530/0x730
[ 79.511437][ T5059] ? hfs_extend_file+0xb10/0xb10
[ 79.516376][ T5059] ? block_write_begin+0x490/0x490
[ 79.521500][ T5059] ? fault_in_readable+0x106/0x200
[ 79.526624][ T5059] ? fault_in_readable+0x150/0x200
[ 79.531747][ T5059] ? fault_in_subpage_writeable+0x20/0x20
[ 79.537472][ T5059] hfs_write_begin+0x87/0x140
[ 79.542154][ T5059] ? hfs_extend_file+0xb10/0xb10
[ 79.547093][ T5059] generic_perform_write+0x278/0x600
[ 79.552382][ T5059] ? folio_add_wait_queue+0x1c0/0x1c0
[ 79.557759][ T5059] ? generic_update_time+0xcf/0xf0
[ 79.562876][ T5059] ? mnt_put_write_access_file+0x45/0xf0
[ 79.568516][ T5059] __generic_file_write_iter+0x1f9/0x240
[ 79.574157][ T5059] generic_file_write_iter+0xe3/0x350
[ 79.579536][ T5059] vfs_write+0x64f/0xdf0
[ 79.583779][ T5059] ? kernel_write+0x6c0/0x6c0
[ 79.588458][ T5059] ? __fget_light+0x1fc/0x260
[ 79.593137][ T5059] ksys_write+0x12f/0x250
[ 79.597466][ T5059] ? __ia32_sys_read+0xb0/0xb0
[ 79.602233][ T5059] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 79.608479][ T5059] do_syscall_64+0x40/0x110
[ 79.612985][ T5059] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 79.618888][ T5059] RIP: 0033:0x7fc8ca0ec1e9
[ 79.623298][ T5059] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 79.642909][ T5059] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 79.651322][ T5059] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5059] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5059] exit_group(0) = ?
[pid 5059] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 79.659289][ T5059] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 79.667258][ T5059] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 79.675277][ T5059] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 79.683269][ T5059] R13: 0000000000000004 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 79.691246][ T5059]
newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/bus") = 0
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached
, child_tidptr=0x55555665b650) = 5060
[pid 5060] set_robust_list(0x55555665b660, 24) = 0
[pid 5060] chdir("./5") = 0
[pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5060] setpgid(0, 0) = 0
[pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5060] write(3, "1000", 4) = 4
[pid 5060] close(3) = 0
[pid 5060] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5060] memfd_create("syzkaller", 0) = 3
[pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5060] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5060] close(3) = 0
[pid 5060] mkdir("./bus", 0777) = 0
[pid 5060] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5060] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5060] chdir("./bus") = 0
[pid 5060] ioctl(4, LOOP_CLR_FD) = 0
[pid 5060] close(4) = 0
[pid 5060] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5060] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5060] write(5, "9", 1) = 1
[pid 5060] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[ 79.882679][ T5060] loop0: detected capacity change from 0 to 64
[ 79.897705][ T5060] hfs: unable to locate alternate MDB
[ 79.903144][ T5060] hfs: continuing without an alternate MDB
[pid 5060] exit_group(0) = ?
[pid 5060] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/bus") = 0
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5061 attached
, child_tidptr=0x55555665b650) = 5061
[pid 5061] set_robust_list(0x55555665b660, 24) = 0
[pid 5061] chdir("./6") = 0
[pid 5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5061] setpgid(0, 0) = 0
[pid 5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5061] write(3, "1000", 4) = 4
[pid 5061] close(3) = 0
[pid 5061] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5061] memfd_create("syzkaller", 0) = 3
[pid 5061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5061] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5061] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5061] close(3) = 0
[pid 5061] mkdir("./bus", 0777) = 0
[pid 5061] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5061] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5061] chdir("./bus") = 0
[pid 5061] ioctl(4, LOOP_CLR_FD) = 0
[pid 5061] close(4) = 0
[pid 5061] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5061] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5061] write(5, "9", 1) = 1
[pid 5061] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5061] exit_group(0) = ?
[pid 5061] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5061, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 80.254865][ T5061] loop0: detected capacity change from 0 to 64
[ 80.270067][ T5061] hfs: unable to locate alternate MDB
[ 80.275747][ T5061] hfs: continuing without an alternate MDB
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/bus") = 0
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5062 attached
, child_tidptr=0x55555665b650) = 5062
[pid 5062] set_robust_list(0x55555665b660, 24) = 0
[pid 5062] chdir("./7") = 0
[pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5062] setpgid(0, 0) = 0
[pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5062] write(3, "1000", 4) = 4
[pid 5062] close(3) = 0
[pid 5062] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5062] memfd_create("syzkaller", 0) = 3
[pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5062] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5062] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5062] close(3) = 0
[pid 5062] mkdir("./bus", 0777) = 0
[pid 5062] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5062] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5062] chdir("./bus") = 0
[pid 5062] ioctl(4, LOOP_CLR_FD) = 0
[pid 5062] close(4) = 0
[pid 5062] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 80.573785][ T5062] loop0: detected capacity change from 0 to 64
[ 80.590586][ T5062] hfs: unable to locate alternate MDB
[ 80.595983][ T5062] hfs: continuing without an alternate MDB
[pid 5062] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5062] write(5, "9", 1) = 1
[ 80.675848][ T5062] FAULT_INJECTION: forcing a failure.
[ 80.675848][ T5062] name failslab, interval 1, probability 0, space 0, times 0
[ 80.689104][ T5062] CPU: 0 PID: 5062 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 80.699519][ T5062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 80.709559][ T5062] Call Trace:
[ 80.712823][ T5062]
[ 80.715736][ T5062] dump_stack_lvl+0x125/0x1b0
[ 80.720405][ T5062] should_fail_ex+0x496/0x5b0
[ 80.725073][ T5062] should_failslab+0x9/0x20
[ 80.729562][ T5062] __kmem_cache_alloc_node+0x5f/0x460
[ 80.734927][ T5062] ? hfs_find_init+0x95/0x220
[ 80.739594][ T5062] __kmalloc+0x49/0x90
[ 80.743660][ T5062] hfs_find_init+0x95/0x220
[ 80.748167][ T5062] hfs_ext_read_extent+0x19c/0x9d0
[ 80.753281][ T5062] ? mutex_trylock+0x130/0x130
[ 80.758049][ T5062] ? hfs_free_extents+0x2f0/0x2f0
[ 80.763079][ T5062] ? clean_bdev_aliases+0x50e/0x610
[ 80.768279][ T5062] hfs_extend_file+0x4e0/0xb10
[ 80.773051][ T5062] ? reacquire_held_locks+0x4c0/0x4c0
[ 80.778430][ T5062] ? hfs_free_fork+0x900/0x900
[ 80.783199][ T5062] hfs_get_block+0x17f/0x820
[ 80.787792][ T5062] ? hfs_extend_file+0xb10/0xb10
[ 80.792732][ T5062] __block_write_begin_int+0x3c0/0x1560
[ 80.798280][ T5062] ? hfs_extend_file+0xb10/0xb10
[ 80.803221][ T5062] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 80.808771][ T5062] block_write_begin+0xb1/0x490
[ 80.813632][ T5062] ? hfs_extend_file+0xb10/0xb10
[ 80.818575][ T5062] cont_write_begin+0x530/0x730
[ 80.823429][ T5062] ? hfs_extend_file+0xb10/0xb10
[ 80.828370][ T5062] ? block_write_begin+0x490/0x490
[ 80.833481][ T5062] ? fault_in_readable+0x106/0x200
[ 80.838599][ T5062] ? fault_in_readable+0x150/0x200
[ 80.843720][ T5062] ? fault_in_subpage_writeable+0x20/0x20
[ 80.849450][ T5062] hfs_write_begin+0x87/0x140
[ 80.854132][ T5062] ? hfs_extend_file+0xb10/0xb10
[ 80.859073][ T5062] generic_perform_write+0x278/0x600
[ 80.864363][ T5062] ? folio_add_wait_queue+0x1c0/0x1c0
[ 80.869735][ T5062] ? generic_update_time+0xcf/0xf0
[ 80.874849][ T5062] ? mnt_put_write_access_file+0x45/0xf0
[ 80.880488][ T5062] __generic_file_write_iter+0x1f9/0x240
[ 80.886128][ T5062] generic_file_write_iter+0xe3/0x350
[ 80.891503][ T5062] vfs_write+0x64f/0xdf0
[ 80.895748][ T5062] ? kernel_write+0x6c0/0x6c0
[ 80.900428][ T5062] ? __fget_light+0x1fc/0x260
[ 80.905102][ T5062] ksys_write+0x12f/0x250
[ 80.909431][ T5062] ? __ia32_sys_read+0xb0/0xb0
[ 80.914194][ T5062] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 80.920437][ T5062] do_syscall_64+0x40/0x110
[ 80.924942][ T5062] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 80.930841][ T5062] RIP: 0033:0x7fc8ca0ec1e9
[ 80.935250][ T5062] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 80.954853][ T5062] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 80.963262][ T5062] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5062] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5062] exit_group(0) = ?
[pid 5062] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
[ 80.971228][ T5062] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 80.979195][ T5062] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 80.987164][ T5062] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 80.995133][ T5062] R13: 0000000000000007 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 81.003101][ T5062]
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/bus") = 0
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5063 attached
, child_tidptr=0x55555665b650) = 5063
[pid 5063] set_robust_list(0x55555665b660, 24) = 0
[pid 5063] chdir("./8") = 0
[pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5063] setpgid(0, 0) = 0
[pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5063] write(3, "1000", 4) = 4
[pid 5063] close(3) = 0
[pid 5063] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5063] memfd_create("syzkaller", 0) = 3
[pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5063] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5063] close(3) = 0
[pid 5063] mkdir("./bus", 0777) = 0
[pid 5063] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5063] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5063] chdir("./bus") = 0
[pid 5063] ioctl(4, LOOP_CLR_FD) = 0
[pid 5063] close(4) = 0
[pid 5063] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 81.240879][ T5063] loop0: detected capacity change from 0 to 64
[ 81.256034][ T5063] hfs: unable to locate alternate MDB
[ 81.261475][ T5063] hfs: continuing without an alternate MDB
[pid 5063] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5063] write(5, "9", 1) = 1
[ 81.343948][ T5063] FAULT_INJECTION: forcing a failure.
[ 81.343948][ T5063] name failslab, interval 1, probability 0, space 0, times 0
[ 81.356634][ T5063] CPU: 1 PID: 5063 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 81.367061][ T5063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 81.377111][ T5063] Call Trace:
[ 81.380389][ T5063]
[ 81.383327][ T5063] dump_stack_lvl+0x125/0x1b0
[ 81.388021][ T5063] should_fail_ex+0x496/0x5b0
[ 81.392712][ T5063] should_failslab+0x9/0x20
[ 81.397215][ T5063] __kmem_cache_alloc_node+0x5f/0x460
[ 81.402606][ T5063] ? hfs_find_init+0x95/0x220
[ 81.407285][ T5063] __kmalloc+0x49/0x90
[ 81.411359][ T5063] hfs_find_init+0x95/0x220
[ 81.415871][ T5063] hfs_ext_read_extent+0x19c/0x9d0
[ 81.420987][ T5063] ? mutex_trylock+0x130/0x130
[ 81.425757][ T5063] ? hfs_free_extents+0x2f0/0x2f0
[ 81.430785][ T5063] ? clean_bdev_aliases+0x50e/0x610
[ 81.435985][ T5063] hfs_extend_file+0x4e0/0xb10
[ 81.440755][ T5063] ? reacquire_held_locks+0x4c0/0x4c0
[ 81.446137][ T5063] ? hfs_free_fork+0x900/0x900
[ 81.450908][ T5063] hfs_get_block+0x17f/0x820
[ 81.455501][ T5063] ? hfs_extend_file+0xb10/0xb10
[ 81.460451][ T5063] __block_write_begin_int+0x3c0/0x1560
[ 81.466002][ T5063] ? hfs_extend_file+0xb10/0xb10
[ 81.470952][ T5063] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 81.476507][ T5063] block_write_begin+0xb1/0x490
[ 81.481371][ T5063] ? hfs_extend_file+0xb10/0xb10
[ 81.486314][ T5063] cont_write_begin+0x530/0x730
[ 81.491173][ T5063] ? hfs_extend_file+0xb10/0xb10
[ 81.496112][ T5063] ? block_write_begin+0x490/0x490
[ 81.501228][ T5063] ? fault_in_readable+0x106/0x200
[ 81.506362][ T5063] ? fault_in_readable+0x150/0x200
[ 81.511489][ T5063] ? fault_in_subpage_writeable+0x20/0x20
[ 81.517217][ T5063] hfs_write_begin+0x87/0x140
[ 81.521907][ T5063] ? hfs_extend_file+0xb10/0xb10
[ 81.526852][ T5063] generic_perform_write+0x278/0x600
[ 81.532141][ T5063] ? folio_add_wait_queue+0x1c0/0x1c0
[ 81.537515][ T5063] ? generic_update_time+0xcf/0xf0
[ 81.542635][ T5063] ? mnt_put_write_access_file+0x45/0xf0
[ 81.548272][ T5063] __generic_file_write_iter+0x1f9/0x240
[ 81.553909][ T5063] generic_file_write_iter+0xe3/0x350
[ 81.559295][ T5063] vfs_write+0x64f/0xdf0
[ 81.563546][ T5063] ? kernel_write+0x6c0/0x6c0
[ 81.568225][ T5063] ? __fget_light+0x1fc/0x260
[ 81.572902][ T5063] ksys_write+0x12f/0x250
[ 81.577237][ T5063] ? __ia32_sys_read+0xb0/0xb0
[ 81.582003][ T5063] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 81.588260][ T5063] do_syscall_64+0x40/0x110
[ 81.592773][ T5063] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 81.598675][ T5063] RIP: 0033:0x7fc8ca0ec1e9
[ 81.603090][ T5063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 81.622702][ T5063] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 81.631120][ T5063] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5063] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5063] exit_group(0) = ?
[pid 5063] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 81.639095][ T5063] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 81.647065][ T5063] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 81.655035][ T5063] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 81.663003][ T5063] R13: 0000000000000008 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 81.670971][ T5063]
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/bus") = 0
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5064 attached
, child_tidptr=0x55555665b650) = 5064
[pid 5064] set_robust_list(0x55555665b660, 24) = 0
[pid 5064] chdir("./9") = 0
[pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5064] setpgid(0, 0) = 0
[pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5064] write(3, "1000", 4) = 4
[pid 5064] close(3) = 0
[pid 5064] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5064] memfd_create("syzkaller", 0) = 3
[pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5064] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5064] close(3) = 0
[pid 5064] mkdir("./bus", 0777) = 0
[pid 5064] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5064] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5064] chdir("./bus") = 0
[pid 5064] ioctl(4, LOOP_CLR_FD) = 0
[ 81.894081][ T5064] loop0: detected capacity change from 0 to 64
[ 81.924902][ T5064] hfs: unable to locate alternate MDB
[ 81.930783][ T5064] hfs: continuing without an alternate MDB
[pid 5064] close(4) = 0
[pid 5064] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5064] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5064] write(5, "9", 1) = 1
[ 81.985927][ T5064] FAULT_INJECTION: forcing a failure.
[ 81.985927][ T5064] name failslab, interval 1, probability 0, space 0, times 0
[ 82.018270][ T5064] CPU: 1 PID: 5064 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 82.028710][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 82.038770][ T5064] Call Trace:
[ 82.042056][ T5064]
[ 82.044993][ T5064] dump_stack_lvl+0x125/0x1b0
[ 82.049695][ T5064] should_fail_ex+0x496/0x5b0
[ 82.054402][ T5064] should_failslab+0x9/0x20
[ 82.058917][ T5064] __kmem_cache_alloc_node+0x5f/0x460
[ 82.064312][ T5064] ? hfs_find_init+0x95/0x220
[ 82.069003][ T5064] __kmalloc+0x49/0x90
[ 82.073094][ T5064] hfs_find_init+0x95/0x220
[ 82.077623][ T5064] hfs_ext_read_extent+0x19c/0x9d0
[ 82.082762][ T5064] ? mutex_trylock+0x130/0x130
[ 82.087559][ T5064] ? hfs_free_extents+0x2f0/0x2f0
[ 82.092605][ T5064] ? clean_bdev_aliases+0x50e/0x610
[ 82.097821][ T5064] hfs_extend_file+0x4e0/0xb10
[ 82.102607][ T5064] ? reacquire_held_locks+0x4c0/0x4c0
[ 82.107997][ T5064] ? hfs_free_fork+0x900/0x900
[ 82.112785][ T5064] hfs_get_block+0x17f/0x820
[ 82.117393][ T5064] ? hfs_extend_file+0xb10/0xb10
[ 82.122349][ T5064] __block_write_begin_int+0x3c0/0x1560
[ 82.127918][ T5064] ? hfs_extend_file+0xb10/0xb10
[ 82.132876][ T5064] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 82.138443][ T5064] block_write_begin+0xb1/0x490
[ 82.143317][ T5064] ? hfs_extend_file+0xb10/0xb10
[ 82.148273][ T5064] cont_write_begin+0x530/0x730
[ 82.153141][ T5064] ? hfs_extend_file+0xb10/0xb10
[ 82.158094][ T5064] ? block_write_begin+0x490/0x490
[ 82.163226][ T5064] ? fault_in_readable+0x106/0x200
[ 82.168365][ T5064] ? fault_in_readable+0x150/0x200
[ 82.173496][ T5064] ? fault_in_subpage_writeable+0x20/0x20
[ 82.179248][ T5064] hfs_write_begin+0x87/0x140
[ 82.183943][ T5064] ? hfs_extend_file+0xb10/0xb10
[ 82.188900][ T5064] generic_perform_write+0x278/0x600
[ 82.194205][ T5064] ? folio_add_wait_queue+0x1c0/0x1c0
[ 82.199593][ T5064] ? generic_update_time+0xcf/0xf0
[ 82.204728][ T5064] ? mnt_put_write_access_file+0x45/0xf0
[ 82.210378][ T5064] __generic_file_write_iter+0x1f9/0x240
[ 82.216033][ T5064] generic_file_write_iter+0xe3/0x350
[ 82.221428][ T5064] vfs_write+0x64f/0xdf0
[ 82.225686][ T5064] ? kernel_write+0x6c0/0x6c0
[ 82.230379][ T5064] ? __fget_light+0x1fc/0x260
[ 82.235070][ T5064] ksys_write+0x12f/0x250
[ 82.239412][ T5064] ? __ia32_sys_read+0xb0/0xb0
[ 82.244190][ T5064] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 82.250450][ T5064] do_syscall_64+0x40/0x110
[ 82.254972][ T5064] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 82.260894][ T5064] RIP: 0033:0x7fc8ca0ec1e9
[ 82.265316][ T5064] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5064] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5064] exit_group(0) = ?
[pid 5064] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 82.285016][ T5064] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 82.293414][ T5064] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[ 82.301371][ T5064] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 82.309324][ T5064] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 82.317277][ T5064] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 82.325232][ T5064] R13: 0000000000000009 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 82.333189][ T5064]
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/bus") = 0
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached
, child_tidptr=0x55555665b650) = 5066
[pid 5066] set_robust_list(0x55555665b660, 24) = 0
[pid 5066] chdir("./10") = 0
[pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5066] setpgid(0, 0) = 0
[pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5066] write(3, "1000", 4) = 4
[pid 5066] close(3) = 0
[pid 5066] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5066] memfd_create("syzkaller", 0) = 3
[pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5066] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5066] close(3) = 0
[pid 5066] mkdir("./bus", 0777) = 0
[pid 5066] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5066] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5066] chdir("./bus") = 0
[pid 5066] ioctl(4, LOOP_CLR_FD) = 0
[pid 5066] close(4) = 0
[ 82.617512][ T5066] loop0: detected capacity change from 0 to 64
[ 82.630183][ T5066] hfs: unable to locate alternate MDB
[ 82.635630][ T5066] hfs: continuing without an alternate MDB
[pid 5066] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5066] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5066] write(5, "9", 1) = 1
[ 82.711372][ T5066] FAULT_INJECTION: forcing a failure.
[ 82.711372][ T5066] name failslab, interval 1, probability 0, space 0, times 0
[ 82.724606][ T5066] CPU: 1 PID: 5066 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 82.735020][ T5066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 82.745073][ T5066] Call Trace:
[ 82.748369][ T5066]
[ 82.751317][ T5066] dump_stack_lvl+0x125/0x1b0
[ 82.755987][ T5066] should_fail_ex+0x496/0x5b0
[ 82.760658][ T5066] should_failslab+0x9/0x20
[ 82.765149][ T5066] __kmem_cache_alloc_node+0x5f/0x460
[ 82.770515][ T5066] ? hfs_find_init+0x95/0x220
[ 82.775182][ T5066] __kmalloc+0x49/0x90
[ 82.779249][ T5066] hfs_find_init+0x95/0x220
[ 82.783743][ T5066] hfs_ext_read_extent+0x19c/0x9d0
[ 82.788849][ T5066] ? mutex_trylock+0x130/0x130
[ 82.793605][ T5066] ? hfs_free_extents+0x2f0/0x2f0
[ 82.798622][ T5066] ? clean_bdev_aliases+0x50e/0x610
[ 82.803810][ T5066] hfs_extend_file+0x4e0/0xb10
[ 82.808566][ T5066] ? reacquire_held_locks+0x4c0/0x4c0
[ 82.813934][ T5066] ? hfs_free_fork+0x900/0x900
[ 82.818708][ T5066] hfs_get_block+0x17f/0x820
[ 82.823293][ T5066] ? hfs_extend_file+0xb10/0xb10
[ 82.828221][ T5066] __block_write_begin_int+0x3c0/0x1560
[ 82.833760][ T5066] ? hfs_extend_file+0xb10/0xb10
[ 82.838690][ T5066] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 82.844233][ T5066] block_write_begin+0xb1/0x490
[ 82.849075][ T5066] ? hfs_extend_file+0xb10/0xb10
[ 82.854003][ T5066] cont_write_begin+0x530/0x730
[ 82.859541][ T5066] ? hfs_extend_file+0xb10/0xb10
[ 82.864480][ T5066] ? block_write_begin+0x490/0x490
[ 82.869579][ T5066] ? fault_in_readable+0x106/0x200
[ 82.874685][ T5066] ? fault_in_readable+0x150/0x200
[ 82.879788][ T5066] ? fault_in_subpage_writeable+0x20/0x20
[ 82.885501][ T5066] hfs_write_begin+0x87/0x140
[ 82.890172][ T5066] ? hfs_extend_file+0xb10/0xb10
[ 82.895107][ T5066] generic_perform_write+0x278/0x600
[ 82.900385][ T5066] ? folio_add_wait_queue+0x1c0/0x1c0
[ 82.905770][ T5066] ? generic_update_time+0xcf/0xf0
[ 82.910876][ T5066] ? mnt_put_write_access_file+0x45/0xf0
[ 82.916513][ T5066] __generic_file_write_iter+0x1f9/0x240
[ 82.922139][ T5066] generic_file_write_iter+0xe3/0x350
[ 82.927507][ T5066] vfs_write+0x64f/0xdf0
[ 82.931742][ T5066] ? kernel_write+0x6c0/0x6c0
[ 82.936410][ T5066] ? __fget_light+0x1fc/0x260
[ 82.941079][ T5066] ksys_write+0x12f/0x250
[ 82.945398][ T5066] ? __ia32_sys_read+0xb0/0xb0
[ 82.950149][ T5066] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 82.956388][ T5066] do_syscall_64+0x40/0x110
[ 82.960897][ T5066] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 82.966782][ T5066] RIP: 0033:0x7fc8ca0ec1e9
[ 82.971185][ T5066] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 82.990788][ T5066] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 82.999196][ T5066] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5066] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5066] exit_group(0) = ?
[pid 5066] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 83.007155][ T5066] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 83.015112][ T5066] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 83.023071][ T5066] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 83.031030][ T5066] R13: 000000000000000a R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 83.038987][ T5066]
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/bus") = 0
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5067 attached
, child_tidptr=0x55555665b650) = 5067
[pid 5067] set_robust_list(0x55555665b660, 24) = 0
[pid 5067] chdir("./11") = 0
[pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5067] setpgid(0, 0) = 0
[pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5067] write(3, "1000", 4) = 4
[pid 5067] close(3) = 0
[pid 5067] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5067] memfd_create("syzkaller", 0) = 3
[pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5067] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5067] close(3) = 0
[pid 5067] mkdir("./bus", 0777) = 0
[pid 5067] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5067] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5067] chdir("./bus") = 0
[pid 5067] ioctl(4, LOOP_CLR_FD) = 0
[pid 5067] close(4) = 0
[pid 5067] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5067] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 83.256783][ T5067] loop0: detected capacity change from 0 to 64
[ 83.282015][ T5067] hfs: unable to locate alternate MDB
[ 83.287406][ T5067] hfs: continuing without an alternate MDB
[pid 5067] write(5, "9", 1) = 1
[ 83.344944][ T5067] FAULT_INJECTION: forcing a failure.
