./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3055705221
<...>
Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts.
execve("./syz-executor3055705221", ["./syz-executor3055705221"], 0x7fffab08e7d0 /* 10 vars */) = 0
brk(NULL) = 0x555555946000
brk(0x555555946c40) = 0x555555946c40
arch_prctl(ARCH_SET_FS, 0x555555946300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3055705221", 4096) = 28
brk(0x555555967c40) = 0x555555967c40
brk(0x555555968000) = 0x555555968000
mprotect(0x7fcaa03ce000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5087
mkdir("./syzkaller.R8jHGP", 0700) = 0
chmod("./syzkaller.R8jHGP", 0777) = 0
chdir("./syzkaller.R8jHGP") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559465d0) = 5088
./strace-static-x86_64: Process 5088 attached
[pid 5088] chdir("./0") = 0
[pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5088] setpgid(0, 0) = 0
[pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5088] write(3, "1000", 4) = 4
[pid 5088] close(3) = 0
[pid 5088] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5088] memfd_create("syzkaller", 0) = 3
[pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca97f12000
[pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5088] munmap(0x7fca97f12000, 524288) = 0
[pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5088] close(3) = 0
[pid 5088] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
syzkaller login: [ 60.475937][ T5088] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5088 'syz-executor305'
[ 60.510156][ T5088] loop0: detected capacity change from 0 to 1024
[pid 5088] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "udf", MS_NOATIME, "") = 0
[pid 5088] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
[pid 5088] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 5088] ioctl(4, LOOP_CLR_FD) = 0
[pid 5088] close(4) = 0
[pid 5088] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5088] write(4, "14", 2) = 2
[ 60.525239][ T5088] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b
[ 60.535902][ T5088] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[ 60.549558][ T5088] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[pid 5088] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 5088] exit_group(0) = ?
[pid 5088] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555947620 /* 4 entries */, 32768) = 360
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555594f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555594f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
getdents64(3, 0x555555947620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559465d0) = 5090
./strace-static-x86_64: Process 5090 attached
[pid 5090] chdir("./1") = 0
[pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5090] setpgid(0, 0) = 