[ 83.344944][ T5067] name failslab, interval 1, probability 0, space 0, times 0
[ 83.357675][ T5067] CPU: 1 PID: 5067 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 83.368113][ T5067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 83.378167][ T5067] Call Trace:
[ 83.381451][ T5067]
[ 83.384374][ T5067] dump_stack_lvl+0x125/0x1b0
[ 83.389042][ T5067] should_fail_ex+0x496/0x5b0
[ 83.393729][ T5067] should_failslab+0x9/0x20
[ 83.398222][ T5067] __kmem_cache_alloc_node+0x5f/0x460
[ 83.403591][ T5067] ? hfs_find_init+0x95/0x220
[ 83.408259][ T5067] __kmalloc+0x49/0x90
[ 83.412318][ T5067] hfs_find_init+0x95/0x220
[ 83.416812][ T5067] hfs_ext_read_extent+0x19c/0x9d0
[ 83.421916][ T5067] ? mutex_trylock+0x130/0x130
[ 83.426679][ T5067] ? hfs_free_extents+0x2f0/0x2f0
[ 83.431716][ T5067] ? clean_bdev_aliases+0x50e/0x610
[ 83.436916][ T5067] hfs_extend_file+0x4e0/0xb10
[ 83.441683][ T5067] ? reacquire_held_locks+0x4c0/0x4c0
[ 83.447050][ T5067] ? hfs_free_fork+0x900/0x900
[ 83.451824][ T5067] hfs_get_block+0x17f/0x820
[ 83.456407][ T5067] ? hfs_extend_file+0xb10/0xb10
[ 83.461349][ T5067] __block_write_begin_int+0x3c0/0x1560
[ 83.466912][ T5067] ? hfs_extend_file+0xb10/0xb10
[ 83.471841][ T5067] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 83.477379][ T5067] block_write_begin+0xb1/0x490
[ 83.482223][ T5067] ? hfs_extend_file+0xb10/0xb10
[ 83.487165][ T5067] cont_write_begin+0x530/0x730
[ 83.492013][ T5067] ? hfs_extend_file+0xb10/0xb10
[ 83.496941][ T5067] ? block_write_begin+0x490/0x490
[ 83.502044][ T5067] ? fault_in_readable+0x106/0x200
[ 83.507151][ T5067] ? fault_in_readable+0x150/0x200
[ 83.512259][ T5067] ? fault_in_subpage_writeable+0x20/0x20
[ 83.517973][ T5067] hfs_write_begin+0x87/0x140
[ 83.522646][ T5067] ? hfs_extend_file+0xb10/0xb10
[ 83.527576][ T5067] generic_perform_write+0x278/0x600
[ 83.532868][ T5067] ? folio_add_wait_queue+0x1c0/0x1c0
[ 83.538233][ T5067] ? generic_update_time+0xcf/0xf0
[ 83.543354][ T5067] ? mnt_put_write_access_file+0x45/0xf0
[ 83.549013][ T5067] __generic_file_write_iter+0x1f9/0x240
[ 83.554648][ T5067] generic_file_write_iter+0xe3/0x350
[ 83.560022][ T5067] vfs_write+0x64f/0xdf0
[ 83.564258][ T5067] ? kernel_write+0x6c0/0x6c0
[ 83.568925][ T5067] ? __fget_light+0x1fc/0x260
[ 83.573590][ T5067] ksys_write+0x12f/0x250
[ 83.577918][ T5067] ? __ia32_sys_read+0xb0/0xb0
[ 83.582690][ T5067] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 83.588919][ T5067] do_syscall_64+0x40/0x110
[ 83.593413][ T5067] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 83.599302][ T5067] RIP: 0033:0x7fc8ca0ec1e9
[ 83.603706][ T5067] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 83.623303][ T5067] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 83.631710][ T5067] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5067] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5067] exit_group(0) = ?
[pid 5067] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5067, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 83.639670][ T5067] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 83.647627][ T5067] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 83.655587][ T5067] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 83.663545][ T5067] R13: 000000000000000b R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 83.671512][ T5067]
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/bus") = 0
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./11/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached
, child_tidptr=0x55555665b650) = 5068
[pid 5068] set_robust_list(0x55555665b660, 24) = 0
[pid 5068] chdir("./12") = 0
[pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5068] setpgid(0, 0) = 0
[pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5068] write(3, "1000", 4) = 4
[pid 5068] close(3) = 0
[pid 5068] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5068] memfd_create("syzkaller", 0) = 3
[pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5068] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5068] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5068] close(3) = 0
[pid 5068] mkdir("./bus", 0777) = 0
[pid 5068] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5068] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5068] chdir("./bus") = 0
[pid 5068] ioctl(4, LOOP_CLR_FD) = 0
[pid 5068] close(4) = 0
[pid 5068] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5068] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5068] write(5, "9", 1) = 1
[ 83.933551][ T5068] loop0: detected capacity change from 0 to 64
[ 83.949479][ T5068] hfs: unable to locate alternate MDB
[ 83.954998][ T5068] hfs: continuing without an alternate MDB
[pid 5068] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5068] exit_group(0) = ?
[pid 5068] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./12/bus") = 0
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./12/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./12") = 0
mkdir("./13", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5069 attached
, child_tidptr=0x55555665b650) = 5069
[pid 5069] set_robust_list(0x55555665b660, 24) = 0
[pid 5069] chdir("./13") = 0
[pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5069] setpgid(0, 0) = 0
[pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5069] write(3, "1000", 4) = 4
[pid 5069] close(3) = 0
[pid 5069] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5069] memfd_create("syzkaller", 0) = 3
[pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5069] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5069] close(3) = 0
[pid 5069] mkdir("./bus", 0777) = 0
[pid 5069] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5069] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5069] chdir("./bus") = 0
[pid 5069] ioctl(4, LOOP_CLR_FD) = 0
[pid 5069] close(4) = 0
[pid 5069] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5069] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 84.268590][ T5069] loop0: detected capacity change from 0 to 64
[ 84.288428][ T5069] hfs: unable to locate alternate MDB
[ 84.293901][ T5069] hfs: continuing without an alternate MDB
[pid 5069] write(5, "9", 1) = 1
[pid 5069] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5069] exit_group(0) = ?
[pid 5069] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./13/bus") = 0
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./13/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./13") = 0
mkdir("./14", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5070 attached
, child_tidptr=0x55555665b650) = 5070
[pid 5070] set_robust_list(0x55555665b660, 24) = 0
[pid 5070] chdir("./14") = 0
[pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5070] setpgid(0, 0) = 0
[pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5070] write(3, "1000", 4) = 4
[pid 5070] close(3) = 0
[pid 5070] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5070] memfd_create("syzkaller", 0) = 3
[pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5070] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5070] close(3) = 0
[pid 5070] mkdir("./bus", 0777) = 0
[pid 5070] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5070] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5070] chdir("./bus") = 0
[pid 5070] ioctl(4, LOOP_CLR_FD) = 0
[pid 5070] close(4) = 0
[pid 5070] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5070] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5070] write(5, "9", 1) = 1
[pid 5070] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5070] exit_group(0) = ?
[pid 5070] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 84.581131][ T5070] loop0: detected capacity change from 0 to 64
[ 84.595357][ T5070] hfs: unable to locate alternate MDB
[ 84.600778][ T5070] hfs: continuing without an alternate MDB
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./14/bus") = 0
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./14/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./14") = 0
mkdir("./15", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached
, child_tidptr=0x55555665b650) = 5071
[pid 5071] set_robust_list(0x55555665b660, 24) = 0
[pid 5071] chdir("./15") = 0
[pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5071] setpgid(0, 0) = 0
[pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5071] write(3, "1000", 4) = 4
[pid 5071] close(3) = 0
[pid 5071] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5071] memfd_create("syzkaller", 0) = 3
[pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5071] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5071] close(3) = 0
[pid 5071] mkdir("./bus", 0777) = 0
[pid 5071] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5071] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5071] chdir("./bus") = 0
[pid 5071] ioctl(4, LOOP_CLR_FD) = 0
[pid 5071] close(4) = 0
[pid 5071] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5071] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 84.851300][ T5071] loop0: detected capacity change from 0 to 64
[ 84.861116][ T5071] hfs: unable to locate alternate MDB
[ 84.866493][ T5071] hfs: continuing without an alternate MDB
[pid 5071] write(5, "9", 1) = 1
[ 84.913312][ T5071] FAULT_INJECTION: forcing a failure.
[ 84.913312][ T5071] name failslab, interval 1, probability 0, space 0, times 0
[ 84.926996][ T5071] CPU: 0 PID: 5071 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 84.937431][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 84.947473][ T5071] Call Trace:
[ 84.950739][ T5071]
[ 84.953653][ T5071] dump_stack_lvl+0x125/0x1b0
[ 84.958320][ T5071] should_fail_ex+0x496/0x5b0
[ 84.962992][ T5071] should_failslab+0x9/0x20
[ 84.967482][ T5071] __kmem_cache_alloc_node+0x5f/0x460
[ 84.972851][ T5071] ? hfs_find_init+0x95/0x220
[ 84.977515][ T5071] __kmalloc+0x49/0x90
[ 84.981575][ T5071] hfs_find_init+0x95/0x220
[ 84.986070][ T5071] hfs_ext_read_extent+0x19c/0x9d0
[ 84.991175][ T5071] ? mutex_trylock+0x130/0x130
[ 84.995927][ T5071] ? hfs_free_extents+0x2f0/0x2f0
[ 85.000944][ T5071] ? clean_bdev_aliases+0x50e/0x610
[ 85.006133][ T5071] hfs_extend_file+0x4e0/0xb10
[ 85.010903][ T5071] ? reacquire_held_locks+0x4c0/0x4c0
[ 85.016267][ T5071] ? hfs_free_fork+0x900/0x900
[ 85.021028][ T5071] hfs_get_block+0x17f/0x820
[ 85.025624][ T5071] ? hfs_extend_file+0xb10/0xb10
[ 85.030564][ T5071] __block_write_begin_int+0x3c0/0x1560
[ 85.036116][ T5071] ? hfs_extend_file+0xb10/0xb10
[ 85.041061][ T5071] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 85.046612][ T5071] block_write_begin+0xb1/0x490
[ 85.051468][ T5071] ? hfs_extend_file+0xb10/0xb10
[ 85.056410][ T5071] cont_write_begin+0x530/0x730
[ 85.061281][ T5071] ? hfs_extend_file+0xb10/0xb10
[ 85.066229][ T5071] ? block_write_begin+0x490/0x490
[ 85.071348][ T5071] ? fault_in_readable+0x106/0x200
[ 85.076471][ T5071] ? fault_in_readable+0x150/0x200
[ 85.081594][ T5071] ? fault_in_subpage_writeable+0x20/0x20
[ 85.087327][ T5071] hfs_write_begin+0x87/0x140
[ 85.092015][ T5071] ? hfs_extend_file+0xb10/0xb10
[ 85.096961][ T5071] generic_perform_write+0x278/0x600
[ 85.102251][ T5071] ? folio_add_wait_queue+0x1c0/0x1c0
[ 85.107626][ T5071] ? generic_update_time+0xcf/0xf0
[ 85.112747][ T5071] ? mnt_put_write_access_file+0x45/0xf0
[ 85.118392][ T5071] __generic_file_write_iter+0x1f9/0x240
[ 85.124034][ T5071] generic_file_write_iter+0xe3/0x350
[ 85.129415][ T5071] vfs_write+0x64f/0xdf0
[ 85.133661][ T5071] ? kernel_write+0x6c0/0x6c0
[ 85.138355][ T5071] ? __fget_light+0x1fc/0x260
[ 85.143031][ T5071] ksys_write+0x12f/0x250
[ 85.147366][ T5071] ? __ia32_sys_read+0xb0/0xb0
[ 85.152132][ T5071] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 85.158381][ T5071] do_syscall_64+0x40/0x110
[ 85.162887][ T5071] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 85.168790][ T5071] RIP: 0033:0x7fc8ca0ec1e9
[ 85.173205][ T5071] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 85.192807][ T5071] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 85.201229][ T5071] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5071] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5071] exit_group(0) = ?
[pid 5071] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5071, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 85.209203][ T5071] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 85.217178][ T5071] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 85.225153][ T5071] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 85.233127][ T5071] R13: 000000000000000f R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 85.241104][ T5071]
umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./15/bus") = 0
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./15/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./15") = 0
mkdir("./16", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5072 attached
, child_tidptr=0x55555665b650) = 5072
[pid 5072] set_robust_list(0x55555665b660, 24) = 0
[pid 5072] chdir("./16") = 0
[pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5072] setpgid(0, 0) = 0
[pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5072] write(3, "1000", 4) = 4
[pid 5072] close(3) = 0
[pid 5072] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5072] memfd_create("syzkaller", 0) = 3
[pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5072] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5072] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5072] close(3) = 0
[pid 5072] mkdir("./bus", 0777) = 0
[pid 5072] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5072] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5072] chdir("./bus") = 0
[pid 5072] ioctl(4, LOOP_CLR_FD) = 0
[pid 5072] close(4) = 0
[pid 5072] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5072] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5072] write(5, "9", 1) = 1
[ 85.459550][ T5072] loop0: detected capacity change from 0 to 64
[ 85.474542][ T5072] hfs: unable to locate alternate MDB
[ 85.479924][ T5072] hfs: continuing without an alternate MDB
[ 85.534624][ T5072] FAULT_INJECTION: forcing a failure.
[ 85.534624][ T5072] name failslab, interval 1, probability 0, space 0, times 0
[ 85.547421][ T5072] CPU: 0 PID: 5072 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 85.557840][ T5072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 85.567884][ T5072] Call Trace:
[ 85.571159][ T5072]
[ 85.574086][ T5072] dump_stack_lvl+0x125/0x1b0
[ 85.578753][ T5072] should_fail_ex+0x496/0x5b0
[ 85.583426][ T5072] should_failslab+0x9/0x20
[ 85.587917][ T5072] __kmem_cache_alloc_node+0x5f/0x460
[ 85.593293][ T5072] ? hfs_find_init+0x95/0x220
[ 85.597967][ T5072] __kmalloc+0x49/0x90
[ 85.602024][ T5072] hfs_find_init+0x95/0x220
[ 85.606521][ T5072] hfs_ext_read_extent+0x19c/0x9d0
[ 85.611625][ T5072] ? mutex_trylock+0x130/0x130
[ 85.616387][ T5072] ? hfs_free_extents+0x2f0/0x2f0
[ 85.621404][ T5072] ? clean_bdev_aliases+0x50e/0x610
[ 85.626605][ T5072] hfs_extend_file+0x4e0/0xb10
[ 85.631381][ T5072] ? reacquire_held_locks+0x4c0/0x4c0
[ 85.636744][ T5072] ? hfs_free_fork+0x900/0x900
[ 85.641500][ T5072] hfs_get_block+0x17f/0x820
[ 85.646083][ T5072] ? hfs_extend_file+0xb10/0xb10
[ 85.651014][ T5072] __block_write_begin_int+0x3c0/0x1560
[ 85.656550][ T5072] ? hfs_extend_file+0xb10/0xb10
[ 85.661480][ T5072] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 85.667018][ T5072] block_write_begin+0xb1/0x490
[ 85.671862][ T5072] ? hfs_extend_file+0xb10/0xb10
[ 85.676791][ T5072] cont_write_begin+0x530/0x730
[ 85.681636][ T5072] ? hfs_extend_file+0xb10/0xb10
[ 85.686572][ T5072] ? block_write_begin+0x490/0x490
[ 85.691673][ T5072] ? fault_in_readable+0x106/0x200
[ 85.696788][ T5072] ? fault_in_readable+0x150/0x200
[ 85.701916][ T5072] ? fault_in_subpage_writeable+0x20/0x20
[ 85.707631][ T5072] hfs_write_begin+0x87/0x140
[ 85.712302][ T5072] ? hfs_extend_file+0xb10/0xb10
[ 85.717228][ T5072] generic_perform_write+0x278/0x600
[ 85.722506][ T5072] ? folio_add_wait_queue+0x1c0/0x1c0
[ 85.727871][ T5072] ? generic_update_time+0xcf/0xf0
[ 85.732979][ T5072] ? mnt_put_write_access_file+0x45/0xf0
[ 85.738600][ T5072] __generic_file_write_iter+0x1f9/0x240
[ 85.744228][ T5072] generic_file_write_iter+0xe3/0x350
[ 85.749594][ T5072] vfs_write+0x64f/0xdf0
[ 85.753829][ T5072] ? kernel_write+0x6c0/0x6c0
[ 85.758499][ T5072] ? __fget_light+0x1fc/0x260
[ 85.763169][ T5072] ksys_write+0x12f/0x250
[ 85.767490][ T5072] ? __ia32_sys_read+0xb0/0xb0
[ 85.772247][ T5072] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 85.778480][ T5072] do_syscall_64+0x40/0x110
[ 85.782976][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 85.788880][ T5072] RIP: 0033:0x7fc8ca0ec1e9
[ 85.793297][ T5072] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 85.812893][ T5072] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 85.821291][ T5072] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5072] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5072] exit_group(0) = ?
[pid 5072] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 85.829253][ T5072] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 85.837214][ T5072] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 85.845177][ T5072] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 85.853138][ T5072] R13: 0000000000000010 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 85.861100][ T5072]
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./16/bus") = 0
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./16/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./16") = 0
mkdir("./17", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached
, child_tidptr=0x55555665b650) = 5073
[pid 5073] set_robust_list(0x55555665b660, 24) = 0
[pid 5073] chdir("./17") = 0
[pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5073] setpgid(0, 0) = 0
[pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5073] write(3, "1000", 4) = 4
[pid 5073] close(3) = 0
[pid 5073] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5073] memfd_create("syzkaller", 0) = 3
[pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5073] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5073] close(3) = 0
[pid 5073] mkdir("./bus", 0777) = 0
[pid 5073] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5073] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5073] chdir("./bus") = 0
[pid 5073] ioctl(4, LOOP_CLR_FD) = 0
[pid 5073] close(4) = 0
[ 86.121318][ T5073] loop0: detected capacity change from 0 to 64
[ 86.146362][ T5073] hfs: unable to locate alternate MDB
[ 86.151828][ T5073] hfs: continuing without an alternate MDB
[pid 5073] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5073] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5073] write(5, "9", 1) = 1
[ 86.217637][ T5073] FAULT_INJECTION: forcing a failure.
[ 86.217637][ T5073] name failslab, interval 1, probability 0, space 0, times 0
[ 86.230417][ T5073] CPU: 1 PID: 5073 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 86.240820][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 86.250864][ T5073] Call Trace:
[ 86.254133][ T5073]
[ 86.257050][ T5073] dump_stack_lvl+0x125/0x1b0
[ 86.261732][ T5073] should_fail_ex+0x496/0x5b0
[ 86.266412][ T5073] should_failslab+0x9/0x20
[ 86.270907][ T5073] __kmem_cache_alloc_node+0x5f/0x460
[ 86.276287][ T5073] ? hfs_find_init+0x95/0x220
[ 86.280958][ T5073] __kmalloc+0x49/0x90
[ 86.285015][ T5073] hfs_find_init+0x95/0x220
[ 86.289510][ T5073] hfs_ext_read_extent+0x19c/0x9d0
[ 86.294615][ T5073] ? mutex_trylock+0x130/0x130
[ 86.299373][ T5073] ? hfs_free_extents+0x2f0/0x2f0
[ 86.304392][ T5073] ? clean_bdev_aliases+0x50e/0x610
[ 86.309579][ T5073] hfs_extend_file+0x4e0/0xb10
[ 86.314335][ T5073] ? reacquire_held_locks+0x4c0/0x4c0
[ 86.319702][ T5073] ? hfs_free_fork+0x900/0x900
[ 86.324461][ T5073] hfs_get_block+0x17f/0x820
[ 86.329043][ T5073] ? hfs_extend_file+0xb10/0xb10
[ 86.333972][ T5073] __block_write_begin_int+0x3c0/0x1560
[ 86.339511][ T5073] ? hfs_extend_file+0xb10/0xb10
[ 86.344444][ T5073] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 86.349986][ T5073] block_write_begin+0xb1/0x490
[ 86.354829][ T5073] ? hfs_extend_file+0xb10/0xb10
[ 86.359758][ T5073] cont_write_begin+0x530/0x730
[ 86.364603][ T5073] ? hfs_extend_file+0xb10/0xb10
[ 86.369532][ T5073] ? block_write_begin+0x490/0x490
[ 86.374637][ T5073] ? fault_in_readable+0x106/0x200
[ 86.379743][ T5073] ? fault_in_readable+0x150/0x200
[ 86.384856][ T5073] ? fault_in_subpage_writeable+0x20/0x20
[ 86.390577][ T5073] hfs_write_begin+0x87/0x140
[ 86.395254][ T5073] ? hfs_extend_file+0xb10/0xb10
[ 86.400185][ T5073] generic_perform_write+0x278/0x600
[ 86.405476][ T5073] ? folio_add_wait_queue+0x1c0/0x1c0
[ 86.410846][ T5073] ? generic_update_time+0xcf/0xf0
[ 86.415952][ T5073] ? mnt_put_write_access_file+0x45/0xf0
[ 86.421581][ T5073] __generic_file_write_iter+0x1f9/0x240
[ 86.427216][ T5073] generic_file_write_iter+0xe3/0x350
[ 86.432588][ T5073] vfs_write+0x64f/0xdf0
[ 86.436833][ T5073] ? kernel_write+0x6c0/0x6c0
[ 86.441502][ T5073] ? __fget_light+0x1fc/0x260
[ 86.446171][ T5073] ksys_write+0x12f/0x250
[ 86.450488][ T5073] ? __ia32_sys_read+0xb0/0xb0
[ 86.455243][ T5073] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 86.461480][ T5073] do_syscall_64+0x40/0x110
[ 86.465977][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 86.471864][ T5073] RIP: 0033:0x7fc8ca0ec1e9
[ 86.476268][ T5073] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 86.495877][ T5073] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 86.504291][ T5073] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5073] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5073] exit_group(0) = ?
[pid 5073] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 86.512272][ T5073] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 86.520239][ T5073] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 86.528308][ T5073] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 86.536269][ T5073] R13: 0000000000000011 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 86.544235][ T5073]
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./17/bus") = 0
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./17/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./17") = 0
mkdir("./18", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5074 attached
, child_tidptr=0x55555665b650) = 5074
[pid 5074] set_robust_list(0x55555665b660, 24) = 0
[pid 5074] chdir("./18") = 0
[pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5074] setpgid(0, 0) = 0
[pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5074] write(3, "1000", 4) = 4
[pid 5074] close(3) = 0
[pid 5074] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5074] memfd_create("syzkaller", 0) = 3
[pid 5074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5074] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5074] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5074] close(3) = 0
[pid 5074] mkdir("./bus", 0777) = 0
[pid 5074] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5074] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5074] chdir("./bus") = 0
[pid 5074] ioctl(4, LOOP_CLR_FD) = 0
[pid 5074] close(4) = 0
[pid 5074] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 86.843756][ T5074] loop0: detected capacity change from 0 to 64
[ 86.878590][ T5074] hfs: unable to locate alternate MDB
[ 86.884270][ T5074] hfs: continuing without an alternate MDB
[pid 5074] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5074] write(5, "9", 1) = 1
[ 86.938748][ T5074] FAULT_INJECTION: forcing a failure.
[ 86.938748][ T5074] name failslab, interval 1, probability 0, space 0, times 0
[ 86.959474][ T5074] CPU: 1 PID: 5074 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 86.961885][ T779] cfg80211: failed to load regulatory.db
[ 86.969905][ T5074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 86.985600][ T5074] Call Trace:
[ 86.988891][ T5074]
[ 86.991838][ T5074] dump_stack_lvl+0x125/0x1b0
[ 86.996541][ T5074] should_fail_ex+0x496/0x5b0
[ 87.001251][ T5074] should_failslab+0x9/0x20
[ 87.005779][ T5074] __kmem_cache_alloc_node+0x5f/0x460
[ 87.011180][ T5074] ? hfs_find_init+0x95/0x220
[ 87.015878][ T5074] __kmalloc+0x49/0x90
[ 87.019968][ T5074] hfs_find_init+0x95/0x220
[ 87.024480][ T5074] hfs_ext_read_extent+0x19c/0x9d0
[ 87.029584][ T5074] ? mutex_trylock+0x130/0x130
[ 87.034340][ T5074] ? hfs_free_extents+0x2f0/0x2f0
[ 87.039355][ T5074] ? clean_bdev_aliases+0x50e/0x610
[ 87.044544][ T5074] hfs_extend_file+0x4e0/0xb10
[ 87.049297][ T5074] ? reacquire_held_locks+0x4c0/0x4c0
[ 87.054671][ T5074] ? hfs_free_fork+0x900/0x900
[ 87.059462][ T5074] hfs_get_block+0x17f/0x820
[ 87.064046][ T5074] ? hfs_extend_file+0xb10/0xb10
[ 87.068975][ T5074] __block_write_begin_int+0x3c0/0x1560
[ 87.074514][ T5074] ? hfs_extend_file+0xb10/0xb10
[ 87.079450][ T5074] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 87.084991][ T5074] block_write_begin+0xb1/0x490
[ 87.089836][ T5074] ? hfs_extend_file+0xb10/0xb10
[ 87.094767][ T5074] cont_write_begin+0x530/0x730
[ 87.099612][ T5074] ? hfs_extend_file+0xb10/0xb10
[ 87.104543][ T5074] ? block_write_begin+0x490/0x490
[ 87.109647][ T5074] ? fault_in_readable+0x106/0x200
[ 87.114753][ T5074] ? fault_in_readable+0x150/0x200
[ 87.119858][ T5074] ? fault_in_subpage_writeable+0x20/0x20
[ 87.125570][ T5074] hfs_write_begin+0x87/0x140
[ 87.130247][ T5074] ? hfs_extend_file+0xb10/0xb10
[ 87.135209][ T5074] generic_perform_write+0x278/0x600
[ 87.140492][ T5074] ? folio_add_wait_queue+0x1c0/0x1c0
[ 87.145856][ T5074] ? generic_update_time+0xcf/0xf0
[ 87.150965][ T5074] ? mnt_put_write_access_file+0x45/0xf0
[ 87.156607][ T5074] __generic_file_write_iter+0x1f9/0x240
[ 87.162259][ T5074] generic_file_write_iter+0xe3/0x350
[ 87.167621][ T5074] vfs_write+0x64f/0xdf0
[ 87.171856][ T5074] ? kernel_write+0x6c0/0x6c0
[ 87.176541][ T5074] ? __fget_light+0x1fc/0x260
[ 87.181207][ T5074] ksys_write+0x12f/0x250
[ 87.185523][ T5074] ? __ia32_sys_read+0xb0/0xb0
[ 87.190278][ T5074] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 87.196509][ T5074] do_syscall_64+0x40/0x110
[ 87.201002][ T5074] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 87.206891][ T5074] RIP: 0033:0x7fc8ca0ec1e9
[ 87.211293][ T5074] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 87.230889][ T5074] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[pid 5074] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5074] exit_group(0) = ?
[pid 5074] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 87.239291][ T5074] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[ 87.247247][ T5074] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 87.255207][ T5074] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 87.263166][ T5074] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 87.271121][ T5074] R13: 0000000000000012 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 87.279086][ T5074]
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./18/bus") = 0
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./18/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./18") = 0
mkdir("./19", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached
[pid 5075] set_robust_list(0x55555665b660, 24) = 0
[pid 5075] chdir("./19"
[pid 5053] <... clone resumed>, child_tidptr=0x55555665b650) = 5075
[pid 5075] <... chdir resumed>) = 0
[pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5075] setpgid(0, 0) = 0
[pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5075] write(3, "1000", 4) = 4
[pid 5075] close(3) = 0
[pid 5075] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5075] memfd_create("syzkaller", 0) = 3
[pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5075] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5075] close(3) = 0
[pid 5075] mkdir("./bus", 0777) = 0
[pid 5075] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5075] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5075] chdir("./bus") = 0
[pid 5075] ioctl(4, LOOP_CLR_FD) = 0
[pid 5075] close(4) = 0
[pid 5075] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5075] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5075] write(5, "9", 1) = 1
[pid 5075] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[ 87.552835][ T5075] loop0: detected capacity change from 0 to 64
[ 87.578356][ T5075] hfs: unable to locate alternate MDB
[ 87.583781][ T5075] hfs: continuing without an alternate MDB
[pid 5075] exit_group(0) = ?
[pid 5075] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./19/bus") = 0
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./19/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./19") = 0
mkdir("./20", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5076 attached
, child_tidptr=0x55555665b650) = 5076
[pid 5076] set_robust_list(0x55555665b660, 24) = 0
[pid 5076] chdir("./20") = 0
[pid 5076] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5076] setpgid(0, 0) = 0
[pid 5076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5076] write(3, "1000", 4) = 4
[pid 5076] close(3) = 0
[pid 5076] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5076] memfd_create("syzkaller", 0) = 3
[pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5076] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5076] close(3) = 0
[pid 5076] mkdir("./bus", 0777) = 0
[pid 5076] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5076] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5076] chdir("./bus") = 0
[ 87.849027][ T5076] loop0: detected capacity change from 0 to 64
[ 87.873533][ T5076] hfs: unable to locate alternate MDB
[ 87.878920][ T5076] hfs: continuing without an alternate MDB
[pid 5076] ioctl(4, LOOP_CLR_FD) = 0
[pid 5076] close(4) = 0
[pid 5076] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5076] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5076] write(5, "9", 1) = 1
[ 88.005738][ T5076] FAULT_INJECTION: forcing a failure.
[ 88.005738][ T5076] name failslab, interval 1, probability 0, space 0, times 0
[ 88.018495][ T5076] CPU: 1 PID: 5076 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 88.028923][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 88.038966][ T5076] Call Trace:
[ 88.042229][ T5076]
[ 88.045143][ T5076] dump_stack_lvl+0x125/0x1b0
[ 88.049814][ T5076] should_fail_ex+0x496/0x5b0
[ 88.054482][ T5076] should_failslab+0x9/0x20
[ 88.058972][ T5076] __kmem_cache_alloc_node+0x5f/0x460
[ 88.064335][ T5076] ? hfs_find_init+0x95/0x220
[ 88.069001][ T5076] __kmalloc+0x49/0x90
[ 88.073055][ T5076] hfs_find_init+0x95/0x220
[ 88.077547][ T5076] hfs_ext_read_extent+0x19c/0x9d0
[ 88.082648][ T5076] ? mutex_trylock+0x130/0x130
[ 88.087399][ T5076] ? hfs_free_extents+0x2f0/0x2f0
[ 88.092422][ T5076] ? clean_bdev_aliases+0x50e/0x610
[ 88.097626][ T5076] hfs_extend_file+0x4e0/0xb10
[ 88.102396][ T5076] ? reacquire_held_locks+0x4c0/0x4c0
[ 88.107776][ T5076] ? hfs_free_fork+0x900/0x900
[ 88.112544][ T5076] hfs_get_block+0x17f/0x820
[ 88.117135][ T5076] ? hfs_extend_file+0xb10/0xb10
[ 88.122073][ T5076] __block_write_begin_int+0x3c0/0x1560
[ 88.127624][ T5076] ? hfs_extend_file+0xb10/0xb10
[ 88.132565][ T5076] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 88.138115][ T5076] block_write_begin+0xb1/0x490
[ 88.142970][ T5076] ? hfs_extend_file+0xb10/0xb10
[ 88.147912][ T5076] cont_write_begin+0x530/0x730
[ 88.152767][ T5076] ? hfs_extend_file+0xb10/0xb10
[ 88.157707][ T5076] ? block_write_begin+0x490/0x490
[ 88.162822][ T5076] ? fault_in_readable+0x106/0x200
[ 88.167939][ T5076] ? fault_in_readable+0x150/0x200
[ 88.173055][ T5076] ? fault_in_subpage_writeable+0x20/0x20
[ 88.178781][ T5076] hfs_write_begin+0x87/0x140
[ 88.183464][ T5076] ? hfs_extend_file+0xb10/0xb10
[ 88.188403][ T5076] generic_perform_write+0x278/0x600
[ 88.193696][ T5076] ? folio_add_wait_queue+0x1c0/0x1c0
[ 88.199069][ T5076] ? generic_update_time+0xcf/0xf0
[ 88.204186][ T5076] ? mnt_put_write_access_file+0x45/0xf0
[ 88.209825][ T5076] __generic_file_write_iter+0x1f9/0x240
[ 88.215464][ T5076] generic_file_write_iter+0xe3/0x350
[ 88.220843][ T5076] vfs_write+0x64f/0xdf0
[ 88.225086][ T5076] ? kernel_write+0x6c0/0x6c0
[ 88.229763][ T5076] ? __fget_light+0x1fc/0x260
[ 88.234441][ T5076] ksys_write+0x12f/0x250
[ 88.238772][ T5076] ? __ia32_sys_read+0xb0/0xb0
[ 88.243536][ T5076] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 88.249779][ T5076] do_syscall_64+0x40/0x110
[ 88.254283][ T5076] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 88.260184][ T5076] RIP: 0033:0x7fc8ca0ec1e9
[ 88.264599][ T5076] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 88.284205][ T5076] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 88.292615][ T5076] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5076] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5076] exit_group(0) = ?
[pid 5076] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5076, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 88.300591][ T5076] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 88.308563][ T5076] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 88.316530][ T5076] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 88.324502][ T5076] R13: 0000000000000014 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 88.332476][ T5076]
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./20/bus") = 0
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./20/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./20") = 0
mkdir("./21", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5077 attached
[pid 5077] set_robust_list(0x55555665b660, 24) = 0
[pid 5077] chdir("./21"
[pid 5053] <... clone resumed>, child_tidptr=0x55555665b650) = 5077
[pid 5077] <... chdir resumed>) = 0
[pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5077] setpgid(0, 0) = 0
[pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5077] write(3, "1000", 4) = 4
[pid 5077] close(3) = 0
[pid 5077] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5077] memfd_create("syzkaller", 0) = 3
[pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5077] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5077] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5077] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5077] close(3) = 0
[pid 5077] mkdir("./bus", 0777) = 0
[pid 5077] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5077] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5077] chdir("./bus") = 0
[pid 5077] ioctl(4, LOOP_CLR_FD) = 0
[pid 5077] close(4) = 0
[pid 5077] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5077] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 88.631259][ T5077] loop0: detected capacity change from 0 to 64
[ 88.651697][ T5077] hfs: unable to locate alternate MDB
[ 88.657135][ T5077] hfs: continuing without an alternate MDB
[pid 5077] write(5, "9", 1) = 1
[ 88.733829][ T5077] FAULT_INJECTION: forcing a failure.
[ 88.733829][ T5077] name failslab, interval 1, probability 0, space 0, times 0
[ 88.746738][ T5077] CPU: 0 PID: 5077 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 88.757138][ T5077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 88.767182][ T5077] Call Trace:
[ 88.770448][ T5077]
[ 88.773367][ T5077] dump_stack_lvl+0x125/0x1b0
[ 88.778035][ T5077] should_fail_ex+0x496/0x5b0
[ 88.782712][ T5077] should_failslab+0x9/0x20
[ 88.787205][ T5077] __kmem_cache_alloc_node+0x5f/0x460
[ 88.792572][ T5077] ? hfs_find_init+0x95/0x220
[ 88.797238][ T5077] __kmalloc+0x49/0x90
[ 88.801304][ T5077] hfs_find_init+0x95/0x220
[ 88.805805][ T5077] hfs_ext_read_extent+0x19c/0x9d0
[ 88.810915][ T5077] ? mutex_trylock+0x130/0x130
[ 88.815673][ T5077] ? hfs_free_extents+0x2f0/0x2f0
[ 88.820691][ T5077] ? clean_bdev_aliases+0x50e/0x610
[ 88.825879][ T5077] hfs_extend_file+0x4e0/0xb10
[ 88.830637][ T5077] ? reacquire_held_locks+0x4c0/0x4c0
[ 88.836006][ T5077] ? hfs_free_fork+0x900/0x900
[ 88.840767][ T5077] hfs_get_block+0x17f/0x820
[ 88.845351][ T5077] ? hfs_extend_file+0xb10/0xb10
[ 88.850290][ T5077] __block_write_begin_int+0x3c0/0x1560
[ 88.855850][ T5077] ? hfs_extend_file+0xb10/0xb10
[ 88.860781][ T5077] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 88.866322][ T5077] block_write_begin+0xb1/0x490
[ 88.871167][ T5077] ? hfs_extend_file+0xb10/0xb10
[ 88.876096][ T5077] cont_write_begin+0x530/0x730
[ 88.880940][ T5077] ? hfs_extend_file+0xb10/0xb10
[ 88.885871][ T5077] ? block_write_begin+0x490/0x490
[ 88.890973][ T5077] ? fault_in_readable+0x106/0x200
[ 88.896078][ T5077] ? fault_in_readable+0x150/0x200
[ 88.901183][ T5077] ? fault_in_subpage_writeable+0x20/0x20
[ 88.906894][ T5077] hfs_write_begin+0x87/0x140
[ 88.911565][ T5077] ? hfs_extend_file+0xb10/0xb10
[ 88.916494][ T5077] generic_perform_write+0x278/0x600
[ 88.921772][ T5077] ? folio_add_wait_queue+0x1c0/0x1c0
[ 88.927135][ T5077] ? generic_update_time+0xcf/0xf0
[ 88.932240][ T5077] ? mnt_put_write_access_file+0x45/0xf0
[ 88.937866][ T5077] __generic_file_write_iter+0x1f9/0x240
[ 88.943492][ T5077] generic_file_write_iter+0xe3/0x350
[ 88.948863][ T5077] vfs_write+0x64f/0xdf0
[ 88.953098][ T5077] ? kernel_write+0x6c0/0x6c0
[ 88.957766][ T5077] ? __fget_light+0x1fc/0x260
[ 88.962431][ T5077] ksys_write+0x12f/0x250
[ 88.966748][ T5077] ? __ia32_sys_read+0xb0/0xb0
[ 88.971507][ T5077] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 88.977759][ T5077] do_syscall_64+0x40/0x110
[ 88.982255][ T5077] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 88.988145][ T5077] RIP: 0033:0x7fc8ca0ec1e9
[ 88.992544][ T5077] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 89.012141][ T5077] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 89.020544][ T5077] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5077] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5077] exit_group(0) = ?
[pid 5077] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
[ 89.028502][ T5077] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 89.036461][ T5077] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 89.044420][ T5077] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 89.052383][ T5077] R13: 0000000000000015 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 89.060344][ T5077]
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./21/bus") = 0
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./21/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./21") = 0
mkdir("./22", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached
, child_tidptr=0x55555665b650) = 5078
[pid 5078] set_robust_list(0x55555665b660, 24) = 0
[pid 5078] chdir("./22") = 0
[pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5078] setpgid(0, 0) = 0
[pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "1000", 4) = 4
[pid 5078] close(3) = 0
[pid 5078] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5078] memfd_create("syzkaller", 0) = 3
[pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5078] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5078] close(3) = 0
[pid 5078] mkdir("./bus", 0777) = 0
[pid 5078] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5078] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5078] chdir("./bus") = 0
[pid 5078] ioctl(4, LOOP_CLR_FD) = 0
[pid 5078] close(4) = 0
[pid 5078] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5078] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5078] write(5, "9", 1) = 1
[ 89.337749][ T5078] loop0: detected capacity change from 0 to 64
[ 89.355547][ T5078] hfs: unable to locate alternate MDB
[ 89.361002][ T5078] hfs: continuing without an alternate MDB
[ 89.417553][ T5078] FAULT_INJECTION: forcing a failure.
[ 89.417553][ T5078] name failslab, interval 1, probability 0, space 0, times 0
[ 89.430305][ T5078] CPU: 1 PID: 5078 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 89.440727][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 89.450770][ T5078] Call Trace:
[ 89.454037][ T5078]
[ 89.456955][ T5078] dump_stack_lvl+0x125/0x1b0
[ 89.461627][ T5078] should_fail_ex+0x496/0x5b0
[ 89.466307][ T5078] should_failslab+0x9/0x20
[ 89.470802][ T5078] __kmem_cache_alloc_node+0x5f/0x460
[ 89.476170][ T5078] ? hfs_find_init+0x95/0x220
[ 89.480839][ T5078] __kmalloc+0x49/0x90
[ 89.484897][ T5078] hfs_find_init+0x95/0x220
[ 89.489388][ T5078] hfs_ext_read_extent+0x19c/0x9d0
[ 89.494492][ T5078] ? mutex_trylock+0x130/0x130
[ 89.499249][ T5078] ? hfs_free_extents+0x2f0/0x2f0
[ 89.504269][ T5078] ? clean_bdev_aliases+0x50e/0x610
[ 89.509460][ T5078] hfs_extend_file+0x4e0/0xb10
[ 89.514217][ T5078] ? reacquire_held_locks+0x4c0/0x4c0
[ 89.519583][ T5078] ? hfs_free_fork+0x900/0x900
[ 89.524339][ T5078] hfs_get_block+0x17f/0x820
[ 89.528922][ T5078] ? hfs_extend_file+0xb10/0xb10
[ 89.533852][ T5078] __block_write_begin_int+0x3c0/0x1560
[ 89.539393][ T5078] ? hfs_extend_file+0xb10/0xb10
[ 89.544323][ T5078] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 89.549881][ T5078] block_write_begin+0xb1/0x490
[ 89.554754][ T5078] ? hfs_extend_file+0xb10/0xb10
[ 89.559688][ T5078] cont_write_begin+0x530/0x730
[ 89.564537][ T5078] ? hfs_extend_file+0xb10/0xb10
[ 89.569467][ T5078] ? block_write_begin+0x490/0x490
[ 89.574579][ T5078] ? fault_in_readable+0x106/0x200
[ 89.579691][ T5078] ? fault_in_readable+0x150/0x200
[ 89.584802][ T5078] ? fault_in_subpage_writeable+0x20/0x20
[ 89.590520][ T5078] hfs_write_begin+0x87/0x140
[ 89.595191][ T5078] ? hfs_extend_file+0xb10/0xb10
[ 89.600121][ T5078] generic_perform_write+0x278/0x600
[ 89.605400][ T5078] ? folio_add_wait_queue+0x1c0/0x1c0
[ 89.610793][ T5078] ? generic_update_time+0xcf/0xf0
[ 89.615899][ T5078] ? mnt_put_write_access_file+0x45/0xf0
[ 89.621527][ T5078] __generic_file_write_iter+0x1f9/0x240
[ 89.627156][ T5078] generic_file_write_iter+0xe3/0x350
[ 89.632525][ T5078] vfs_write+0x64f/0xdf0
[ 89.636761][ T5078] ? kernel_write+0x6c0/0x6c0
[ 89.641431][ T5078] ? __fget_light+0x1fc/0x260
[ 89.646100][ T5078] ksys_write+0x12f/0x250
[ 89.650423][ T5078] ? __ia32_sys_read+0xb0/0xb0
[ 89.655178][ T5078] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 89.661410][ T5078] do_syscall_64+0x40/0x110
[ 89.665907][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 89.671797][ T5078] RIP: 0033:0x7fc8ca0ec1e9
[ 89.676205][ T5078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 89.695825][ T5078] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 89.704224][ T5078] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5078] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5078] exit_group(0) = ?
[pid 5078] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 89.712195][ T5078] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 89.720173][ T5078] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 89.728133][ T5078] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 89.736093][ T5078] R13: 0000000000000016 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 89.744053][ T5078]
newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./22/bus") = 0
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./22/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./22") = 0
mkdir("./23", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached
, child_tidptr=0x55555665b650) = 5079
[pid 5079] set_robust_list(0x55555665b660, 24) = 0
[pid 5079] chdir("./23") = 0
[pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5079] setpgid(0, 0) = 0
[pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5079] write(3, "1000", 4) = 4
[pid 5079] close(3) = 0
[pid 5079] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5079] memfd_create("syzkaller", 0) = 3
[pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5079] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5079] close(3) = 0
[pid 5079] mkdir("./bus", 0777) = 0
[pid 5079] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5079] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5079] chdir("./bus") = 0
[pid 5079] ioctl(4, LOOP_CLR_FD) = 0
[ 90.006453][ T5079] loop0: detected capacity change from 0 to 64
[ 90.028438][ T5079] hfs: unable to locate alternate MDB
[ 90.033860][ T5079] hfs: continuing without an alternate MDB
[pid 5079] close(4) = 0
[pid 5079] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5079] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5079] write(5, "9", 1) = 1
[ 90.146722][ T5079] FAULT_INJECTION: forcing a failure.
[ 90.146722][ T5079] name failslab, interval 1, probability 0, space 0, times 0
[ 90.160385][ T5079] CPU: 1 PID: 5079 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 90.170846][ T5079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 90.180894][ T5079] Call Trace:
[ 90.184165][ T5079]
[ 90.187083][ T5079] dump_stack_lvl+0x125/0x1b0
[ 90.191753][ T5079] should_fail_ex+0x496/0x5b0
[ 90.196428][ T5079] should_failslab+0x9/0x20
[ 90.200928][ T5079] __kmem_cache_alloc_node+0x5f/0x460
[ 90.206298][ T5079] ? hfs_find_init+0x95/0x220
[ 90.210982][ T5079] __kmalloc+0x49/0x90
[ 90.215042][ T5079] hfs_find_init+0x95/0x220
[ 90.219535][ T5079] hfs_ext_read_extent+0x19c/0x9d0
[ 90.224664][ T5079] ? mutex_trylock+0x130/0x130
[ 90.229437][ T5079] ? hfs_free_extents+0x2f0/0x2f0
[ 90.234468][ T5079] ? clean_bdev_aliases+0x50e/0x610
[ 90.239671][ T5079] hfs_extend_file+0x4e0/0xb10
[ 90.244441][ T5079] ? reacquire_held_locks+0x4c0/0x4c0
[ 90.249819][ T5079] ? hfs_free_fork+0x900/0x900
[ 90.254587][ T5079] hfs_get_block+0x17f/0x820
[ 90.259180][ T5079] ? hfs_extend_file+0xb10/0xb10
[ 90.264121][ T5079] __block_write_begin_int+0x3c0/0x1560
[ 90.269672][ T5079] ? hfs_extend_file+0xb10/0xb10
[ 90.274617][ T5079] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 90.280166][ T5079] block_write_begin+0xb1/0x490
[ 90.285024][ T5079] ? hfs_extend_file+0xb10/0xb10
[ 90.289967][ T5079] cont_write_begin+0x530/0x730
[ 90.294821][ T5079] ? hfs_extend_file+0xb10/0xb10
[ 90.299758][ T5079] ? block_write_begin+0x490/0x490
[ 90.304872][ T5079] ? fault_in_readable+0x106/0x200
[ 90.309988][ T5079] ? fault_in_readable+0x150/0x200
[ 90.315102][ T5079] ? fault_in_subpage_writeable+0x20/0x20
[ 90.320827][ T5079] hfs_write_begin+0x87/0x140
[ 90.325507][ T5079] ? hfs_extend_file+0xb10/0xb10
[ 90.330447][ T5079] generic_perform_write+0x278/0x600
[ 90.335743][ T5079] ? folio_add_wait_queue+0x1c0/0x1c0
[ 90.341116][ T5079] ? generic_update_time+0xcf/0xf0
[ 90.346236][ T5079] ? mnt_put_write_access_file+0x45/0xf0
[ 90.351881][ T5079] __generic_file_write_iter+0x1f9/0x240
[ 90.357520][ T5079] generic_file_write_iter+0xe3/0x350
[ 90.362898][ T5079] vfs_write+0x64f/0xdf0
[ 90.367143][ T5079] ? kernel_write+0x6c0/0x6c0
[ 90.371819][ T5079] ? __fget_light+0x1fc/0x260
[ 90.376496][ T5079] ksys_write+0x12f/0x250
[ 90.380826][ T5079] ? __ia32_sys_read+0xb0/0xb0
[ 90.385587][ T5079] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 90.391829][ T5079] do_syscall_64+0x40/0x110
[ 90.396333][ T5079] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 90.402234][ T5079] RIP: 0033:0x7fc8ca0ec1e9
[ 90.406645][ T5079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 90.426249][ T5079] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 90.434662][ T5079] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5079] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5079] exit_group(0) = ?
[pid 5079] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
[ 90.442634][ T5079] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 90.450600][ T5079] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 90.458568][ T5079] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 90.466535][ T5079] R13: 0000000000000017 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 90.474507][ T5079]
umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./23/bus") = 0
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./23/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./23") = 0
mkdir("./24", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached
, child_tidptr=0x55555665b650) = 5080
[pid 5080] set_robust_list(0x55555665b660, 24) = 0
[pid 5080] chdir("./24") = 0
[pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5080] setpgid(0, 0) = 0
[pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5080] write(3, "1000", 4) = 4
[pid 5080] close(3) = 0
[pid 5080] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5080] memfd_create("syzkaller", 0) = 3
[pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5080] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5080] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5080] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5080] close(3) = 0
[pid 5080] mkdir("./bus", 0777) = 0
[pid 5080] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5080] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5080] chdir("./bus") = 0
[pid 5080] ioctl(4, LOOP_CLR_FD) = 0
[pid 5080] close(4) = 0
[pid 5080] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 90.648383][ T5080] loop0: detected capacity change from 0 to 64
[ 90.672014][ T5080] hfs: unable to locate alternate MDB
[ 90.677398][ T5080] hfs: continuing without an alternate MDB
[pid 5080] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5080] write(5, "9", 1) = 1
[ 90.742186][ T5080] FAULT_INJECTION: forcing a failure.
[ 90.742186][ T5080] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 90.755828][ T5080] CPU: 0 PID: 5080 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 90.766229][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 90.776274][ T5080] Call Trace:
[ 90.779537][ T5080]
[ 90.782458][ T5080] dump_stack_lvl+0x125/0x1b0
[ 90.787142][ T5080] should_fail_ex+0x496/0x5b0
[ 90.791821][ T5080] ? fs_reclaim_acquire+0xb0/0x150
[ 90.796923][ T5080] __should_fail_alloc_page+0xe7/0x130
[ 90.802382][ T5080] prepare_alloc_pages.constprop.0+0x16f/0x550
[ 90.808542][ T5080] __alloc_pages+0x193/0x2420
[ 90.813222][ T5080] ? hlock_class+0x4e/0x130
[ 90.817729][ T5080] ? mark_lock+0xb5/0xc50
[ 90.822067][ T5080] ? hlock_class+0x4e/0x130
[ 90.826573][ T5080] ? __lock_acquire+0xc65/0x3b20
[ 90.831514][ T5080] ? warn_alloc+0x3a0/0x3a0
[ 90.836019][ T5080] ? lockdep_hardirqs_on_prepare+0x420/0x420
[ 90.842006][ T5080] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 90.847904][ T5080] ? policy_nodemask+0x313/0x480
[ 90.852838][ T5080] alloc_pages_mpol+0x258/0x5f0
[ 90.857687][ T5080] ? mempolicy_in_oom_domain+0x150/0x150
[ 90.863317][ T5080] ? xas_descend+0x141/0x4e0
[ 90.867914][ T5080] folio_alloc+0x1e/0xe0
[ 90.872158][ T5080] filemap_alloc_folio+0x3bb/0x490
[ 90.877270][ T5080] ? __probestub_file_check_and_advance_wb_err+0x10/0x10
[ 90.884321][ T5080] ? print_usage_bug.part.0+0x550/0x550
[ 90.889939][ T5080] __filemap_get_folio+0x54c/0xaa0
[ 90.895054][ T5080] pagecache_get_page+0x2c/0x250
[ 90.899992][ T5080] block_write_begin+0x38/0x490
[ 90.904845][ T5080] ? hfs_extend_file+0xb10/0xb10
[ 90.909788][ T5080] cont_write_begin+0x530/0x730
[ 90.914642][ T5080] ? hfs_extend_file+0xb10/0xb10
[ 90.919582][ T5080] ? block_write_begin+0x490/0x490
[ 90.924694][ T5080] ? fault_in_readable+0x106/0x200
[ 90.929813][ T5080] ? fault_in_readable+0x150/0x200
[ 90.934931][ T5080] ? fault_in_subpage_writeable+0x20/0x20
[ 90.940657][ T5080] hfs_write_begin+0x87/0x140
[ 90.945339][ T5080] ? hfs_extend_file+0xb10/0xb10
[ 90.950279][ T5080] generic_perform_write+0x278/0x600
[ 90.955571][ T5080] ? folio_add_wait_queue+0x1c0/0x1c0
[ 90.960945][ T5080] ? generic_update_time+0xcf/0xf0
[ 90.966073][ T5080] ? mnt_put_write_access_file+0x45/0xf0
[ 90.971711][ T5080] __generic_file_write_iter+0x1f9/0x240
[ 90.977350][ T5080] generic_file_write_iter+0xe3/0x350
[ 90.982729][ T5080] vfs_write+0x64f/0xdf0
[ 90.986971][ T5080] ? kernel_write+0x6c0/0x6c0
[ 90.991649][ T5080] ? __fget_light+0x1fc/0x260
[ 90.996325][ T5080] ksys_write+0x12f/0x250
[ 91.000656][ T5080] ? __ia32_sys_read+0xb0/0xb0
[ 91.005418][ T5080] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 91.011659][ T5080] do_syscall_64+0x40/0x110
[ 91.016163][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 91.022065][ T5080] RIP: 0033:0x7fc8ca0ec1e9
[ 91.026474][ T5080] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 91.046076][ T5080] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 91.054487][ T5080] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[ 91.062455][ T5080] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 91.070435][ T5080] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 91.078406][ T5080] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[pid 5080] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5080] exit_group(0) = ?
[pid 5080] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 91.086373][ T5080] R13: 0000000000000018 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 91.094346][ T5080]
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./24/bus") = 0
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./24/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./24") = 0
mkdir("./25", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5081 attached
[pid 5081] set_robust_list(0x55555665b660, 24) = 0
[pid 5081] chdir("./25"
[pid 5053] <... clone resumed>, child_tidptr=0x55555665b650) = 5081
[pid 5081] <... chdir resumed>) = 0
[pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5081] setpgid(0, 0) = 0
[pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5081] write(3, "1000", 4) = 4
[pid 5081] close(3) = 0
[pid 5081] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5081] memfd_create("syzkaller", 0) = 3
[pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5081] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5081] close(3) = 0
[pid 5081] mkdir("./bus", 0777) = 0
[pid 5081] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5081] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5081] chdir("./bus") = 0
[pid 5081] ioctl(4, LOOP_CLR_FD) = 0
[pid 5081] close(4) = 0
[pid 5081] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5081] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 91.332434][ T5081] loop0: detected capacity change from 0 to 64
[ 91.358543][ T5081] hfs: unable to locate alternate MDB
[ 91.364017][ T5081] hfs: continuing without an alternate MDB
[pid 5081] write(5, "9", 1) = 1
[ 91.432350][ T5081] FAULT_INJECTION: forcing a failure.
[ 91.432350][ T5081] name failslab, interval 1, probability 0, space 0, times 0
[ 91.445285][ T5081] CPU: 1 PID: 5081 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 91.455688][ T5081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 91.465741][ T5081] Call Trace:
[ 91.469010][ T5081]
[ 91.471928][ T5081] dump_stack_lvl+0x125/0x1b0
[ 91.476616][ T5081] should_fail_ex+0x496/0x5b0
[ 91.481317][ T5081] should_failslab+0x9/0x20
[ 91.485812][ T5081] __kmem_cache_alloc_node+0x5f/0x460
[ 91.491181][ T5081] ? hfs_find_init+0x95/0x220
[ 91.495846][ T5081] __kmalloc+0x49/0x90
[ 91.499907][ T5081] hfs_find_init+0x95/0x220
[ 91.504403][ T5081] hfs_ext_read_extent+0x19c/0x9d0
[ 91.509507][ T5081] ? mutex_trylock+0x130/0x130
[ 91.514269][ T5081] ? hfs_free_extents+0x2f0/0x2f0
[ 91.519283][ T5081] ? clean_bdev_aliases+0x50e/0x610
[ 91.524477][ T5081] hfs_extend_file+0x4e0/0xb10
[ 91.529231][ T5081] ? reacquire_held_locks+0x4c0/0x4c0
[ 91.534623][ T5081] ? hfs_free_fork+0x900/0x900
[ 91.539381][ T5081] hfs_get_block+0x17f/0x820
[ 91.543981][ T5081] ? hfs_extend_file+0xb10/0xb10
[ 91.548912][ T5081] __block_write_begin_int+0x3c0/0x1560
[ 91.554462][ T5081] ? hfs_extend_file+0xb10/0xb10
[ 91.559399][ T5081] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 91.564940][ T5081] block_write_begin+0xb1/0x490
[ 91.569790][ T5081] ? hfs_extend_file+0xb10/0xb10
[ 91.574730][ T5081] cont_write_begin+0x530/0x730
[ 91.579584][ T5081] ? hfs_extend_file+0xb10/0xb10
[ 91.584516][ T5081] ? block_write_begin+0x490/0x490
[ 91.589618][ T5081] ? fault_in_readable+0x106/0x200
[ 91.594732][ T5081] ? fault_in_readable+0x150/0x200
[ 91.599839][ T5081] ? fault_in_subpage_writeable+0x20/0x20
[ 91.605558][ T5081] hfs_write_begin+0x87/0x140
[ 91.610242][ T5081] ? hfs_extend_file+0xb10/0xb10
[ 91.615185][ T5081] generic_perform_write+0x278/0x600
[ 91.620467][ T5081] ? folio_add_wait_queue+0x1c0/0x1c0
[ 91.625836][ T5081] ? generic_update_time+0xcf/0xf0
[ 91.630942][ T5081] ? mnt_put_write_access_file+0x45/0xf0
[ 91.636573][ T5081] __generic_file_write_iter+0x1f9/0x240
[ 91.642201][ T5081] generic_file_write_iter+0xe3/0x350
[ 91.647574][ T5081] vfs_write+0x64f/0xdf0
[ 91.651818][ T5081] ? kernel_write+0x6c0/0x6c0
[ 91.656504][ T5081] ? __fget_light+0x1fc/0x260
[ 91.661168][ T5081] ksys_write+0x12f/0x250
[ 91.665487][ T5081] ? __ia32_sys_read+0xb0/0xb0
[ 91.670248][ T5081] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 91.676489][ T5081] do_syscall_64+0x40/0x110
[ 91.680984][ T5081] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 91.686888][ T5081] RIP: 0033:0x7fc8ca0ec1e9
[ 91.691289][ T5081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 91.710884][ T5081] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 91.719302][ T5081] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5081] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5081] exit_group(0) = ?
[pid 5081] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
[ 91.727279][ T5081] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 91.735239][ T5081] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 91.743199][ T5081] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 91.751157][ T5081] R13: 0000000000000019 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 91.759118][ T5081]
umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./25/bus") = 0
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./25/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./25") = 0
mkdir("./26", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached
[pid 5082] set_robust_list(0x55555665b660, 24) = 0
[pid 5082] chdir("./26") = 0
[pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5082] setpgid(0, 0
[pid 5053] <... clone resumed>, child_tidptr=0x55555665b650) = 5082
[pid 5082] <... setpgid resumed>) = 0
[pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5082] write(3, "1000", 4) = 4
[pid 5082] close(3) = 0
[pid 5082] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5082] memfd_create("syzkaller", 0) = 3
[pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5082] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5082] close(3) = 0
[pid 5082] mkdir("./bus", 0777) = 0
[pid 5082] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5082] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5082] chdir("./bus") = 0
[pid 5082] ioctl(4, LOOP_CLR_FD) = 0
[pid 5082] close(4) = 0
[pid 5082] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 91.954211][ T5082] loop0: detected capacity change from 0 to 64
[ 91.979969][ T5082] hfs: unable to locate alternate MDB
[ 91.985477][ T5082] hfs: continuing without an alternate MDB
[pid 5082] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5082] write(5, "9", 1) = 1
[ 92.044673][ T5082] FAULT_INJECTION: forcing a failure.
[ 92.044673][ T5082] name failslab, interval 1, probability 0, space 0, times 0
[ 92.058071][ T5082] CPU: 1 PID: 5082 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 92.068512][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 92.078557][ T5082] Call Trace:
[ 92.081836][ T5082]
[ 92.084753][ T5082] dump_stack_lvl+0x125/0x1b0
[ 92.089422][ T5082] should_fail_ex+0x496/0x5b0
[ 92.094094][ T5082] should_failslab+0x9/0x20
[ 92.098602][ T5082] __kmem_cache_alloc_node+0x5f/0x460
[ 92.103967][ T5082] ? hfs_find_init+0x95/0x220
[ 92.108632][ T5082] __kmalloc+0x49/0x90
[ 92.112695][ T5082] hfs_find_init+0x95/0x220
[ 92.117202][ T5082] hfs_ext_read_extent+0x19c/0x9d0
[ 92.122322][ T5082] ? mutex_trylock+0x130/0x130
[ 92.127092][ T5082] ? hfs_free_extents+0x2f0/0x2f0
[ 92.132124][ T5082] ? clean_bdev_aliases+0x50e/0x610
[ 92.137325][ T5082] hfs_extend_file+0x4e0/0xb10
[ 92.142095][ T5082] ? reacquire_held_locks+0x4c0/0x4c0
[ 92.147560][ T5082] ? hfs_free_fork+0x900/0x900
[ 92.152328][ T5082] hfs_get_block+0x17f/0x820
[ 92.156921][ T5082] ? hfs_extend_file+0xb10/0xb10
[ 92.161863][ T5082] __block_write_begin_int+0x3c0/0x1560
[ 92.167416][ T5082] ? hfs_extend_file+0xb10/0xb10
[ 92.172358][ T5082] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 92.177907][ T5082] block_write_begin+0xb1/0x490
[ 92.182759][ T5082] ? hfs_extend_file+0xb10/0xb10
[ 92.187707][ T5082] cont_write_begin+0x530/0x730
[ 92.192559][ T5082] ? hfs_extend_file+0xb10/0xb10
[ 92.197499][ T5082] ? block_write_begin+0x490/0x490
[ 92.202619][ T5082] ? fault_in_readable+0x106/0x200
[ 92.207756][ T5082] ? fault_in_readable+0x150/0x200
[ 92.212875][ T5082] ? fault_in_subpage_writeable+0x20/0x20
[ 92.218602][ T5082] hfs_write_begin+0x87/0x140
[ 92.223283][ T5082] ? hfs_extend_file+0xb10/0xb10
[ 92.228224][ T5082] generic_perform_write+0x278/0x600
[ 92.233512][ T5082] ? folio_add_wait_queue+0x1c0/0x1c0
[ 92.238887][ T5082] ? generic_update_time+0xcf/0xf0
[ 92.244002][ T5082] ? mnt_put_write_access_file+0x45/0xf0
[ 92.249648][ T5082] __generic_file_write_iter+0x1f9/0x240
[ 92.255287][ T5082] generic_file_write_iter+0xe3/0x350
[ 92.260680][ T5082] vfs_write+0x64f/0xdf0
[ 92.264927][ T5082] ? kernel_write+0x6c0/0x6c0
[ 92.269602][ T5082] ? __fget_light+0x1fc/0x260
[ 92.274276][ T5082] ksys_write+0x12f/0x250
[ 92.278605][ T5082] ? __ia32_sys_read+0xb0/0xb0
[ 92.283369][ T5082] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 92.289612][ T5082] do_syscall_64+0x40/0x110
[ 92.294116][ T5082] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 92.300016][ T5082] RIP: 0033:0x7fc8ca0ec1e9
[ 92.304428][ T5082] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 92.324031][ T5082] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 92.332443][ T5082] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5082] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5082] exit_group(0) = ?
[pid 5082] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 92.340414][ T5082] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 92.348378][ T5082] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 92.356345][ T5082] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 92.364312][ T5082] R13: 000000000000001a R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 92.372283][ T5082]
umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./26/bus") = 0
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./26/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./26") = 0
mkdir("./27", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached
[pid 5083] set_robust_list(0x55555665b660, 24) = 0
[pid 5083] chdir("./27"
[pid 5053] <... clone resumed>, child_tidptr=0x55555665b650) = 5083
[pid 5083] <... chdir resumed>) = 0
[pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5083] setpgid(0, 0) = 0
[pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "1000", 4) = 4
[pid 5083] close(3) = 0
[pid 5083] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5083] memfd_create("syzkaller", 0) = 3
[pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5083] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5083] close(3) = 0
[pid 5083] mkdir("./bus", 0777) = 0
[pid 5083] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5083] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5083] chdir("./bus") = 0
[pid 5083] ioctl(4, LOOP_CLR_FD) = 0
[pid 5083] close(4) = 0
[pid 5083] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5083] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5083] write(5, "9", 1) = 1
[ 92.628535][ T5083] loop0: detected capacity change from 0 to 64
[ 92.653612][ T5083] hfs: unable to locate alternate MDB
[ 92.659012][ T5083] hfs: continuing without an alternate MDB
[ 92.703744][ T5083] FAULT_INJECTION: forcing a failure.
[ 92.703744][ T5083] name failslab, interval 1, probability 0, space 0, times 0
[ 92.716729][ T5083] CPU: 0 PID: 5083 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 92.727135][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 92.737175][ T5083] Call Trace:
[ 92.740442][ T5083]
[ 92.743358][ T5083] dump_stack_lvl+0x125/0x1b0
[ 92.748026][ T5083] should_fail_ex+0x496/0x5b0
[ 92.752700][ T5083] should_failslab+0x9/0x20
[ 92.757189][ T5083] __kmem_cache_alloc_node+0x5f/0x460
[ 92.762560][ T5083] ? hfs_find_init+0x95/0x220
[ 92.767226][ T5083] __kmalloc+0x49/0x90
[ 92.771282][ T5083] hfs_find_init+0x95/0x220
[ 92.775775][ T5083] hfs_ext_read_extent+0x19c/0x9d0
[ 92.780875][ T5083] ? mutex_trylock+0x130/0x130
[ 92.785633][ T5083] ? hfs_free_extents+0x2f0/0x2f0
[ 92.790648][ T5083] ? clean_bdev_aliases+0x50e/0x610
[ 92.795837][ T5083] hfs_extend_file+0x4e0/0xb10
[ 92.800595][ T5083] ? reacquire_held_locks+0x4c0/0x4c0
[ 92.805956][ T5083] ? hfs_free_fork+0x900/0x900
[ 92.810722][ T5083] hfs_get_block+0x17f/0x820
[ 92.815319][ T5083] ? hfs_extend_file+0xb10/0xb10
[ 92.820259][ T5083] __block_write_begin_int+0x3c0/0x1560
[ 92.825810][ T5083] ? hfs_extend_file+0xb10/0xb10
[ 92.830751][ T5083] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 92.836298][ T5083] block_write_begin+0xb1/0x490
[ 92.841151][ T5083] ? hfs_extend_file+0xb10/0xb10
[ 92.846091][ T5083] cont_write_begin+0x530/0x730
[ 92.850944][ T5083] ? hfs_extend_file+0xb10/0xb10
[ 92.855887][ T5083] ? block_write_begin+0x490/0x490
[ 92.861001][ T5083] ? fault_in_readable+0x106/0x200
[ 92.866115][ T5083] ? fault_in_readable+0x150/0x200
[ 92.871232][ T5083] ? fault_in_subpage_writeable+0x20/0x20
[ 92.876959][ T5083] hfs_write_begin+0x87/0x140
[ 92.881640][ T5083] ? hfs_extend_file+0xb10/0xb10
[ 92.886580][ T5083] generic_perform_write+0x278/0x600
[ 92.891872][ T5083] ? folio_add_wait_queue+0x1c0/0x1c0
[ 92.897243][ T5083] ? generic_update_time+0xcf/0xf0
[ 92.902367][ T5083] ? mnt_put_write_access_file+0x45/0xf0
[ 92.908007][ T5083] __generic_file_write_iter+0x1f9/0x240
[ 92.913649][ T5083] generic_file_write_iter+0xe3/0x350
[ 92.919024][ T5083] vfs_write+0x64f/0xdf0
[ 92.923270][ T5083] ? kernel_write+0x6c0/0x6c0
[ 92.927969][ T5083] ? __fget_light+0x1fc/0x260
[ 92.932648][ T5083] ksys_write+0x12f/0x250
[ 92.936977][ T5083] ? __ia32_sys_read+0xb0/0xb0
[ 92.941740][ T5083] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 92.947979][ T5083] do_syscall_64+0x40/0x110
[ 92.952486][ T5083] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 92.958386][ T5083] RIP: 0033:0x7fc8ca0ec1e9
[ 92.962797][ T5083] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 92.982425][ T5083] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 92.990839][ T5083] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5083] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5083] exit_group(0) = ?
[pid 5083] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
[ 92.998807][ T5083] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 93.006771][ T5083] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 93.014738][ T5083] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 93.022702][ T5083] R13: 000000000000001b R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 93.030670][ T5083]
umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./27/bus") = 0
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./27/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./27") = 0
mkdir("./28", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached
[pid 5084] set_robust_list(0x55555665b660, 24) = 0
[pid 5084] chdir("./28"
[pid 5053] <... clone resumed>, child_tidptr=0x55555665b650) = 5084
[pid 5084] <... chdir resumed>) = 0
[pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5084] setpgid(0, 0) = 0
[pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5084] write(3, "1000", 4) = 4
[pid 5084] close(3) = 0
[pid 5084] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5084] memfd_create("syzkaller", 0) = 3
[pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5084] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5084] close(3) = 0
[pid 5084] mkdir("./bus", 0777) = 0
[pid 5084] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5084] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5084] chdir("./bus") = 0
[pid 5084] ioctl(4, LOOP_CLR_FD) = 0
[pid 5084] close(4) = 0
[ 93.270533][ T5084] loop0: detected capacity change from 0 to 64
[ 93.295923][ T5084] hfs: unable to locate alternate MDB
[ 93.301353][ T5084] hfs: continuing without an alternate MDB
[pid 5084] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5084] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5084] write(5, "9", 1) = 1
[pid 5084] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5084] exit_group(0) = ?
[pid 5084] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./28/bus") = 0
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./28/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./28") = 0
mkdir("./29", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached
, child_tidptr=0x55555665b650) = 5086
[pid 5086] set_robust_list(0x55555665b660, 24) = 0
[pid 5086] chdir("./29") = 0
[pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5086] setpgid(0, 0) = 0
[pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5086] write(3, "1000", 4) = 4
[pid 5086] close(3) = 0
[pid 5086] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5086] memfd_create("syzkaller", 0) = 3
[pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5086] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5086] close(3) = 0
[pid 5086] mkdir("./bus", 0777) = 0
[pid 5086] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5086] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5086] chdir("./bus") = 0
[pid 5086] ioctl(4, LOOP_CLR_FD) = 0
[pid 5086] close(4) = 0
[pid 5086] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 93.682775][ T5086] loop0: detected capacity change from 0 to 64
[ 93.697789][ T5086] hfs: unable to locate alternate MDB
[ 93.703277][ T5086] hfs: continuing without an alternate MDB
[pid 5086] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5086] write(5, "9", 1) = 1
[ 93.766845][ T5086] FAULT_INJECTION: forcing a failure.
[ 93.766845][ T5086] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 93.780161][ T5086] CPU: 1 PID: 5086 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 93.790570][ T5086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 93.800616][ T5086] Call Trace:
[ 93.803886][ T5086]
[ 93.806804][ T5086] dump_stack_lvl+0x125/0x1b0
[ 93.811488][ T5086] should_fail_ex+0x496/0x5b0
[ 93.816168][ T5086] ? fs_reclaim_acquire+0xb0/0x150
[ 93.821270][ T5086] __should_fail_alloc_page+0xe7/0x130
[ 93.826722][ T5086] prepare_alloc_pages.constprop.0+0x16f/0x550
[ 93.832865][ T5086] __alloc_pages+0x193/0x2420
[ 93.837531][ T5086] ? hlock_class+0x4e/0x130
[ 93.842024][ T5086] ? mark_lock+0xb5/0xc50
[ 93.846346][ T5086] ? hlock_class+0x4e/0x130
[ 93.850844][ T5086] ? __lock_acquire+0xc65/0x3b20
[ 93.855777][ T5086] ? warn_alloc+0x3a0/0x3a0
[ 93.860278][ T5086] ? lockdep_hardirqs_on_prepare+0x420/0x420
[ 93.866254][ T5086] ? hlock_class+0x4e/0x130
[ 93.870747][ T5086] ? __lock_acquire+0xc65/0x3b20
[ 93.875680][ T5086] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 93.881570][ T5086] ? policy_nodemask+0x313/0x480
[ 93.886498][ T5086] alloc_pages_mpol+0x258/0x5f0
[ 93.891341][ T5086] ? mempolicy_in_oom_domain+0x150/0x150
[ 93.896963][ T5086] ? xas_descend+0x141/0x4e0
[ 93.901551][ T5086] folio_alloc+0x1e/0xe0
[ 93.905781][ T5086] filemap_alloc_folio+0x3bb/0x490
[ 93.910885][ T5086] ? __probestub_file_check_and_advance_wb_err+0x10/0x10
[ 93.917900][ T5086] ? print_usage_bug.part.0+0x550/0x550
[ 93.923443][ T5086] __filemap_get_folio+0x54c/0xaa0
[ 93.928546][ T5086] pagecache_get_page+0x2c/0x250
[ 93.933476][ T5086] block_write_begin+0x38/0x490
[ 93.938317][ T5086] ? hfs_extend_file+0xb10/0xb10
[ 93.943257][ T5086] cont_write_begin+0x530/0x730
[ 93.948125][ T5086] ? hfs_extend_file+0xb10/0xb10
[ 93.953055][ T5086] ? block_write_begin+0x490/0x490
[ 93.958161][ T5086] ? fault_in_readable+0x106/0x200
[ 93.963270][ T5086] ? fault_in_readable+0x150/0x200
[ 93.968378][ T5086] ? fault_in_subpage_writeable+0x20/0x20
[ 93.974093][ T5086] hfs_write_begin+0x87/0x140
[ 93.978763][ T5086] ? hfs_extend_file+0xb10/0xb10
[ 93.983691][ T5086] generic_perform_write+0x278/0x600
[ 93.988967][ T5086] ? folio_add_wait_queue+0x1c0/0x1c0
[ 93.994328][ T5086] ? generic_update_time+0xcf/0xf0
[ 93.999437][ T5086] ? mnt_put_write_access_file+0x45/0xf0
[ 94.005064][ T5086] __generic_file_write_iter+0x1f9/0x240
[ 94.010692][ T5086] generic_file_write_iter+0xe3/0x350
[ 94.016057][ T5086] vfs_write+0x64f/0xdf0
[ 94.020290][ T5086] ? kernel_write+0x6c0/0x6c0
[ 94.024954][ T5086] ? __fget_light+0x1fc/0x260
[ 94.029637][ T5086] ksys_write+0x12f/0x250
[ 94.033956][ T5086] ? __ia32_sys_read+0xb0/0xb0
[ 94.038706][ T5086] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 94.044939][ T5086] do_syscall_64+0x40/0x110
[ 94.049431][ T5086] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 94.055317][ T5086] RIP: 0033:0x7fc8ca0ec1e9
[ 94.059718][ T5086] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 94.079311][ T5086] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 94.087730][ T5086] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[ 94.095689][ T5086] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 94.103654][ T5086] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[pid 5086] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5086] exit_group(0) = ?
[pid 5086] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 94.111615][ T5086] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 94.119580][ T5086] R13: 000000000000001d R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 94.127563][ T5086]
newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./29/bus") = 0
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./29/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./29") = 0
mkdir("./30", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5087 attached
[pid 5087] set_robust_list(0x55555665b660, 24) = 0
[pid 5087] chdir("./30") = 0
[pid 5053] <... clone resumed>, child_tidptr=0x55555665b650) = 5087
[pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5087] setpgid(0, 0) = 0
[pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5087] write(3, "1000", 4) = 4
[pid 5087] close(3) = 0
[pid 5087] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5087] memfd_create("syzkaller", 0) = 3
[pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5087] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5087] close(3) = 0
[pid 5087] mkdir("./bus", 0777) = 0
[pid 5087] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5087] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5087] chdir("./bus") = 0
[pid 5087] ioctl(4, LOOP_CLR_FD) = 0
[pid 5087] close(4) = 0
[pid 5087] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 94.328379][ T5087] loop0: detected capacity change from 0 to 64
[ 94.346601][ T5087] hfs: unable to locate alternate MDB
[ 94.352260][ T5087] hfs: continuing without an alternate MDB
[pid 5087] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5087] write(5, "9", 1) = 1
[ 94.407486][ T5087] FAULT_INJECTION: forcing a failure.
[ 94.407486][ T5087] name failslab, interval 1, probability 0, space 0, times 0
[ 94.420318][ T5087] CPU: 1 PID: 5087 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 94.430740][ T5087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 94.440781][ T5087] Call Trace:
[ 94.444055][ T5087]
[ 94.446983][ T5087] dump_stack_lvl+0x125/0x1b0
[ 94.451654][ T5087] should_fail_ex+0x496/0x5b0
[ 94.456329][ T5087] should_failslab+0x9/0x20
[ 94.460821][ T5087] __kmem_cache_alloc_node+0x5f/0x460
[ 94.466190][ T5087] ? hfs_find_init+0x95/0x220
[ 94.470862][ T5087] __kmalloc+0x49/0x90
[ 94.474932][ T5087] hfs_find_init+0x95/0x220
[ 94.479438][ T5087] hfs_ext_read_extent+0x19c/0x9d0
[ 94.484554][ T5087] ? mutex_trylock+0x130/0x130
[ 94.489325][ T5087] ? hfs_free_extents+0x2f0/0x2f0
[ 94.494353][ T5087] ? clean_bdev_aliases+0x50e/0x610
[ 94.499563][ T5087] hfs_extend_file+0x4e0/0xb10
[ 94.504341][ T5087] ? reacquire_held_locks+0x4c0/0x4c0
[ 94.509719][ T5087] ? hfs_free_fork+0x900/0x900
[ 94.514485][ T5087] hfs_get_block+0x17f/0x820
[ 94.519080][ T5087] ? hfs_extend_file+0xb10/0xb10
[ 94.524022][ T5087] __block_write_begin_int+0x3c0/0x1560
[ 94.529572][ T5087] ? hfs_extend_file+0xb10/0xb10
[ 94.534516][ T5087] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 94.540067][ T5087] block_write_begin+0xb1/0x490
[ 94.544922][ T5087] ? hfs_extend_file+0xb10/0xb10
[ 94.549863][ T5087] cont_write_begin+0x530/0x730
[ 94.554719][ T5087] ? hfs_extend_file+0xb10/0xb10
[ 94.559661][ T5087] ? block_write_begin+0x490/0x490
[ 94.564775][ T5087] ? fault_in_readable+0x106/0x200
[ 94.569892][ T5087] ? fault_in_readable+0x150/0x200
[ 94.575012][ T5087] ? fault_in_subpage_writeable+0x20/0x20
[ 94.580740][ T5087] hfs_write_begin+0x87/0x140
[ 94.585421][ T5087] ? hfs_extend_file+0xb10/0xb10
[ 94.590363][ T5087] generic_perform_write+0x278/0x600
[ 94.595653][ T5087] ? folio_add_wait_queue+0x1c0/0x1c0
[ 94.601028][ T5087] ? generic_update_time+0xcf/0xf0
[ 94.606145][ T5087] ? mnt_put_write_access_file+0x45/0xf0
[ 94.611783][ T5087] __generic_file_write_iter+0x1f9/0x240
[ 94.617424][ T5087] generic_file_write_iter+0xe3/0x350
[ 94.622803][ T5087] vfs_write+0x64f/0xdf0
[ 94.627046][ T5087] ? kernel_write+0x6c0/0x6c0
[ 94.631726][ T5087] ? __fget_light+0x1fc/0x260
[ 94.636405][ T5087] ksys_write+0x12f/0x250
[ 94.640733][ T5087] ? __ia32_sys_read+0xb0/0xb0
[ 94.645499][ T5087] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 94.651739][ T5087] do_syscall_64+0x40/0x110
[ 94.656245][ T5087] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 94.662151][ T5087] RIP: 0033:0x7fc8ca0ec1e9
[ 94.666559][ T5087] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 94.686163][ T5087] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 94.694578][ T5087] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5087] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5087] exit_group(0) = ?
[pid 5087] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
[ 94.702545][ T5087] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 94.710510][ T5087] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 94.718474][ T5087] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 94.726438][ T5087] R13: 000000000000001e R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 94.734406][ T5087]
umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./30/bus") = 0
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./30/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./30") = 0
mkdir("./31", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached
[pid 5088] set_robust_list(0x55555665b660, 24) = 0
[pid 5053] <... clone resumed>, child_tidptr=0x55555665b650) = 5088
[pid 5088] chdir("./31") = 0
[pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5088] setpgid(0, 0) = 0
[pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5088] write(3, "1000", 4) = 4
[pid 5088] close(3) = 0
[pid 5088] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5088] memfd_create("syzkaller", 0) = 3
[pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5088] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5088] close(3) = 0
[pid 5088] mkdir("./bus", 0777) = 0
[pid 5088] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5088] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5088] chdir("./bus") = 0
[pid 5088] ioctl(4, LOOP_CLR_FD) = 0
[pid 5088] close(4) = 0
[pid 5088] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5088] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5088] write(5, "9", 1) = 1
[ 94.965047][ T5088] loop0: detected capacity change from 0 to 64
[ 94.974375][ T5088] hfs: unable to locate alternate MDB
[ 94.980020][ T5088] hfs: continuing without an alternate MDB
[ 95.020174][ T5088] FAULT_INJECTION: forcing a failure.
[ 95.020174][ T5088] name failslab, interval 1, probability 0, space 0, times 0
[ 95.033086][ T5088] CPU: 0 PID: 5088 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 95.043505][ T5088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 95.053549][ T5088] Call Trace:
[ 95.056817][ T5088]
[ 95.059738][ T5088] dump_stack_lvl+0x125/0x1b0
[ 95.064409][ T5088] should_fail_ex+0x496/0x5b0
[ 95.069082][ T5088] should_failslab+0x9/0x20
[ 95.073575][ T5088] __kmem_cache_alloc_node+0x5f/0x460
[ 95.078955][ T5088] ? hfs_find_init+0x95/0x220
[ 95.083665][ T5088] __kmalloc+0x49/0x90
[ 95.087727][ T5088] hfs_find_init+0x95/0x220
[ 95.092223][ T5088] hfs_ext_read_extent+0x19c/0x9d0
[ 95.097328][ T5088] ? mutex_trylock+0x130/0x130
[ 95.102086][ T5088] ? hfs_free_extents+0x2f0/0x2f0
[ 95.107106][ T5088] ? clean_bdev_aliases+0x50e/0x610
[ 95.112298][ T5088] hfs_extend_file+0x4e0/0xb10
[ 95.117053][ T5088] ? reacquire_held_locks+0x4c0/0x4c0
[ 95.122419][ T5088] ? hfs_free_fork+0x900/0x900
[ 95.127175][ T5088] hfs_get_block+0x17f/0x820
[ 95.131761][ T5088] ? hfs_extend_file+0xb10/0xb10
[ 95.136687][ T5088] __block_write_begin_int+0x3c0/0x1560
[ 95.142235][ T5088] ? hfs_extend_file+0xb10/0xb10
[ 95.147165][ T5088] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 95.152705][ T5088] block_write_begin+0xb1/0x490
[ 95.157550][ T5088] ? hfs_extend_file+0xb10/0xb10
[ 95.162482][ T5088] cont_write_begin+0x530/0x730
[ 95.167332][ T5088] ? hfs_extend_file+0xb10/0xb10
[ 95.172263][ T5088] ? block_write_begin+0x490/0x490
[ 95.177366][ T5088] ? fault_in_readable+0x106/0x200
[ 95.182475][ T5088] ? fault_in_readable+0x150/0x200
[ 95.187583][ T5088] ? fault_in_subpage_writeable+0x20/0x20
[ 95.193300][ T5088] hfs_write_begin+0x87/0x140
[ 95.197987][ T5088] ? hfs_extend_file+0xb10/0xb10
[ 95.202939][ T5088] generic_perform_write+0x278/0x600
[ 95.208239][ T5088] ? folio_add_wait_queue+0x1c0/0x1c0
[ 95.213624][ T5088] ? generic_update_time+0xcf/0xf0
[ 95.218729][ T5088] ? mnt_put_write_access_file+0x45/0xf0
[ 95.224358][ T5088] __generic_file_write_iter+0x1f9/0x240
[ 95.229986][ T5088] generic_file_write_iter+0xe3/0x350
[ 95.235355][ T5088] vfs_write+0x64f/0xdf0
[ 95.239592][ T5088] ? kernel_write+0x6c0/0x6c0
[ 95.244267][ T5088] ? __fget_light+0x4f/0x260
[ 95.248870][ T5088] ? __fget_light+0x1fc/0x260
[ 95.253540][ T5088] ksys_write+0x12f/0x250
[ 95.257881][ T5088] ? __ia32_sys_read+0xb0/0xb0
[ 95.262637][ T5088] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 95.268872][ T5088] do_syscall_64+0x40/0x110
[ 95.273370][ T5088] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 95.279264][ T5088] RIP: 0033:0x7fc8ca0ec1e9
[ 95.283667][ T5088] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 95.303264][ T5088] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 95.311663][ T5088] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5088] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5088] exit_group(0) = ?
[pid 5088] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 95.319622][ T5088] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 95.327583][ T5088] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 95.335540][ T5088] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 95.343499][ T5088] R13: 000000000000001f R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 95.351465][ T5088]
umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./31/bus") = 0
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./31/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./31") = 0
mkdir("./32", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached
, child_tidptr=0x55555665b650) = 5089
[pid 5089] set_robust_list(0x55555665b660, 24) = 0
[pid 5089] chdir("./32") = 0
[pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5089] setpgid(0, 0) = 0
[pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5089] write(3, "1000", 4) = 4
[pid 5089] close(3) = 0
[pid 5089] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5089] memfd_create("syzkaller", 0) = 3
[pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5089] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5089] close(3) = 0
[pid 5089] mkdir("./bus", 0777) = 0
[pid 5089] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5089] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5089] chdir("./bus") = 0
[pid 5089] ioctl(4, LOOP_CLR_FD) = 0
[pid 5089] close(4) = 0
[pid 5089] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5089] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5089] write(5, "9", 1) = 1
[pid 5089] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5089] exit_group(0) = ?
[ 95.609290][ T5089] loop0: detected capacity change from 0 to 64
[ 95.623712][ T5089] hfs: unable to locate alternate MDB
[ 95.629095][ T5089] hfs: continuing without an alternate MDB
[pid 5089] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5089, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./32/bus") = 0
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./32/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./32") = 0
mkdir("./33", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached
, child_tidptr=0x55555665b650) = 5090
[pid 5090] set_robust_list(0x55555665b660, 24) = 0
[pid 5090] chdir("./33") = 0
[pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5090] setpgid(0, 0) = 0
[pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5090] write(3, "1000", 4) = 4
[pid 5090] close(3) = 0
[pid 5090] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5090] memfd_create("syzkaller", 0) = 3
[pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5090] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5090] close(3) = 0
[pid 5090] mkdir("./bus", 0777) = 0
[pid 5090] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5090] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5090] chdir("./bus") = 0
[pid 5090] ioctl(4, LOOP_CLR_FD) = 0
[pid 5090] close(4) = 0
[pid 5090] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5090] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5090] write(5, "9", 1) = 1
[ 96.002474][ T5090] loop0: detected capacity change from 0 to 64
[ 96.022499][ T5090] hfs: unable to locate alternate MDB
[ 96.027876][ T5090] hfs: continuing without an alternate MDB
[ 96.076376][ T5090] FAULT_INJECTION: forcing a failure.
[ 96.076376][ T5090] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 96.089627][ T5090] CPU: 0 PID: 5090 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 96.100028][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 96.110070][ T5090] Call Trace:
[ 96.113342][ T5090]
[ 96.116260][ T5090] dump_stack_lvl+0x125/0x1b0
[ 96.120950][ T5090] should_fail_ex+0x496/0x5b0
[ 96.125649][ T5090] ? fs_reclaim_acquire+0xb0/0x150
[ 96.130749][ T5090] __should_fail_alloc_page+0xe7/0x130
[ 96.136205][ T5090] prepare_alloc_pages.constprop.0+0x16f/0x550
[ 96.142350][ T5090] __alloc_pages+0x193/0x2420
[ 96.147022][ T5090] ? hlock_class+0x4e/0x130
[ 96.151523][ T5090] ? mark_lock+0xb5/0xc50
[ 96.155860][ T5090] ? hlock_class+0x4e/0x130
[ 96.160369][ T5090] ? __lock_acquire+0xc65/0x3b20
[ 96.165313][ T5090] ? warn_alloc+0x3a0/0x3a0
[ 96.169818][ T5090] ? lockdep_hardirqs_on_prepare+0x420/0x420
[ 96.175807][ T5090] ? hlock_class+0x4e/0x130
[ 96.180311][ T5090] ? __lock_acquire+0xc65/0x3b20
[ 96.185253][ T5090] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 96.191147][ T5090] ? policy_nodemask+0x313/0x480
[ 96.196083][ T5090] alloc_pages_mpol+0x258/0x5f0
[ 96.200935][ T5090] ? mempolicy_in_oom_domain+0x150/0x150
[ 96.206578][ T5090] ? xas_descend+0x141/0x4e0
[ 96.211186][ T5090] folio_alloc+0x1e/0xe0
[ 96.215429][ T5090] filemap_alloc_folio+0x3bb/0x490
[ 96.220545][ T5090] ? __probestub_file_check_and_advance_wb_err+0x10/0x10
[ 96.227569][ T5090] ? print_usage_bug.part.0+0x550/0x550
[ 96.233129][ T5090] __filemap_get_folio+0x54c/0xaa0
[ 96.238248][ T5090] pagecache_get_page+0x2c/0x250
[ 96.243192][ T5090] block_write_begin+0x38/0x490
[ 96.248049][ T5090] ? hfs_extend_file+0xb10/0xb10
[ 96.252991][ T5090] cont_write_begin+0x530/0x730
[ 96.257865][ T5090] ? hfs_extend_file+0xb10/0xb10
[ 96.262809][ T5090] ? block_write_begin+0x490/0x490
[ 96.267939][ T5090] ? fault_in_readable+0x106/0x200
[ 96.273068][ T5090] ? fault_in_readable+0x150/0x200
[ 96.278188][ T5090] ? fault_in_subpage_writeable+0x20/0x20
[ 96.283918][ T5090] hfs_write_begin+0x87/0x140
[ 96.288610][ T5090] ? hfs_extend_file+0xb10/0xb10
[ 96.293563][ T5090] generic_perform_write+0x278/0x600
[ 96.298866][ T5090] ? folio_add_wait_queue+0x1c0/0x1c0
[ 96.304245][ T5090] ? generic_update_time+0xcf/0xf0
[ 96.309366][ T5090] ? mnt_put_write_access_file+0x45/0xf0
[ 96.315005][ T5090] __generic_file_write_iter+0x1f9/0x240
[ 96.320645][ T5090] generic_file_write_iter+0xe3/0x350
[ 96.326023][ T5090] vfs_write+0x64f/0xdf0
[ 96.330271][ T5090] ? kernel_write+0x6c0/0x6c0
[ 96.334953][ T5090] ? __fget_light+0x1fc/0x260
[ 96.339629][ T5090] ksys_write+0x12f/0x250
[ 96.343961][ T5090] ? __ia32_sys_read+0xb0/0xb0
[ 96.348725][ T5090] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 96.354973][ T5090] do_syscall_64+0x40/0x110
[ 96.359481][ T5090] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 96.365383][ T5090] RIP: 0033:0x7fc8ca0ec1e9
[ 96.369793][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 96.389396][ T5090] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 96.397807][ T5090] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[ 96.405784][ T5090] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 96.413751][ T5090] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[pid 5090] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5090] exit_group(0) = ?
[pid 5090] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
[ 96.421720][ T5090] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 96.429683][ T5090] R13: 0000000000000021 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 96.437651][ T5090]
[ 96.444009][ T26] audit: type=1400 audit(1701791399.604:93): avc: denied { rename } for pid=4491 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
[ 96.466773][ T26] audit: type=1400 audit(1701791399.604:94): avc: denied { unlink } for pid=4491 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 96.489654][ T26] audit: type=1400 audit(1701791399.604:95): avc: denied { create } for pid=4491 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./33/bus") = 0
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./33/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./33") = 0
mkdir("./34", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached
, child_tidptr=0x55555665b650) = 5091
[pid 5091] set_robust_list(0x55555665b660, 24) = 0
[pid 5091] chdir("./34") = 0
[pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5091] setpgid(0, 0) = 0
[pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5091] write(3, "1000", 4) = 4
[pid 5091] close(3) = 0
[pid 5091] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5091] memfd_create("syzkaller", 0) = 3
[pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5091] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5091] close(3) = 0
[pid 5091] mkdir("./bus", 0777) = 0
[pid 5091] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5091] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5091] chdir("./bus") = 0
[pid 5091] ioctl(4, LOOP_CLR_FD) = 0
[pid 5091] close(4) = 0
[pid 5091] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5091] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5091] write(5, "9", 1) = 1
[ 96.694319][ T5091] loop0: detected capacity change from 0 to 64
[ 96.708881][ T5091] hfs: unable to locate alternate MDB
[ 96.714287][ T5091] hfs: continuing without an alternate MDB
[ 96.781765][ T5091] FAULT_INJECTION: forcing a failure.
[ 96.781765][ T5091] name failslab, interval 1, probability 0, space 0, times 0
[ 96.794463][ T5091] CPU: 0 PID: 5091 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 96.804900][ T5091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 96.814942][ T5091] Call Trace:
[ 96.818212][ T5091]
[ 96.821132][ T5091] dump_stack_lvl+0x125/0x1b0
[ 96.825812][ T5091] should_fail_ex+0x496/0x5b0
[ 96.830485][ T5091] should_failslab+0x9/0x20
[ 96.834979][ T5091] __kmem_cache_alloc_node+0x5f/0x460
[ 96.840347][ T5091] ? hfs_find_init+0x95/0x220
[ 96.845014][ T5091] __kmalloc+0x49/0x90
[ 96.849075][ T5091] hfs_find_init+0x95/0x220
[ 96.853569][ T5091] hfs_ext_read_extent+0x19c/0x9d0
[ 96.858674][ T5091] ? mutex_trylock+0x130/0x130
[ 96.863430][ T5091] ? hfs_free_extents+0x2f0/0x2f0
[ 96.868446][ T5091] ? clean_bdev_aliases+0x50e/0x610
[ 96.873633][ T5091] hfs_extend_file+0x4e0/0xb10
[ 96.878390][ T5091] ? reacquire_held_locks+0x4c0/0x4c0
[ 96.883756][ T5091] ? hfs_free_fork+0x900/0x900
[ 96.888513][ T5091] hfs_get_block+0x17f/0x820
[ 96.893104][ T5091] ? hfs_extend_file+0xb10/0xb10
[ 96.898045][ T5091] __block_write_begin_int+0x3c0/0x1560
[ 96.903600][ T5091] ? hfs_extend_file+0xb10/0xb10
[ 96.908544][ T5091] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 96.914096][ T5091] block_write_begin+0xb1/0x490
[ 96.918953][ T5091] ? hfs_extend_file+0xb10/0xb10
[ 96.923892][ T5091] cont_write_begin+0x530/0x730
[ 96.928749][ T5091] ? hfs_extend_file+0xb10/0xb10
[ 96.933687][ T5091] ? block_write_begin+0x490/0x490
[ 96.938801][ T5091] ? fault_in_readable+0x106/0x200
[ 96.943918][ T5091] ? fault_in_readable+0x150/0x200
[ 96.949036][ T5091] ? fault_in_subpage_writeable+0x20/0x20
[ 96.954769][ T5091] hfs_write_begin+0x87/0x140
[ 96.959453][ T5091] ? hfs_extend_file+0xb10/0xb10
[ 96.964392][ T5091] generic_perform_write+0x278/0x600
[ 96.969680][ T5091] ? folio_add_wait_queue+0x1c0/0x1c0
[ 96.975051][ T5091] ? generic_update_time+0xcf/0xf0
[ 96.980174][ T5091] ? mnt_put_write_access_file+0x45/0xf0
[ 96.985813][ T5091] __generic_file_write_iter+0x1f9/0x240
[ 96.991453][ T5091] generic_file_write_iter+0xe3/0x350
[ 96.996832][ T5091] vfs_write+0x64f/0xdf0
[ 97.001078][ T5091] ? kernel_write+0x6c0/0x6c0
[ 97.005755][ T5091] ? __fget_light+0x1fc/0x260
[ 97.010431][ T5091] ksys_write+0x12f/0x250
[ 97.014758][ T5091] ? __ia32_sys_read+0xb0/0xb0
[ 97.019518][ T5091] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 97.025762][ T5091] do_syscall_64+0x40/0x110
[ 97.030268][ T5091] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 97.036175][ T5091] RIP: 0033:0x7fc8ca0ec1e9
[ 97.040584][ T5091] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 97.060187][ T5091] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 97.068603][ T5091] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5091] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5091] exit_group(0) = ?
[pid 5091] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
[ 97.076571][ T5091] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 97.084539][ T5091] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 97.092504][ T5091] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 97.100472][ T5091] R13: 0000000000000022 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 97.108440][ T5091]
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./34/bus") = 0
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./34/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./34") = 0
mkdir("./35", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555665b650) = 5092
./strace-static-x86_64: Process 5092 attached
[pid 5092] set_robust_list(0x55555665b660, 24) = 0
[pid 5092] chdir("./35") = 0
[pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5092] setpgid(0, 0) = 0
[pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5092] write(3, "1000", 4) = 4
[pid 5092] close(3) = 0
[pid 5092] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5092] memfd_create("syzkaller", 0) = 3
[pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5092] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5092] close(3) = 0
[pid 5092] mkdir("./bus", 0777) = 0
[pid 5092] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5092] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5092] chdir("./bus") = 0
[pid 5092] ioctl(4, LOOP_CLR_FD) = 0
[pid 5092] close(4) = 0
[pid 5092] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5092] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5092] write(5, "9", 1) = 1
[ 97.293120][ T5092] loop0: detected capacity change from 0 to 64
[ 97.317706][ T5092] hfs: unable to locate alternate MDB
[ 97.323168][ T5092] hfs: continuing without an alternate MDB
[ 97.368667][ T5092] FAULT_INJECTION: forcing a failure.
[ 97.368667][ T5092] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 97.382000][ T5092] CPU: 1 PID: 5092 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 97.392436][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 97.402491][ T5092] Call Trace:
[ 97.405762][ T5092]
[ 97.408683][ T5092] dump_stack_lvl+0x125/0x1b0
[ 97.413352][ T5092] should_fail_ex+0x496/0x5b0
[ 97.418027][ T5092] ? fs_reclaim_acquire+0xb0/0x150
[ 97.423126][ T5092] __should_fail_alloc_page+0xe7/0x130
[ 97.428576][ T5092] prepare_alloc_pages.constprop.0+0x16f/0x550
[ 97.434720][ T5092] __alloc_pages+0x193/0x2420
[ 97.439397][ T5092] ? hlock_class+0x4e/0x130
[ 97.443914][ T5092] ? mark_lock+0xb5/0xc50
[ 97.448237][ T5092] ? hlock_class+0x4e/0x130
[ 97.452729][ T5092] ? __lock_acquire+0xc65/0x3b20
[ 97.457657][ T5092] ? warn_alloc+0x3a0/0x3a0
[ 97.462148][ T5092] ? lockdep_hardirqs_on_prepare+0x420/0x420
[ 97.468122][ T5092] ? hlock_class+0x4e/0x130
[ 97.472613][ T5092] ? __lock_acquire+0xc65/0x3b20
[ 97.477545][ T5092] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 97.483428][ T5092] ? policy_nodemask+0x313/0x480
[ 97.488351][ T5092] alloc_pages_mpol+0x258/0x5f0
[ 97.493190][ T5092] ? mempolicy_in_oom_domain+0x150/0x150
[ 97.498814][ T5092] ? xas_descend+0x141/0x4e0
[ 97.503399][ T5092] folio_alloc+0x1e/0xe0
[ 97.507626][ T5092] filemap_alloc_folio+0x3bb/0x490
[ 97.512738][ T5092] ? __probestub_file_check_and_advance_wb_err+0x10/0x10
[ 97.519750][ T5092] ? print_usage_bug.part.0+0x550/0x550
[ 97.525299][ T5092] __filemap_get_folio+0x54c/0xaa0
[ 97.530411][ T5092] pagecache_get_page+0x2c/0x250
[ 97.535344][ T5092] block_write_begin+0x38/0x490
[ 97.540189][ T5092] ? hfs_extend_file+0xb10/0xb10
[ 97.545141][ T5092] cont_write_begin+0x530/0x730
[ 97.549994][ T5092] ? hfs_extend_file+0xb10/0xb10
[ 97.554926][ T5092] ? block_write_begin+0x490/0x490
[ 97.560032][ T5092] ? fault_in_readable+0x106/0x200
[ 97.565143][ T5092] ? fault_in_readable+0x150/0x200
[ 97.570258][ T5092] ? fault_in_subpage_writeable+0x20/0x20
[ 97.575976][ T5092] hfs_write_begin+0x87/0x140
[ 97.580650][ T5092] ? hfs_extend_file+0xb10/0xb10
[ 97.585577][ T5092] generic_perform_write+0x278/0x600
[ 97.590876][ T5092] ? folio_add_wait_queue+0x1c0/0x1c0
[ 97.596237][ T5092] ? generic_update_time+0xcf/0xf0
[ 97.601343][ T5092] ? mnt_put_write_access_file+0x45/0xf0
[ 97.606968][ T5092] __generic_file_write_iter+0x1f9/0x240
[ 97.612603][ T5092] generic_file_write_iter+0xe3/0x350
[ 97.617975][ T5092] vfs_write+0x64f/0xdf0
[ 97.622210][ T5092] ? kernel_write+0x6c0/0x6c0
[ 97.626879][ T5092] ? __fget_light+0x1fc/0x260
[ 97.631551][ T5092] ksys_write+0x12f/0x250
[ 97.635869][ T5092] ? __ia32_sys_read+0xb0/0xb0
[ 97.640621][ T5092] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 97.646851][ T5092] do_syscall_64+0x40/0x110
[ 97.651346][ T5092] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 97.657234][ T5092] RIP: 0033:0x7fc8ca0ec1e9
[ 97.661636][ T5092] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 97.681233][ T5092] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 97.689632][ T5092] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[ 97.697610][ T5092] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 97.705567][ T5092] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[pid 5092] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5092] exit_group(0) = ?
[pid 5092] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
[ 97.713527][ T5092] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 97.721488][ T5092] R13: 0000000000000023 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 97.729456][ T5092]
umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./35/bus") = 0
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./35/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./35") = 0
mkdir("./36", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5093 attached
, child_tidptr=0x55555665b650) = 5093
[pid 5093] set_robust_list(0x55555665b660, 24) = 0
[pid 5093] chdir("./36") = 0
[pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5093] setpgid(0, 0) = 0
[pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "1000", 4) = 4
[pid 5093] close(3) = 0
[pid 5093] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5093] memfd_create("syzkaller", 0) = 3
[pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5093] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5093] close(3) = 0
[pid 5093] mkdir("./bus", 0777) = 0
[pid 5093] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5093] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5093] chdir("./bus") = 0
[pid 5093] ioctl(4, LOOP_CLR_FD) = 0
[pid 5093] close(4) = 0
[pid 5093] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 97.990432][ T5093] loop0: detected capacity change from 0 to 64
[ 98.015922][ T5093] hfs: unable to locate alternate MDB
[ 98.021352][ T5093] hfs: continuing without an alternate MDB
[pid 5093] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5093] write(5, "9", 1) = 1
[ 98.076015][ T5093] FAULT_INJECTION: forcing a failure.
[ 98.076015][ T5093] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 98.089339][ T5093] CPU: 0 PID: 5093 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 98.099740][ T5093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 98.109782][ T5093] Call Trace:
[ 98.113052][ T5093]
[ 98.115972][ T5093] dump_stack_lvl+0x125/0x1b0
[ 98.120640][ T5093] should_fail_ex+0x496/0x5b0
[ 98.125313][ T5093] ? fs_reclaim_acquire+0xb0/0x150
[ 98.130413][ T5093] __should_fail_alloc_page+0xe7/0x130
[ 98.135867][ T5093] prepare_alloc_pages.constprop.0+0x16f/0x550
[ 98.142017][ T5093] __alloc_pages+0x193/0x2420
[ 98.146685][ T5093] ? hlock_class+0x4e/0x130
[ 98.151178][ T5093] ? mark_lock+0xb5/0xc50
[ 98.155496][ T5093] ? hlock_class+0x4e/0x130
[ 98.159988][ T5093] ? __lock_acquire+0xc65/0x3b20
[ 98.164916][ T5093] ? warn_alloc+0x3a0/0x3a0
[ 98.169411][ T5093] ? lockdep_hardirqs_on_prepare+0x420/0x420
[ 98.175386][ T5093] ? hlock_class+0x4e/0x130
[ 98.179879][ T5093] ? __lock_acquire+0xc65/0x3b20
[ 98.184811][ T5093] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 98.190705][ T5093] ? policy_nodemask+0x313/0x480
[ 98.195638][ T5093] alloc_pages_mpol+0x258/0x5f0
[ 98.200490][ T5093] ? mempolicy_in_oom_domain+0x150/0x150
[ 98.206120][ T5093] ? xas_descend+0x141/0x4e0
[ 98.210719][ T5093] folio_alloc+0x1e/0xe0
[ 98.214962][ T5093] filemap_alloc_folio+0x3bb/0x490
[ 98.220078][ T5093] ? __probestub_file_check_and_advance_wb_err+0x10/0x10
[ 98.227100][ T5093] ? print_usage_bug.part.0+0x550/0x550
[ 98.232650][ T5093] __filemap_get_folio+0x54c/0xaa0
[ 98.237768][ T5093] pagecache_get_page+0x2c/0x250
[ 98.242708][ T5093] block_write_begin+0x38/0x490
[ 98.247560][ T5093] ? hfs_extend_file+0xb10/0xb10
[ 98.252503][ T5093] cont_write_begin+0x530/0x730
[ 98.257362][ T5093] ? hfs_extend_file+0xb10/0xb10
[ 98.262303][ T5093] ? block_write_begin+0x490/0x490
[ 98.267415][ T5093] ? fault_in_readable+0x106/0x200
[ 98.272533][ T5093] ? fault_in_readable+0x150/0x200
[ 98.277647][ T5093] ? fault_in_subpage_writeable+0x20/0x20
[ 98.283383][ T5093] hfs_write_begin+0x87/0x140
[ 98.288066][ T5093] ? hfs_extend_file+0xb10/0xb10
[ 98.293009][ T5093] generic_perform_write+0x278/0x600
[ 98.298299][ T5093] ? folio_add_wait_queue+0x1c0/0x1c0
[ 98.303672][ T5093] ? generic_update_time+0xcf/0xf0
[ 98.308873][ T5093] ? mnt_put_write_access_file+0x45/0xf0
[ 98.314508][ T5093] __generic_file_write_iter+0x1f9/0x240
[ 98.320144][ T5093] generic_file_write_iter+0xe3/0x350
[ 98.325519][ T5093] vfs_write+0x64f/0xdf0
[ 98.329765][ T5093] ? kernel_write+0x6c0/0x6c0
[ 98.334445][ T5093] ? __fget_light+0x1fc/0x260
[ 98.339126][ T5093] ksys_write+0x12f/0x250
[ 98.343459][ T5093] ? __ia32_sys_read+0xb0/0xb0
[ 98.348220][ T5093] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 98.354462][ T5093] do_syscall_64+0x40/0x110
[ 98.358965][ T5093] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 98.364869][ T5093] RIP: 0033:0x7fc8ca0ec1e9
[ 98.369278][ T5093] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 98.388879][ T5093] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 98.397294][ T5093] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[ 98.405265][ T5093] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 98.413232][ T5093] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[pid 5093] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5093] exit_group(0) = ?
[pid 5093] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./36/bus") = 0
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 98.421201][ T5093] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 98.429169][ T5093] R13: 0000000000000024 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 98.437139][ T5093]
newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./36/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./36") = 0
mkdir("./37", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5094 attached
, child_tidptr=0x55555665b650) = 5094
[pid 5094] set_robust_list(0x55555665b660, 24) = 0
[pid 5094] chdir("./37") = 0
[pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5094] setpgid(0, 0) = 0
[pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5094] write(3, "1000", 4) = 4
[pid 5094] close(3) = 0
[pid 5094] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5094] memfd_create("syzkaller", 0) = 3
[pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5094] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5094] close(3) = 0
[pid 5094] mkdir("./bus", 0777) = 0
[pid 5094] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5094] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5094] chdir("./bus") = 0
[pid 5094] ioctl(4, LOOP_CLR_FD) = 0
[pid 5094] close(4) = 0
[pid 5094] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 98.618048][ T5094] loop0: detected capacity change from 0 to 64
[ 98.632842][ T5094] hfs: unable to locate alternate MDB
[ 98.638225][ T5094] hfs: continuing without an alternate MDB
[pid 5094] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5094] write(5, "9", 1) = 1
[ 98.702263][ T5094] FAULT_INJECTION: forcing a failure.
[ 98.702263][ T5094] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 98.715524][ T5094] CPU: 1 PID: 5094 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 98.725921][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 98.735964][ T5094] Call Trace:
[ 98.739242][ T5094]
[ 98.742174][ T5094] dump_stack_lvl+0x125/0x1b0
[ 98.746839][ T5094] should_fail_ex+0x496/0x5b0
[ 98.751511][ T5094] ? fs_reclaim_acquire+0xb0/0x150
[ 98.756610][ T5094] __should_fail_alloc_page+0xe7/0x130
[ 98.762061][ T5094] prepare_alloc_pages.constprop.0+0x16f/0x550
[ 98.768204][ T5094] __alloc_pages+0x193/0x2420
[ 98.772874][ T5094] ? hlock_class+0x4e/0x130
[ 98.777376][ T5094] ? mark_lock+0xb5/0xc50
[ 98.781699][ T5094] ? hlock_class+0x4e/0x130
[ 98.786193][ T5094] ? __lock_acquire+0xc65/0x3b20
[ 98.791133][ T5094] ? warn_alloc+0x3a0/0x3a0
[ 98.795640][ T5094] ? lockdep_hardirqs_on_prepare+0x420/0x420
[ 98.801621][ T5094] ? hlock_class+0x4e/0x130
[ 98.806120][ T5094] ? __lock_acquire+0xc65/0x3b20
[ 98.811070][ T5094] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 98.816988][ T5094] ? policy_nodemask+0x313/0x480
[ 98.821919][ T5094] alloc_pages_mpol+0x258/0x5f0
[ 98.826776][ T5094] ? mempolicy_in_oom_domain+0x150/0x150
[ 98.832398][ T5094] ? xas_descend+0x141/0x4e0
[ 98.836985][ T5094] folio_alloc+0x1e/0xe0
[ 98.841220][ T5094] filemap_alloc_folio+0x3bb/0x490
[ 98.846345][ T5094] ? __probestub_file_check_and_advance_wb_err+0x10/0x10
[ 98.853378][ T5094] ? print_usage_bug.part.0+0x550/0x550
[ 98.858922][ T5094] __filemap_get_folio+0x54c/0xaa0
[ 98.864029][ T5094] pagecache_get_page+0x2c/0x250
[ 98.868959][ T5094] block_write_begin+0x38/0x490
[ 98.873806][ T5094] ? hfs_extend_file+0xb10/0xb10
[ 98.878761][ T5094] cont_write_begin+0x530/0x730
[ 98.883608][ T5094] ? hfs_extend_file+0xb10/0xb10
[ 98.888537][ T5094] ? block_write_begin+0x490/0x490
[ 98.893641][ T5094] ? fault_in_readable+0x106/0x200
[ 98.898747][ T5094] ? fault_in_readable+0x150/0x200
[ 98.903854][ T5094] ? fault_in_subpage_writeable+0x20/0x20
[ 98.909570][ T5094] hfs_write_begin+0x87/0x140
[ 98.914242][ T5094] ? hfs_extend_file+0xb10/0xb10
[ 98.919193][ T5094] generic_perform_write+0x278/0x600
[ 98.924505][ T5094] ? folio_add_wait_queue+0x1c0/0x1c0
[ 98.929872][ T5094] ? generic_update_time+0xcf/0xf0
[ 98.934984][ T5094] ? mnt_put_write_access_file+0x45/0xf0
[ 98.940609][ T5094] __generic_file_write_iter+0x1f9/0x240
[ 98.946257][ T5094] generic_file_write_iter+0xe3/0x350
[ 98.951627][ T5094] vfs_write+0x64f/0xdf0
[ 98.955860][ T5094] ? kernel_write+0x6c0/0x6c0
[ 98.960526][ T5094] ? __fget_light+0x1fc/0x260
[ 98.965199][ T5094] ksys_write+0x12f/0x250
[ 98.969530][ T5094] ? __ia32_sys_read+0xb0/0xb0
[ 98.974283][ T5094] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 98.980517][ T5094] do_syscall_64+0x40/0x110
[ 98.985011][ T5094] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 98.990897][ T5094] RIP: 0033:0x7fc8ca0ec1e9
[ 98.995296][ T5094] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 99.014892][ T5094] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 99.023297][ T5094] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[ 99.031254][ T5094] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 99.039219][ T5094] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[pid 5094] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5094] exit_group(0) = ?
[pid 5094] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 99.047184][ T5094] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 99.055144][ T5094] R13: 0000000000000025 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 99.063134][ T5094]
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./37/bus") = 0
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./37/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./37") = 0
mkdir("./38", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached
, child_tidptr=0x55555665b650) = 5095
[pid 5095] set_robust_list(0x55555665b660, 24) = 0
[pid 5095] chdir("./38") = 0
[pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5095] setpgid(0, 0) = 0
[pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5095] write(3, "1000", 4) = 4
[pid 5095] close(3) = 0
[pid 5095] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5095] memfd_create("syzkaller", 0) = 3
[pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5095] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5095] close(3) = 0
[pid 5095] mkdir("./bus", 0777) = 0
[pid 5095] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5095] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5095] chdir("./bus") = 0
[pid 5095] ioctl(4, LOOP_CLR_FD) = 0
[pid 5095] close(4) = 0
[pid 5095] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5095] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5095] write(5, "9", 1) = 1
[pid 5095] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5095] exit_group(0) = ?
[pid 5095] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 99.317092][ T5095] loop0: detected capacity change from 0 to 64
[ 99.343657][ T5095] hfs: unable to locate alternate MDB
[ 99.349037][ T5095] hfs: continuing without an alternate MDB
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./38/bus") = 0
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./38/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./38") = 0
mkdir("./39", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached
, child_tidptr=0x55555665b650) = 5096
[pid 5096] set_robust_list(0x55555665b660, 24) = 0
[pid 5096] chdir("./39") = 0
[pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5096] setpgid(0, 0) = 0
[pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5096] write(3, "1000", 4) = 4
[pid 5096] close(3) = 0
[pid 5096] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5096] memfd_create("syzkaller", 0) = 3
[pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5096] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5096] close(3) = 0
[pid 5096] mkdir("./bus", 0777) = 0
[pid 5096] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5096] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5096] chdir("./bus") = 0
[pid 5096] ioctl(4, LOOP_CLR_FD) = 0
[pid 5096] close(4) = 0
[ 99.688087][ T5096] loop0: detected capacity change from 0 to 64
[ 99.713236][ T5096] hfs: unable to locate alternate MDB
[ 99.718627][ T5096] hfs: continuing without an alternate MDB
[pid 5096] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5096] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5096] write(5, "9", 1) = 1
[pid 5096] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5096] exit_group(0) = ?
[pid 5096] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./39/bus") = 0
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./39/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./39") = 0
mkdir("./40", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5097 attached
, child_tidptr=0x55555665b650) = 5097
[pid 5097] set_robust_list(0x55555665b660, 24) = 0
[pid 5097] chdir("./40") = 0
[pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5097] setpgid(0, 0) = 0
[pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5097] write(3, "1000", 4) = 4
[pid 5097] close(3) = 0
[pid 5097] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5097] memfd_create("syzkaller", 0) = 3
[pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5097] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5097] close(3) = 0
[pid 5097] mkdir("./bus", 0777) = 0
[pid 5097] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5097] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5097] chdir("./bus") = 0
[pid 5097] ioctl(4, LOOP_CLR_FD) = 0
[pid 5097] close(4) = 0
[pid 5097] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5097] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5097] write(5, "9", 1) = 1
[pid 5097] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5097] exit_group(0) = ?
[pid 5097] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
[ 100.042646][ T5097] loop0: detected capacity change from 0 to 64
[ 100.058084][ T5097] hfs: unable to locate alternate MDB
[ 100.063495][ T5097] hfs: continuing without an alternate MDB
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./40/bus") = 0
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./40/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./40") = 0
mkdir("./41", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached
, child_tidptr=0x55555665b650) = 5098
[pid 5098] set_robust_list(0x55555665b660, 24) = 0
[pid 5098] chdir("./41") = 0
[pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5098] setpgid(0, 0) = 0
[pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5098] write(3, "1000", 4) = 4
[pid 5098] close(3) = 0
[pid 5098] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5098] memfd_create("syzkaller", 0) = 3
[pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5098] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5098] close(3) = 0
[pid 5098] mkdir("./bus", 0777) = 0
[pid 5098] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5098] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5098] chdir("./bus") = 0
[pid 5098] ioctl(4, LOOP_CLR_FD) = 0
[pid 5098] close(4) = 0
[pid 5098] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5098] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5098] write(5, "9", 1) = 1
[ 100.323685][ T5098] loop0: detected capacity change from 0 to 64
[ 100.338115][ T5098] hfs: unable to locate alternate MDB
[ 100.343561][ T5098] hfs: continuing without an alternate MDB
[ 100.386143][ T5098] FAULT_INJECTION: forcing a failure.
[ 100.386143][ T5098] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 100.399539][ T5098] CPU: 1 PID: 5098 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 100.409941][ T5098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 100.419984][ T5098] Call Trace:
[ 100.423252][ T5098]
[ 100.426174][ T5098] dump_stack_lvl+0x125/0x1b0
[ 100.430847][ T5098] should_fail_ex+0x496/0x5b0
[ 100.435519][ T5098] ? fs_reclaim_acquire+0xb0/0x150
[ 100.440622][ T5098] __should_fail_alloc_page+0xe7/0x130
[ 100.446075][ T5098] prepare_alloc_pages.constprop.0+0x16f/0x550
[ 100.452228][ T5098] __alloc_pages+0x193/0x2420
[ 100.456907][ T5098] ? hlock_class+0x4e/0x130
[ 100.461420][ T5098] ? mark_lock+0xb5/0xc50
[ 100.465760][ T5098] ? hlock_class+0x4e/0x130
[ 100.470264][ T5098] ? __lock_acquire+0xc65/0x3b20
[ 100.475204][ T5098] ? warn_alloc+0x3a0/0x3a0
[ 100.479711][ T5098] ? lockdep_hardirqs_on_prepare+0x420/0x420
[ 100.485699][ T5098] ? hlock_class+0x4e/0x130
[ 100.490208][ T5098] ? __lock_acquire+0xc65/0x3b20
[ 100.495157][ T5098] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 100.501053][ T5098] ? policy_nodemask+0x313/0x480
[ 100.505989][ T5098] alloc_pages_mpol+0x258/0x5f0
[ 100.510850][ T5098] ? mempolicy_in_oom_domain+0x150/0x150
[ 100.516486][ T5098] ? xas_descend+0x141/0x4e0
[ 100.521086][ T5098] folio_alloc+0x1e/0xe0
[ 100.525328][ T5098] filemap_alloc_folio+0x3bb/0x490
[ 100.530444][ T5098] ? __probestub_file_check_and_advance_wb_err+0x10/0x10
[ 100.537472][ T5098] ? print_usage_bug.part.0+0x550/0x550
[ 100.543028][ T5098] __filemap_get_folio+0x54c/0xaa0
[ 100.548145][ T5098] pagecache_get_page+0x2c/0x250
[ 100.553092][ T5098] block_write_begin+0x38/0x490
[ 100.557953][ T5098] ? hfs_extend_file+0xb10/0xb10
[ 100.562899][ T5098] cont_write_begin+0x530/0x730
[ 100.567754][ T5098] ? hfs_extend_file+0xb10/0xb10
[ 100.572693][ T5098] ? block_write_begin+0x490/0x490
[ 100.577810][ T5098] ? fault_in_readable+0x106/0x200
[ 100.582932][ T5098] ? fault_in_readable+0x150/0x200
[ 100.588048][ T5098] ? fault_in_subpage_writeable+0x20/0x20
[ 100.593778][ T5098] hfs_write_begin+0x87/0x140
[ 100.598471][ T5098] ? hfs_extend_file+0xb10/0xb10
[ 100.603412][ T5098] generic_perform_write+0x278/0x600
[ 100.608702][ T5098] ? folio_add_wait_queue+0x1c0/0x1c0
[ 100.614082][ T5098] ? generic_update_time+0xcf/0xf0
[ 100.619201][ T5098] ? mnt_put_write_access_file+0x45/0xf0
[ 100.624838][ T5098] __generic_file_write_iter+0x1f9/0x240
[ 100.630478][ T5098] generic_file_write_iter+0xe3/0x350
[ 100.635855][ T5098] vfs_write+0x64f/0xdf0
[ 100.640099][ T5098] ? kernel_write+0x6c0/0x6c0
[ 100.644782][ T5098] ? __fget_light+0x1fc/0x260
[ 100.649459][ T5098] ksys_write+0x12f/0x250
[ 100.653791][ T5098] ? __ia32_sys_read+0xb0/0xb0
[ 100.658553][ T5098] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 100.664796][ T5098] do_syscall_64+0x40/0x110
[ 100.669302][ T5098] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 100.675201][ T5098] RIP: 0033:0x7fc8ca0ec1e9
[ 100.679611][ T5098] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 100.699214][ T5098] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 100.707625][ T5098] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[ 100.715592][ T5098] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 100.723560][ T5098] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[pid 5098] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5098] exit_group(0) = ?
[pid 5098] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} ---
[ 100.731529][ T5098] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 100.739495][ T5098] R13: 0000000000000029 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 100.747466][ T5098]
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./41/bus") = 0
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./41/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./41") = 0
mkdir("./42", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555665b650) = 5099
./strace-static-x86_64: Process 5099 attached
[pid 5099] set_robust_list(0x55555665b660, 24) = 0
[pid 5099] chdir("./42") = 0
[pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5099] setpgid(0, 0) = 0
[pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5099] write(3, "1000", 4) = 4
[pid 5099] close(3) = 0
[pid 5099] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5099] memfd_create("syzkaller", 0) = 3
[pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5099] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5099] close(3) = 0
[pid 5099] mkdir("./bus", 0777) = 0
[pid 5099] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5099] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5099] chdir("./bus") = 0
[pid 5099] ioctl(4, LOOP_CLR_FD) = 0
[pid 5099] close(4) = 0
[pid 5099] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 100.956821][ T5099] loop0: detected capacity change from 0 to 64
[ 100.972544][ T5099] hfs: unable to locate alternate MDB
[ 100.977922][ T5099] hfs: continuing without an alternate MDB
[pid 5099] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5099] write(5, "9", 1) = 1
[ 101.041040][ T5099] FAULT_INJECTION: forcing a failure.
[ 101.041040][ T5099] name failslab, interval 1, probability 0, space 0, times 0
[ 101.053685][ T5099] CPU: 0 PID: 5099 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 101.064098][ T5099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 101.074138][ T5099] Call Trace:
[ 101.077416][ T5099]
[ 101.080334][ T5099] dump_stack_lvl+0x125/0x1b0
[ 101.085014][ T5099] should_fail_ex+0x496/0x5b0
[ 101.089708][ T5099] should_failslab+0x9/0x20
[ 101.094207][ T5099] __kmem_cache_alloc_node+0x5f/0x460
[ 101.099592][ T5099] ? hfs_find_init+0x95/0x220
[ 101.104284][ T5099] __kmalloc+0x49/0x90
[ 101.108347][ T5099] hfs_find_init+0x95/0x220
[ 101.112845][ T5099] hfs_ext_read_extent+0x19c/0x9d0
[ 101.117949][ T5099] ? mutex_trylock+0x130/0x130
[ 101.122726][ T5099] ? hfs_free_extents+0x2f0/0x2f0
[ 101.127746][ T5099] ? clean_bdev_aliases+0x50e/0x610
[ 101.132953][ T5099] hfs_extend_file+0x4e0/0xb10
[ 101.137709][ T5099] ? reacquire_held_locks+0x4c0/0x4c0
[ 101.143076][ T5099] ? hfs_free_fork+0x900/0x900
[ 101.147862][ T5099] hfs_get_block+0x17f/0x820
[ 101.152446][ T5099] ? hfs_extend_file+0xb10/0xb10
[ 101.157388][ T5099] __block_write_begin_int+0x3c0/0x1560
[ 101.162935][ T5099] ? hfs_extend_file+0xb10/0xb10
[ 101.167867][ T5099] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 101.173408][ T5099] block_write_begin+0xb1/0x490
[ 101.178262][ T5099] ? hfs_extend_file+0xb10/0xb10
[ 101.183476][ T5099] cont_write_begin+0x530/0x730
[ 101.188319][ T5099] ? hfs_extend_file+0xb10/0xb10
[ 101.193251][ T5099] ? block_write_begin+0x490/0x490
[ 101.198358][ T5099] ? fault_in_readable+0x106/0x200
[ 101.203464][ T5099] ? fault_in_readable+0x150/0x200
[ 101.208569][ T5099] ? fault_in_subpage_writeable+0x20/0x20
[ 101.214285][ T5099] hfs_write_begin+0x87/0x140
[ 101.218955][ T5099] ? hfs_extend_file+0xb10/0xb10
[ 101.223911][ T5099] generic_perform_write+0x278/0x600
[ 101.229192][ T5099] ? folio_add_wait_queue+0x1c0/0x1c0
[ 101.234560][ T5099] ? generic_update_time+0xcf/0xf0
[ 101.239674][ T5099] ? mnt_put_write_access_file+0x45/0xf0
[ 101.245305][ T5099] __generic_file_write_iter+0x1f9/0x240
[ 101.250940][ T5099] generic_file_write_iter+0xe3/0x350
[ 101.256327][ T5099] vfs_write+0x64f/0xdf0
[ 101.260564][ T5099] ? kernel_write+0x6c0/0x6c0
[ 101.265250][ T5099] ? __fget_light+0x1fc/0x260
[ 101.269923][ T5099] ksys_write+0x12f/0x250
[ 101.274269][ T5099] ? __ia32_sys_read+0xb0/0xb0
[ 101.279039][ T5099] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 101.285274][ T5099] do_syscall_64+0x40/0x110
[ 101.289774][ T5099] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 101.295670][ T5099] RIP: 0033:0x7fc8ca0ec1e9
[ 101.300090][ T5099] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 101.319688][ T5099] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 101.328099][ T5099] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5099] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5099] exit_group(0) = ?
[pid 5099] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
[ 101.336077][ T5099] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 101.344059][ T5099] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 101.352025][ T5099] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 101.359988][ T5099] R13: 000000000000002a R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 101.367950][ T5099]
umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./42/bus") = 0
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./42/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./42") = 0
mkdir("./43", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5100 attached
, child_tidptr=0x55555665b650) = 5100
[pid 5100] set_robust_list(0x55555665b660, 24) = 0
[pid 5100] chdir("./43") = 0
[pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5100] setpgid(0, 0) = 0
[pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5100] write(3, "1000", 4) = 4
[pid 5100] close(3) = 0
[pid 5100] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5100] memfd_create("syzkaller", 0) = 3
[pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5100] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5100] close(3) = 0
[pid 5100] mkdir("./bus", 0777) = 0
[pid 5100] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5100] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5100] chdir("./bus") = 0
[pid 5100] ioctl(4, LOOP_CLR_FD) = 0
[pid 5100] close(4) = 0
[pid 5100] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5100] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5100] write(5, "9", 1) = 1
[ 101.589701][ T5100] loop0: detected capacity change from 0 to 64
[ 101.606067][ T5100] hfs: unable to locate alternate MDB
[ 101.611558][ T5100] hfs: continuing without an alternate MDB
[ 101.666867][ T5100] FAULT_INJECTION: forcing a failure.
[ 101.666867][ T5100] name failslab, interval 1, probability 0, space 0, times 0
[ 101.679636][ T5100] CPU: 0 PID: 5100 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 101.690041][ T5100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 101.700083][ T5100] Call Trace:
[ 101.703378][ T5100]
[ 101.706297][ T5100] dump_stack_lvl+0x125/0x1b0
[ 101.710991][ T5100] should_fail_ex+0x496/0x5b0
[ 101.715667][ T5100] should_failslab+0x9/0x20
[ 101.720160][ T5100] __kmem_cache_alloc_node+0x5f/0x460
[ 101.725532][ T5100] ? hfs_find_init+0x95/0x220
[ 101.730203][ T5100] __kmalloc+0x49/0x90
[ 101.734306][ T5100] hfs_find_init+0x95/0x220
[ 101.738844][ T5100] hfs_ext_read_extent+0x19c/0x9d0
[ 101.743969][ T5100] ? mutex_trylock+0x130/0x130
[ 101.748756][ T5100] ? hfs_free_extents+0x2f0/0x2f0
[ 101.753784][ T5100] ? clean_bdev_aliases+0x50e/0x610
[ 101.758982][ T5100] hfs_extend_file+0x4e0/0xb10
[ 101.763766][ T5100] ? reacquire_held_locks+0x4c0/0x4c0
[ 101.769139][ T5100] ? hfs_free_fork+0x900/0x900
[ 101.774097][ T5100] hfs_get_block+0x17f/0x820
[ 101.778690][ T5100] ? hfs_extend_file+0xb10/0xb10
[ 101.783624][ T5100] __block_write_begin_int+0x3c0/0x1560
[ 101.789165][ T5100] ? hfs_extend_file+0xb10/0xb10
[ 101.794096][ T5100] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 101.799636][ T5100] block_write_begin+0xb1/0x490
[ 101.804481][ T5100] ? hfs_extend_file+0xb10/0xb10
[ 101.809410][ T5100] cont_write_begin+0x530/0x730
[ 101.814253][ T5100] ? hfs_extend_file+0xb10/0xb10
[ 101.819183][ T5100] ? block_write_begin+0x490/0x490
[ 101.824289][ T5100] ? fault_in_readable+0x106/0x200
[ 101.829400][ T5100] ? fault_in_readable+0x150/0x200
[ 101.834506][ T5100] ? fault_in_subpage_writeable+0x20/0x20
[ 101.840230][ T5100] hfs_write_begin+0x87/0x140
[ 101.844923][ T5100] ? hfs_extend_file+0xb10/0xb10
[ 101.849854][ T5100] generic_perform_write+0x278/0x600
[ 101.855136][ T5100] ? folio_add_wait_queue+0x1c0/0x1c0
[ 101.860503][ T5100] ? generic_update_time+0xcf/0xf0
[ 101.865612][ T5100] ? mnt_put_write_access_file+0x45/0xf0
[ 101.871239][ T5100] __generic_file_write_iter+0x1f9/0x240
[ 101.876876][ T5100] generic_file_write_iter+0xe3/0x350
[ 101.882246][ T5100] vfs_write+0x64f/0xdf0
[ 101.886491][ T5100] ? kernel_write+0x6c0/0x6c0
[ 101.891201][ T5100] ? __fget_light+0x1fc/0x260
[ 101.895866][ T5100] ksys_write+0x12f/0x250
[ 101.900190][ T5100] ? __ia32_sys_read+0xb0/0xb0
[ 101.904960][ T5100] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 101.911199][ T5100] do_syscall_64+0x40/0x110
[ 101.915696][ T5100] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 101.921585][ T5100] RIP: 0033:0x7fc8ca0ec1e9
[ 101.925991][ T5100] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 101.945592][ T5100] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 101.953992][ T5100] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5100] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5100] exit_group(0) = ?
[pid 5100] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 101.961955][ T5100] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 101.969922][ T5100] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 101.977879][ T5100] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 101.985838][ T5100] R13: 000000000000002b R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 101.993802][ T5100]
umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./43/bus") = 0
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./43/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./43") = 0
mkdir("./44", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5101 attached
, child_tidptr=0x55555665b650) = 5101
[pid 5101] set_robust_list(0x55555665b660, 24) = 0
[pid 5101] chdir("./44") = 0
[pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5101] setpgid(0, 0) = 0
[pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5101] write(3, "1000", 4) = 4
[pid 5101] close(3) = 0
[pid 5101] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5101] memfd_create("syzkaller", 0) = 3
[pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5101] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5101] close(3) = 0
[pid 5101] mkdir("./bus", 0777) = 0
[pid 5101] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5101] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5101] chdir("./bus") = 0
[pid 5101] ioctl(4, LOOP_CLR_FD) = 0
[pid 5101] close(4) = 0
[pid 5101] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5101] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 102.249711][ T5101] loop0: detected capacity change from 0 to 64
[ 102.260904][ T5101] hfs: unable to locate alternate MDB
[ 102.266288][ T5101] hfs: continuing without an alternate MDB
[pid 5101] write(5, "9", 1) = 1
[ 102.323811][ T5101] FAULT_INJECTION: forcing a failure.
[ 102.323811][ T5101] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 102.337080][ T5101] CPU: 0 PID: 5101 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 102.347503][ T5101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 102.357551][ T5101] Call Trace:
[ 102.360820][ T5101]
[ 102.363739][ T5101] dump_stack_lvl+0x125/0x1b0
[ 102.368411][ T5101] should_fail_ex+0x496/0x5b0
[ 102.373085][ T5101] ? fs_reclaim_acquire+0xb0/0x150
[ 102.378209][ T5101] __should_fail_alloc_page+0xe7/0x130
[ 102.383664][ T5101] prepare_alloc_pages.constprop.0+0x16f/0x550
[ 102.389811][ T5101] __alloc_pages+0x193/0x2420
[ 102.394487][ T5101] ? hlock_class+0x4e/0x130
[ 102.399009][ T5101] ? mark_lock+0xb5/0xc50
[ 102.403364][ T5101] ? hlock_class+0x4e/0x130
[ 102.407858][ T5101] ? __lock_acquire+0xc65/0x3b20
[ 102.412790][ T5101] ? warn_alloc+0x3a0/0x3a0
[ 102.417286][ T5101] ? lockdep_hardirqs_on_prepare+0x420/0x420
[ 102.423264][ T5101] ? hlock_class+0x4e/0x130
[ 102.427762][ T5101] ? __lock_acquire+0xc65/0x3b20
[ 102.432692][ T5101] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 102.438578][ T5101] ? policy_nodemask+0x313/0x480
[ 102.443545][ T5101] alloc_pages_mpol+0x258/0x5f0
[ 102.448408][ T5101] ? mempolicy_in_oom_domain+0x150/0x150
[ 102.454032][ T5101] ? xas_descend+0x141/0x4e0
[ 102.458627][ T5101] folio_alloc+0x1e/0xe0
[ 102.462860][ T5101] filemap_alloc_folio+0x3bb/0x490
[ 102.467985][ T5101] ? __probestub_file_check_and_advance_wb_err+0x10/0x10
[ 102.475026][ T5101] ? print_usage_bug.part.0+0x550/0x550
[ 102.480569][ T5101] __filemap_get_folio+0x54c/0xaa0
[ 102.485682][ T5101] pagecache_get_page+0x2c/0x250
[ 102.490618][ T5101] block_write_begin+0x38/0x490
[ 102.495467][ T5101] ? hfs_extend_file+0xb10/0xb10
[ 102.500403][ T5101] cont_write_begin+0x530/0x730
[ 102.505249][ T5101] ? hfs_extend_file+0xb10/0xb10
[ 102.510188][ T5101] ? block_write_begin+0x490/0x490
[ 102.515307][ T5101] ? fault_in_readable+0x106/0x200
[ 102.520419][ T5101] ? fault_in_readable+0x150/0x200
[ 102.525538][ T5101] ? fault_in_subpage_writeable+0x20/0x20
[ 102.531279][ T5101] hfs_write_begin+0x87/0x140
[ 102.535948][ T5101] ? hfs_extend_file+0xb10/0xb10
[ 102.540881][ T5101] generic_perform_write+0x278/0x600
[ 102.546160][ T5101] ? folio_add_wait_queue+0x1c0/0x1c0
[ 102.551550][ T5101] ? generic_update_time+0xcf/0xf0
[ 102.556654][ T5101] ? mnt_put_write_access_file+0x45/0xf0
[ 102.562282][ T5101] __generic_file_write_iter+0x1f9/0x240
[ 102.567909][ T5101] generic_file_write_iter+0xe3/0x350
[ 102.573276][ T5101] vfs_write+0x64f/0xdf0
[ 102.577515][ T5101] ? kernel_write+0x6c0/0x6c0
[ 102.582202][ T5101] ? __fget_light+0x1fc/0x260
[ 102.586888][ T5101] ksys_write+0x12f/0x250
[ 102.591211][ T5101] ? __ia32_sys_read+0xb0/0xb0
[ 102.595982][ T5101] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 102.602241][ T5101] do_syscall_64+0x40/0x110
[ 102.606735][ T5101] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 102.612625][ T5101] RIP: 0033:0x7fc8ca0ec1e9
[ 102.617025][ T5101] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 102.636622][ T5101] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 102.645026][ T5101] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[ 102.653006][ T5101] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 102.660968][ T5101] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[pid 5101] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5101] exit_group(0) = ?
[pid 5101] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 102.668931][ T5101] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 102.676914][ T5101] R13: 000000000000002c R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 102.684876][ T5101]
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./44/bus") = 0
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./44/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./44") = 0
mkdir("./45", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached
, child_tidptr=0x55555665b650) = 5102
[pid 5102] set_robust_list(0x55555665b660, 24) = 0
[pid 5102] chdir("./45") = 0
[pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5102] setpgid(0, 0) = 0
[pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5102] write(3, "1000", 4) = 4
[pid 5102] close(3) = 0
[pid 5102] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5102] memfd_create("syzkaller", 0) = 3
[pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5102] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5102] close(3) = 0
[pid 5102] mkdir("./bus", 0777) = 0
[pid 5102] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5102] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5102] chdir("./bus") = 0
[pid 5102] ioctl(4, LOOP_CLR_FD) = 0
[pid 5102] close(4) = 0
[pid 5102] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 102.915192][ T5102] loop0: detected capacity change from 0 to 64
[ 102.932159][ T5102] hfs: unable to locate alternate MDB
[ 102.937542][ T5102] hfs: continuing without an alternate MDB
[pid 5102] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5102] write(5, "9", 1) = 1
[pid 5102] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5102] exit_group(0) = ?
[pid 5102] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./45/bus") = 0
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./45/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./45") = 0
mkdir("./46", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5103 attached
, child_tidptr=0x55555665b650) = 5103
[pid 5103] set_robust_list(0x55555665b660, 24) = 0
[pid 5103] chdir("./46") = 0
[pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5103] setpgid(0, 0) = 0
[pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5103] write(3, "1000", 4) = 4
[pid 5103] close(3) = 0
[pid 5103] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5103] memfd_create("syzkaller", 0) = 3
[pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5103] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5103] close(3) = 0
[pid 5103] mkdir("./bus", 0777) = 0
[pid 5103] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5103] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5103] chdir("./bus") = 0
[pid 5103] ioctl(4, LOOP_CLR_FD) = 0
[pid 5103] close(4) = 0
[pid 5103] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 103.206103][ T5103] loop0: detected capacity change from 0 to 64
[ 103.222043][ T5103] hfs: unable to locate alternate MDB
[ 103.227474][ T5103] hfs: continuing without an alternate MDB
[pid 5103] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5103] write(5, "9", 1) = 1
[ 103.294495][ T5103] FAULT_INJECTION: forcing a failure.
[ 103.294495][ T5103] name failslab, interval 1, probability 0, space 0, times 0
[ 103.307449][ T5103] CPU: 1 PID: 5103 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 103.317879][ T5103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 103.327923][ T5103] Call Trace:
[ 103.331195][ T5103]
[ 103.334117][ T5103] dump_stack_lvl+0x125/0x1b0
[ 103.338787][ T5103] should_fail_ex+0x496/0x5b0
[ 103.343467][ T5103] should_failslab+0x9/0x20
[ 103.347982][ T5103] __kmem_cache_alloc_node+0x5f/0x460
[ 103.353377][ T5103] ? hfs_find_init+0x95/0x220
[ 103.358064][ T5103] __kmalloc+0x49/0x90
[ 103.362126][ T5103] hfs_find_init+0x95/0x220
[ 103.366635][ T5103] hfs_ext_read_extent+0x19c/0x9d0
[ 103.371778][ T5103] ? mutex_trylock+0x130/0x130
[ 103.376535][ T5103] ? hfs_free_extents+0x2f0/0x2f0
[ 103.381556][ T5103] ? clean_bdev_aliases+0x50e/0x610
[ 103.386746][ T5103] hfs_extend_file+0x4e0/0xb10
[ 103.391502][ T5103] ? reacquire_held_locks+0x4c0/0x4c0
[ 103.396868][ T5103] ? hfs_free_fork+0x900/0x900
[ 103.401639][ T5103] hfs_get_block+0x17f/0x820
[ 103.406263][ T5103] ? hfs_extend_file+0xb10/0xb10
[ 103.411205][ T5103] __block_write_begin_int+0x3c0/0x1560
[ 103.416760][ T5103] ? hfs_extend_file+0xb10/0xb10
[ 103.421703][ T5103] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 103.427258][ T5103] block_write_begin+0xb1/0x490
[ 103.432113][ T5103] ? hfs_extend_file+0xb10/0xb10
[ 103.437058][ T5103] cont_write_begin+0x530/0x730
[ 103.441917][ T5103] ? hfs_extend_file+0xb10/0xb10
[ 103.446865][ T5103] ? block_write_begin+0x490/0x490
[ 103.451985][ T5103] ? fault_in_readable+0x106/0x200
[ 103.457107][ T5103] ? fault_in_readable+0x150/0x200
[ 103.462236][ T5103] ? fault_in_subpage_writeable+0x20/0x20
[ 103.467967][ T5103] hfs_write_begin+0x87/0x140
[ 103.472657][ T5103] ? hfs_extend_file+0xb10/0xb10
[ 103.477601][ T5103] generic_perform_write+0x278/0x600
[ 103.482895][ T5103] ? folio_add_wait_queue+0x1c0/0x1c0
[ 103.488279][ T5103] ? generic_update_time+0xcf/0xf0
[ 103.493396][ T5103] ? mnt_put_write_access_file+0x45/0xf0
[ 103.499037][ T5103] __generic_file_write_iter+0x1f9/0x240
[ 103.504678][ T5103] generic_file_write_iter+0xe3/0x350
[ 103.510061][ T5103] vfs_write+0x64f/0xdf0
[ 103.514309][ T5103] ? kernel_write+0x6c0/0x6c0
[ 103.519011][ T5103] ? __fget_light+0x1fc/0x260
[ 103.523704][ T5103] ksys_write+0x12f/0x250
[ 103.528045][ T5103] ? __ia32_sys_read+0xb0/0xb0
[ 103.532810][ T5103] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 103.539054][ T5103] do_syscall_64+0x40/0x110
[ 103.543571][ T5103] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 103.549477][ T5103] RIP: 0033:0x7fc8ca0ec1e9
[ 103.553894][ T5103] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 103.573500][ T5103] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 103.581914][ T5103] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5103] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5103] exit_group(0) = ?
[pid 5103] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
[ 103.589883][ T5103] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 103.597853][ T5103] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 103.605821][ T5103] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 103.613794][ T5103] R13: 000000000000002e R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 103.621768][ T5103]
umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./46/bus") = 0
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./46/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./46") = 0
mkdir("./47", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached
, child_tidptr=0x55555665b650) = 5104
[pid 5104] set_robust_list(0x55555665b660, 24) = 0
[pid 5104] chdir("./47") = 0
[pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5104] setpgid(0, 0) = 0
[pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5104] write(3, "1000", 4) = 4
[pid 5104] close(3) = 0
[pid 5104] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5104] memfd_create("syzkaller", 0) = 3
[pid 5104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5104] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5104] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5104] close(3) = 0
[pid 5104] mkdir("./bus", 0777) = 0
[pid 5104] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5104] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5104] chdir("./bus") = 0
[pid 5104] ioctl(4, LOOP_CLR_FD) = 0
[pid 5104] close(4) = 0
[pid 5104] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5104] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 103.819254][ T5104] loop0: detected capacity change from 0 to 64
[ 103.841656][ T5104] hfs: unable to locate alternate MDB
[ 103.847055][ T5104] hfs: continuing without an alternate MDB
[pid 5104] write(5, "9", 1) = 1
[ 103.901471][ T5104] FAULT_INJECTION: forcing a failure.
[ 103.901471][ T5104] name failslab, interval 1, probability 0, space 0, times 0
[ 103.914148][ T5104] CPU: 1 PID: 5104 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 103.924576][ T5104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 103.934621][ T5104] Call Trace:
[ 103.937895][ T5104]
[ 103.940834][ T5104] dump_stack_lvl+0x125/0x1b0
[ 103.945507][ T5104] should_fail_ex+0x496/0x5b0
[ 103.950182][ T5104] should_failslab+0x9/0x20
[ 103.954687][ T5104] __kmem_cache_alloc_node+0x5f/0x460
[ 103.960057][ T5104] ? hfs_find_init+0x95/0x220
[ 103.964729][ T5104] __kmalloc+0x49/0x90
[ 103.968786][ T5104] hfs_find_init+0x95/0x220
[ 103.973292][ T5104] hfs_ext_read_extent+0x19c/0x9d0
[ 103.978420][ T5104] ? mutex_trylock+0x130/0x130
[ 103.983177][ T5104] ? hfs_free_extents+0x2f0/0x2f0
[ 103.988194][ T5104] ? clean_bdev_aliases+0x50e/0x610
[ 103.993390][ T5104] hfs_extend_file+0x4e0/0xb10
[ 103.998153][ T5104] ? reacquire_held_locks+0x4c0/0x4c0
[ 104.003521][ T5104] ? hfs_free_fork+0x900/0x900
[ 104.008278][ T5104] hfs_get_block+0x17f/0x820
[ 104.012862][ T5104] ? hfs_extend_file+0xb10/0xb10
[ 104.017794][ T5104] __block_write_begin_int+0x3c0/0x1560
[ 104.023355][ T5104] ? hfs_extend_file+0xb10/0xb10
[ 104.028298][ T5104] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 104.033839][ T5104] block_write_begin+0xb1/0x490
[ 104.038681][ T5104] ? hfs_extend_file+0xb10/0xb10
[ 104.043620][ T5104] cont_write_begin+0x530/0x730
[ 104.048487][ T5104] ? hfs_extend_file+0xb10/0xb10
[ 104.053416][ T5104] ? block_write_begin+0x490/0x490
[ 104.058525][ T5104] ? fault_in_readable+0x106/0x200
[ 104.063633][ T5104] ? fault_in_readable+0x150/0x200
[ 104.068741][ T5104] ? fault_in_subpage_writeable+0x20/0x20
[ 104.074460][ T5104] hfs_write_begin+0x87/0x140
[ 104.079133][ T5104] ? hfs_extend_file+0xb10/0xb10
[ 104.084087][ T5104] generic_perform_write+0x278/0x600
[ 104.089367][ T5104] ? folio_add_wait_queue+0x1c0/0x1c0
[ 104.094735][ T5104] ? generic_update_time+0xcf/0xf0
[ 104.099860][ T5104] ? mnt_put_write_access_file+0x45/0xf0
[ 104.105489][ T5104] __generic_file_write_iter+0x1f9/0x240
[ 104.111120][ T5104] generic_file_write_iter+0xe3/0x350
[ 104.116491][ T5104] vfs_write+0x64f/0xdf0
[ 104.120731][ T5104] ? kernel_write+0x6c0/0x6c0
[ 104.125404][ T5104] ? __fget_light+0x1fc/0x260
[ 104.130071][ T5104] ksys_write+0x12f/0x250
[ 104.134391][ T5104] ? __ia32_sys_read+0xb0/0xb0
[ 104.139171][ T5104] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 104.145407][ T5104] do_syscall_64+0x40/0x110
[ 104.149920][ T5104] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 104.155828][ T5104] RIP: 0033:0x7fc8ca0ec1e9
[ 104.160239][ T5104] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 104.179840][ T5104] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 104.188243][ T5104] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[pid 5104] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5104] exit_group(0) = ?
[pid 5104] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 104.196204][ T5104] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 104.204181][ T5104] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 104.212159][ T5104] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 104.220119][ T5104] R13: 000000000000002f R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 104.228082][ T5104]
newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./47/bus") = 0
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./47/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./47") = 0
mkdir("./48", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5105 attached
, child_tidptr=0x55555665b650) = 5105
[pid 5105] set_robust_list(0x55555665b660, 24) = 0
[pid 5105] chdir("./48") = 0
[pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5105] setpgid(0, 0) = 0
[pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5105] write(3, "1000", 4) = 4
[pid 5105] close(3) = 0
[pid 5105] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5105] memfd_create("syzkaller", 0) = 3
[pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5105] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5105] close(3) = 0
[pid 5105] mkdir("./bus", 0777) = 0
[pid 5105] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5105] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5105] chdir("./bus") = 0
[pid 5105] ioctl(4, LOOP_CLR_FD) = 0
[pid 5105] close(4) = 0
[pid 5105] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5105] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5105] write(5, "9", 1) = 1
[ 104.431183][ T5105] loop0: detected capacity change from 0 to 64
[ 104.446043][ T5105] hfs: unable to locate alternate MDB
[ 104.451564][ T5105] hfs: continuing without an alternate MDB
[ 104.488852][ T5105] FAULT_INJECTION: forcing a failure.
[ 104.488852][ T5105] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 104.502180][ T5105] CPU: 1 PID: 5105 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 104.512589][ T5105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 104.522647][ T5105] Call Trace:
[ 104.525915][ T5105]
[ 104.528831][ T5105] dump_stack_lvl+0x125/0x1b0
[ 104.533505][ T5105] should_fail_ex+0x496/0x5b0
[ 104.538180][ T5105] ? fs_reclaim_acquire+0xb0/0x150
[ 104.543299][ T5105] __should_fail_alloc_page+0xe7/0x130
[ 104.548784][ T5105] prepare_alloc_pages.constprop.0+0x16f/0x550
[ 104.554945][ T5105] __alloc_pages+0x193/0x2420
[ 104.559631][ T5105] ? hlock_class+0x4e/0x130
[ 104.564128][ T5105] ? mark_lock+0xb5/0xc50
[ 104.568453][ T5105] ? hlock_class+0x4e/0x130
[ 104.572947][ T5105] ? __lock_acquire+0xc65/0x3b20
[ 104.577881][ T5105] ? warn_alloc+0x3a0/0x3a0
[ 104.582376][ T5105] ? lockdep_hardirqs_on_prepare+0x420/0x420
[ 104.588354][ T5105] ? hlock_class+0x4e/0x130
[ 104.592853][ T5105] ? __lock_acquire+0xc65/0x3b20
[ 104.597785][ T5105] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 104.603670][ T5105] ? policy_nodemask+0x313/0x480
[ 104.608594][ T5105] alloc_pages_mpol+0x258/0x5f0
[ 104.613436][ T5105] ? mempolicy_in_oom_domain+0x150/0x150
[ 104.619064][ T5105] ? xas_descend+0x141/0x4e0
[ 104.623668][ T5105] folio_alloc+0x1e/0xe0
[ 104.627923][ T5105] filemap_alloc_folio+0x3bb/0x490
[ 104.633029][ T5105] ? __probestub_file_check_and_advance_wb_err+0x10/0x10
[ 104.640042][ T5105] ? print_usage_bug.part.0+0x550/0x550
[ 104.645596][ T5105] __filemap_get_folio+0x54c/0xaa0
[ 104.650706][ T5105] pagecache_get_page+0x2c/0x250
[ 104.655635][ T5105] block_write_begin+0x38/0x490
[ 104.660483][ T5105] ? hfs_extend_file+0xb10/0xb10
[ 104.665417][ T5105] cont_write_begin+0x530/0x730
[ 104.670269][ T5105] ? hfs_extend_file+0xb10/0xb10
[ 104.675210][ T5105] ? block_write_begin+0x490/0x490
[ 104.680323][ T5105] ? fault_in_readable+0x106/0x200
[ 104.685453][ T5105] ? fault_in_readable+0x150/0x200
[ 104.690560][ T5105] ? fault_in_subpage_writeable+0x20/0x20
[ 104.696276][ T5105] hfs_write_begin+0x87/0x140
[ 104.700954][ T5105] ? hfs_extend_file+0xb10/0xb10
[ 104.705896][ T5105] generic_perform_write+0x278/0x600
[ 104.711183][ T5105] ? folio_add_wait_queue+0x1c0/0x1c0
[ 104.716545][ T5105] ? generic_update_time+0xcf/0xf0
[ 104.721652][ T5105] ? mnt_put_write_access_file+0x45/0xf0
[ 104.727277][ T5105] __generic_file_write_iter+0x1f9/0x240
[ 104.732907][ T5105] generic_file_write_iter+0xe3/0x350
[ 104.738274][ T5105] vfs_write+0x64f/0xdf0
[ 104.742511][ T5105] ? kernel_write+0x6c0/0x6c0
[ 104.747177][ T5105] ? __fget_light+0x1fc/0x260
[ 104.751850][ T5105] ksys_write+0x12f/0x250
[ 104.756172][ T5105] ? __ia32_sys_read+0xb0/0xb0
[ 104.760928][ T5105] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 104.767162][ T5105] do_syscall_64+0x40/0x110
[ 104.771663][ T5105] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 104.777552][ T5105] RIP: 0033:0x7fc8ca0ec1e9
[ 104.781954][ T5105] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 104.801550][ T5105] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 104.809952][ T5105] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[ 104.817956][ T5105] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 104.825924][ T5105] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[pid 5105] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 12288
[pid 5105] exit_group(0) = ?
[pid 5105] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
[ 104.833891][ T5105] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 104.841872][ T5105] R13: 0000000000000030 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 104.849835][ T5105]
umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./48/bus") = 0
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./48/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./48") = 0
mkdir("./49", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5106 attached
[pid 5106] set_robust_list(0x55555665b660, 24) = 0
[pid 5106] chdir("./49"
[pid 5053] <... clone resumed>, child_tidptr=0x55555665b650) = 5106
[pid 5106] <... chdir resumed>) = 0
[pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5106] setpgid(0, 0) = 0
[pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5106] write(3, "1000", 4) = 4
[pid 5106] close(3) = 0
[pid 5106] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5106] memfd_create("syzkaller", 0) = 3
[pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5106] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5106] close(3) = 0
[pid 5106] mkdir("./bus", 0777) = 0
[pid 5106] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5106] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5106] chdir("./bus") = 0
[pid 5106] ioctl(4, LOOP_CLR_FD) = 0
[pid 5106] close(4) = 0
[pid 5106] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[ 105.082503][ T5106] loop0: detected capacity change from 0 to 64
[ 105.109778][ T5106] hfs: unable to locate alternate MDB
[ 105.115295][ T5106] hfs: continuing without an alternate MDB
[pid 5106] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5106] write(5, "9", 1) = 1
[pid 5106] write(4, "\x1c\xef\xc4\xc4\x19\xfd\xb8\xd6\x6b\x12\xa7\xbb\xf3\x71\xd0\x56\xad\x6f\x01\xe9\x76\x2d\x70\x40\x1d\x1c\x9d\x33\x1b\x48\xb9\x25\xe9\xe6\xa7\x75\x9a\xbb\x20\x6b\x9b\x18\xbf\xc3\xf3\xf9\x6a\xdb\x2b\x37\xc2\x12\x1e\xf2\x1e\x91\xba\xc7\x68\xdd\x33\xdf\x29\x64\x9d\xa1\xd8\x2e\x82\x6a\x55\xc4\xd6\x20\xb6\xf5\x10\xda\xee\x26\x00\x4b\x74\x1c\x95\x1d\x52\x8d\x80\x6e\xfb\xe0\x0c\x43\x9f\x2d\xf4\x6d\x3a\xdf"..., 1048064) = 28672
[pid 5106] exit_group(0) = ?
[pid 5106] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555665c6f0 /* 4 entries */, 32768) = 104
umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555556664730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556664730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./49/bus") = 0
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./49/binderfs") = 0
getdents64(3, 0x55555665c6f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./49") = 0
mkdir("./50", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555665b650) = 5107
./strace-static-x86_64: Process 5107 attached
[pid 5107] set_robust_list(0x55555665b660, 24) = 0
[pid 5107] chdir("./50") = 0
[pid 5107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5107] setpgid(0, 0) = 0
[pid 5107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5107] write(3, "1000", 4) = 4
[pid 5107] close(3) = 0
[pid 5107] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5107] memfd_create("syzkaller", 0) = 3
[pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc8c1cad000
[pid 5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid 5107] munmap(0x7fc8c1cad000, 138412032) = 0
[pid 5107] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5107] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5107] close(3) = 0
[pid 5107] mkdir("./bus", 0777) = 0
[pid 5107] mount("/dev/loop0", "./bus", "hfs", MS_REC, "") = 0
[pid 5107] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5107] chdir("./bus") = 0
[pid 5107] ioctl(4, LOOP_CLR_FD) = 0
[pid 5107] close(4) = 0
[pid 5107] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid 5107] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[ 105.292482][ T5107] loop0: detected capacity change from 0 to 64
[ 105.312110][ T5107] hfs: unable to locate alternate MDB
[ 105.317485][ T5107] hfs: continuing without an alternate MDB
[pid 5107] write(5, "9", 1) = 1
[ 105.380002][ T5107] FAULT_INJECTION: forcing a failure.
[ 105.380002][ T5107] name failslab, interval 1, probability 0, space 0, times 0
[ 105.392980][ T5107] CPU: 1 PID: 5107 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 105.403402][ T5107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 105.413460][ T5107] Call Trace:
[ 105.416731][ T5107]
[ 105.419652][ T5107] dump_stack_lvl+0x125/0x1b0
[ 105.424325][ T5107] should_fail_ex+0x496/0x5b0
[ 105.429004][ T5107] should_failslab+0x9/0x20
[ 105.433519][ T5107] __kmem_cache_alloc_node+0x5f/0x460
[ 105.438892][ T5107] ? __read_once_word_nocheck+0x9/0x10
[ 105.444344][ T5107] ? __hfs_bnode_create+0x108/0x850
[ 105.449552][ T5107] __kmalloc+0x49/0x90
[ 105.453645][ T5107] __hfs_bnode_create+0x108/0x850
[ 105.458680][ T5107] ? hfs_brec_goto+0x5e0/0x5e0
[ 105.463450][ T5107] ? reacquire_held_locks+0x4c0/0x4c0
[ 105.468836][ T5107] ? do_raw_spin_lock+0x12e/0x2b0
[ 105.473868][ T5107] ? spin_bug+0x1d0/0x1d0
[ 105.478205][ T5107] hfs_bnode_find+0x2cf/0xcb0
[ 105.482895][ T5107] ? write_profile+0x450/0x450
[ 105.487655][ T5107] ? is_dynamic_key+0x200/0x200
[ 105.492513][ T5107] ? __kernel_text_address+0xd/0x30
[ 105.497719][ T5107] ? hfs_bnode_put.part.0+0x280/0x280
[ 105.503109][ T5107] ? arch_stack_walk+0x112/0x170
[ 105.508052][ T5107] ? hlock_class+0x4e/0x130
[ 105.512558][ T5107] ? __lock_acquire+0x14f0/0x3b20
[ 105.517588][ T5107] ? hfs_bmap_reserve+0x2b6/0x370
[ 105.522620][ T5107] hfs_bmap_alloc+0x10a/0x880
[ 105.527306][ T5107] ? hfs_bmap_reserve+0x370/0x370
[ 105.532337][ T5107] ? lock_acquire+0x1ae/0x520
[ 105.537023][ T5107] hfs_btree_inc_height.isra.0+0x100/0x830
[ 105.542836][ T5107] ? hfs_bnode_split+0xdc0/0xdc0
[ 105.547780][ T5107] ? mutex_is_locked+0x40/0x40
[ 105.552545][ T5107] ? preempt_count_sub+0x160/0x160
[ 105.557659][ T5107] hfs_brec_insert+0x934/0xb80
[ 105.562426][ T5107] ? hfs_find_init+0x17f/0x220
[ 105.567195][ T5107] ? hfs_brec_find+0x3de/0x510
[ 105.571966][ T5107] ? hfs_brec_keylen+0x3c0/0x3c0
[ 105.576912][ T5107] ? hfs_bmap_reserve+0x2b6/0x370
[ 105.581950][ T5107] __hfs_ext_write_extent+0x3f6/0x520
[ 105.587327][ T5107] hfs_ext_read_extent+0x805/0x9d0
[ 105.592447][ T5107] ? mutex_trylock+0x130/0x130
[ 105.597223][ T5107] ? hfs_free_extents+0x2f0/0x2f0
[ 105.602256][ T5107] ? clean_bdev_aliases+0x50e/0x610
[ 105.607457][ T5107] hfs_extend_file+0x4e0/0xb10
[ 105.612233][ T5107] ? reacquire_held_locks+0x4c0/0x4c0
[ 105.617613][ T5107] ? hfs_free_fork+0x900/0x900
[ 105.622395][ T5107] hfs_get_block+0x17f/0x820
[ 105.627001][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 105.631944][ T5107] __block_write_begin_int+0x3c0/0x1560
[ 105.637500][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 105.642451][ T5107] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 105.648020][ T5107] block_write_begin+0xb1/0x490
[ 105.652878][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 105.657820][ T5107] cont_write_begin+0x530/0x730
[ 105.662680][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 105.667627][ T5107] ? block_write_begin+0x490/0x490
[ 105.672744][ T5107] ? fault_in_readable+0x106/0x200
[ 105.677864][ T5107] ? fault_in_readable+0x150/0x200
[ 105.682984][ T5107] ? fault_in_subpage_writeable+0x20/0x20
[ 105.688738][ T5107] hfs_write_begin+0x87/0x140
[ 105.693425][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 105.698370][ T5107] generic_perform_write+0x278/0x600
[ 105.703662][ T5107] ? folio_add_wait_queue+0x1c0/0x1c0
[ 105.709037][ T5107] ? generic_update_time+0xcf/0xf0
[ 105.714158][ T5107] ? mnt_put_write_access_file+0x45/0xf0
[ 105.719817][ T5107] __generic_file_write_iter+0x1f9/0x240
[ 105.725464][ T5107] generic_file_write_iter+0xe3/0x350
[ 105.730847][ T5107] vfs_write+0x64f/0xdf0
[ 105.735093][ T5107] ? kernel_write+0x6c0/0x6c0
[ 105.739790][ T5107] ? __fget_light+0x1fc/0x260
[ 105.744474][ T5107] ksys_write+0x12f/0x250
[ 105.748807][ T5107] ? __ia32_sys_read+0xb0/0xb0
[ 105.753577][ T5107] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 105.759823][ T5107] do_syscall_64+0x40/0x110
[ 105.764331][ T5107] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 105.770237][ T5107] RIP: 0033:0x7fc8ca0ec1e9
[ 105.774654][ T5107] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 105.794261][ T5107] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 105.802678][ T5107] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[ 105.810652][ T5107] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 105.818640][ T5107] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 105.826625][ T5107] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 105.834594][ T5107] R13: 0000000000000032 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 105.842567][ T5107]
[ 105.846576][ T5107] hfs: new node 0 already hashed?
[ 105.852509][ T5107] ------------[ cut here ]------------
[ 105.858019][ T5107] WARNING: CPU: 0 PID: 5107 at fs/hfs/bnode.c:422 hfs_bnode_create+0x14c/0x530
[ 105.867021][ T5107] Modules linked in:
[ 105.870950][ T5107] CPU: 0 PID: 5107 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 105.881401][ T5107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 105.891502][ T5107] RIP: 0010:hfs_bnode_create+0x14c/0x530
[ 105.897162][ T5107] Code: d3 2c ff 45 39 fc 75 9e e8 21 d8 2c ff 4c 89 f7 e8 d9 13 29 08 e8 14 d8 2c ff 44 89 e6 48 c7 c7 c0 d7 e7 8a e8 45 b3 0f ff 90 <0f> 0b 90 e8 fc d7 2c ff 48 89 d8 48 83 c4 18 5b 5d 41 5c 41 5d 41
[ 105.916843][ T5107] RSP: 0018:ffffc9000350f378 EFLAGS: 00010282
[ 105.922950][ T5107] RAX: 000000000000001f RBX: ffff88823bd84f40 RCX: ffffffff81697239
[ 105.930966][ T5107] RDX: 0000000000000000 RSI: ffffffff8169f6e2 RDI: 0000000000000005
[ 105.938945][ T5107] RBP: ffff88801f4b0000 R08: 0000000000000005 R09: 0000000000000000
[ 105.946946][ T5107] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000000
[ 105.954942][ T5107] R13: dffffc0000000000 R14: ffff88801f4b00e0 R15: 0000000000000000
[ 105.962970][ T5107] FS: 000055555665b380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 105.971961][ T5107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 105.978569][ T5107] CR2: 00007fc8c1cb4c00 CR3: 000000001fb3b000 CR4: 00000000003506f0
[ 105.986611][ T5107] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 105.994632][ T5107] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 106.002659][ T5107] Call Trace:
[ 106.005945][ T5107]
[ 106.008873][ T5107] ? show_regs+0x8f/0xa0
[ 106.013157][ T5107] ? __warn+0xe6/0x390
[ 106.017248][ T5107] ? hfs_bnode_create+0x14c/0x530
[ 106.022312][ T5107] ? report_bug+0x3bc/0x580
[ 106.026829][ T5107] ? handle_bug+0x3d/0x70
[ 106.031201][ T5107] ? exc_invalid_op+0x17/0x40
[ 106.035896][ T5107] ? asm_exc_invalid_op+0x1a/0x20
[ 106.040973][ T5107] ? __wake_up_klogd.part.0+0x99/0xf0
[ 106.046368][ T5107] ? vprintk+0x82/0x90
[ 106.050475][ T5107] ? hfs_bnode_create+0x14c/0x530
[ 106.055518][ T5107] ? hfs_bnode_create+0x14b/0x530
[ 106.060575][ T5107] hfs_bmap_alloc+0x758/0x880
[ 106.065271][ T5107] ? hfs_bmap_reserve+0x370/0x370
[ 106.070380][ T5107] ? hfs_bnode_put.part.0+0x1e3/0x280
[ 106.075782][ T5107] ? reacquire_held_locks+0x4c0/0x4c0
[ 106.081233][ T5107] hfs_btree_inc_height.isra.0+0x100/0x830
[ 106.087068][ T5107] ? hfs_bnode_split+0xdc0/0xdc0
[ 106.092059][ T5107] ? do_raw_spin_unlock+0x173/0x230
[ 106.097281][ T5107] ? hfs_bnode_put.part.0+0x1e3/0x280
[ 106.102690][ T5107] hfs_brec_insert+0x81f/0xb80
[ 106.107473][ T5107] ? hfs_brec_keylen+0x3c0/0x3c0
[ 106.112476][ T5107] ? hfs_bmap_reserve+0x2b6/0x370
[ 106.117532][ T5107] __hfs_ext_write_extent+0x3f6/0x520
[ 106.122975][ T5107] hfs_ext_read_extent+0x805/0x9d0
[ 106.128115][ T5107] ? mutex_trylock+0x130/0x130
[ 106.132938][ T5107] ? hfs_free_extents+0x2f0/0x2f0
[ 106.137985][ T5107] ? clean_bdev_aliases+0x50e/0x610
[ 106.143226][ T5107] hfs_extend_file+0x4e0/0xb10
[ 106.148010][ T5107] ? reacquire_held_locks+0x4c0/0x4c0
[ 106.153455][ T5107] ? hfs_free_fork+0x900/0x900
[ 106.158238][ T5107] hfs_get_block+0x17f/0x820
[ 106.162862][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 106.167817][ T5107] __block_write_begin_int+0x3c0/0x1560
[ 106.173409][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 106.178365][ T5107] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 106.183945][ T5107] block_write_begin+0xb1/0x490
[ 106.188848][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 106.193847][ T5107] cont_write_begin+0x530/0x730
[ 106.198721][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 106.203713][ T5107] ? block_write_begin+0x490/0x490
[ 106.208843][ T5107] ? fault_in_readable+0x106/0x200
[ 106.213992][ T5107] ? fault_in_readable+0x150/0x200
[ 106.219125][ T5107] ? fault_in_subpage_writeable+0x20/0x20
[ 106.224899][ T5107] hfs_write_begin+0x87/0x140
[ 106.229614][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 106.234614][ T5107] generic_perform_write+0x278/0x600
[ 106.239931][ T5107] ? folio_add_wait_queue+0x1c0/0x1c0
[ 106.245367][ T5107] ? generic_update_time+0xcf/0xf0
[ 106.250537][ T5107] ? mnt_put_write_access_file+0x45/0xf0
[ 106.256190][ T5107] __generic_file_write_iter+0x1f9/0x240
[ 106.261859][ T5107] generic_file_write_iter+0xe3/0x350
[ 106.267268][ T5107] vfs_write+0x64f/0xdf0
[ 106.271566][ T5107] ? kernel_write+0x6c0/0x6c0
[ 106.276257][ T5107] ? __fget_light+0x1fc/0x260
[ 106.280966][ T5107] ksys_write+0x12f/0x250
[ 106.285312][ T5107] ? __ia32_sys_read+0xb0/0xb0
[ 106.290067][ T5107] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 106.296371][ T5107] do_syscall_64+0x40/0x110
[ 106.300919][ T5107] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 106.306813][ T5107] RIP: 0033:0x7fc8ca0ec1e9
[ 106.311262][ T5107] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 106.330919][ T5107] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 106.339357][ T5107] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[ 106.347383][ T5107] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 106.355494][ T5107] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 106.363514][ T5107] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 106.371542][ T5107] R13: 0000000000000032 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 106.379539][ T5107]
[ 106.382622][ T5107] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 106.389921][ T5107] CPU: 0 PID: 5107 Comm: syz-executor291 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
[ 106.400341][ T5107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 106.410384][ T5107] Call Trace:
[ 106.413652][ T5107]
[ 106.416571][ T5107] dump_stack_lvl+0xd9/0x1b0
[ 106.421159][ T5107] panic+0x6dc/0x790
[ 106.425069][ T5107] ? panic_smp_self_stop+0xa0/0xa0
[ 106.430176][ T5107] ? show_trace_log_lvl+0x363/0x4f0
[ 106.435373][ T5107] ? check_panic_on_warn+0x1f/0xb0
[ 106.440478][ T5107] ? hfs_bnode_create+0x14c/0x530
[ 106.445499][ T5107] check_panic_on_warn+0xab/0xb0
[ 106.450429][ T5107] __warn+0xf2/0x390
[ 106.454340][ T5107] ? hfs_bnode_create+0x14c/0x530
[ 106.459357][ T5107] report_bug+0x3bc/0x580
[ 106.463696][ T5107] handle_bug+0x3d/0x70
[ 106.467846][ T5107] exc_invalid_op+0x17/0x40
[ 106.472349][ T5107] asm_exc_invalid_op+0x1a/0x20
[ 106.477211][ T5107] RIP: 0010:hfs_bnode_create+0x14c/0x530
[ 106.482867][ T5107] Code: d3 2c ff 45 39 fc 75 9e e8 21 d8 2c ff 4c 89 f7 e8 d9 13 29 08 e8 14 d8 2c ff 44 89 e6 48 c7 c7 c0 d7 e7 8a e8 45 b3 0f ff 90 <0f> 0b 90 e8 fc d7 2c ff 48 89 d8 48 83 c4 18 5b 5d 41 5c 41 5d 41
[ 106.502472][ T5107] RSP: 0018:ffffc9000350f378 EFLAGS: 00010282
[ 106.508540][ T5107] RAX: 000000000000001f RBX: ffff88823bd84f40 RCX: ffffffff81697239
[ 106.516511][ T5107] RDX: 0000000000000000 RSI: ffffffff8169f6e2 RDI: 0000000000000005
[ 106.524480][ T5107] RBP: ffff88801f4b0000 R08: 0000000000000005 R09: 0000000000000000
[ 106.532458][ T5107] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000000
[ 106.540434][ T5107] R13: dffffc0000000000 R14: ffff88801f4b00e0 R15: 0000000000000000
[ 106.548407][ T5107] ? __wake_up_klogd.part.0+0x99/0xf0
[ 106.553792][ T5107] ? vprintk+0x82/0x90
[ 106.557860][ T5107] ? hfs_bnode_create+0x14b/0x530
[ 106.562892][ T5107] hfs_bmap_alloc+0x758/0x880
[ 106.567572][ T5107] ? hfs_bmap_reserve+0x370/0x370
[ 106.572610][ T5107] ? hfs_bnode_put.part.0+0x1e3/0x280
[ 106.577986][ T5107] ? reacquire_held_locks+0x4c0/0x4c0
[ 106.583366][ T5107] hfs_btree_inc_height.isra.0+0x100/0x830
[ 106.589182][ T5107] ? hfs_bnode_split+0xdc0/0xdc0
[ 106.594132][ T5107] ? do_raw_spin_unlock+0x173/0x230
[ 106.599342][ T5107] ? hfs_bnode_put.part.0+0x1e3/0x280
[ 106.604721][ T5107] hfs_brec_insert+0x81f/0xb80
[ 106.609492][ T5107] ? hfs_brec_keylen+0x3c0/0x3c0
[ 106.614434][ T5107] ? hfs_bmap_reserve+0x2b6/0x370
[ 106.619465][ T5107] __hfs_ext_write_extent+0x3f6/0x520
[ 106.624845][ T5107] hfs_ext_read_extent+0x805/0x9d0
[ 106.629965][ T5107] ? mutex_trylock+0x130/0x130
[ 106.634754][ T5107] ? hfs_free_extents+0x2f0/0x2f0
[ 106.639790][ T5107] ? clean_bdev_aliases+0x50e/0x610
[ 106.644993][ T5107] hfs_extend_file+0x4e0/0xb10
[ 106.649763][ T5107] ? reacquire_held_locks+0x4c0/0x4c0
[ 106.655146][ T5107] ? hfs_free_fork+0x900/0x900
[ 106.659918][ T5107] hfs_get_block+0x17f/0x820
[ 106.664515][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 106.669456][ T5107] __block_write_begin_int+0x3c0/0x1560
[ 106.675007][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 106.679951][ T5107] ? invalidate_bh_lrus_cpu+0x170/0x170
[ 106.685504][ T5107] block_write_begin+0xb1/0x490
[ 106.690357][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 106.695301][ T5107] cont_write_begin+0x530/0x730
[ 106.700158][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 106.705099][ T5107] ? block_write_begin+0x490/0x490
[ 106.710224][ T5107] ? fault_in_readable+0x106/0x200
[ 106.715345][ T5107] ? fault_in_readable+0x150/0x200
[ 106.720463][ T5107] ? fault_in_subpage_writeable+0x20/0x20
[ 106.726215][ T5107] hfs_write_begin+0x87/0x140
[ 106.730909][ T5107] ? hfs_extend_file+0xb10/0xb10
[ 106.735864][ T5107] generic_perform_write+0x278/0x600
[ 106.741157][ T5107] ? folio_add_wait_queue+0x1c0/0x1c0
[ 106.746538][ T5107] ? generic_update_time+0xcf/0xf0
[ 106.751657][ T5107] ? mnt_put_write_access_file+0x45/0xf0
[ 106.757300][ T5107] __generic_file_write_iter+0x1f9/0x240
[ 106.762942][ T5107] generic_file_write_iter+0xe3/0x350
[ 106.768322][ T5107] vfs_write+0x64f/0xdf0
[ 106.772572][ T5107] ? kernel_write+0x6c0/0x6c0
[ 106.777257][ T5107] ? __fget_light+0x1fc/0x260
[ 106.781938][ T5107] ksys_write+0x12f/0x250
[ 106.786269][ T5107] ? __ia32_sys_read+0xb0/0xb0
[ 106.791045][ T5107] ? syscall_trace_enter.constprop.0+0xaf/0x1e0
[ 106.797300][ T5107] do_syscall_64+0x40/0x110
[ 106.801818][ T5107] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 106.807724][ T5107] RIP: 0033:0x7fc8ca0ec1e9
[ 106.812140][ T5107] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 106.831745][ T5107] RSP: 002b:00007ffc77c5c018 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 106.840160][ T5107] RAX: ffffffffffffffda RBX: 00007ffc77c5c040 RCX: 00007fc8ca0ec1e9
[ 106.848133][ T5107] RDX: 00000000000ffe00 RSI: 0000000020004200 RDI: 0000000000000004
[ 106.856102][ T5107] RBP: 0000000000000001 R08: 00007ffc77c5bdb7 R09: 00007ffc77c5c060
[ 106.864073][ T5107] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffc77c5c03c
[ 106.872046][ T5107] R13: 0000000000000032 R14: 431bde82d7b634db R15: 00007ffc77c5c080
[ 106.880019][ T5107]
[ 106.883243][ T5107] Kernel Offset: disabled
[ 106.887635][ T5107] Rebooting in 86400 seconds..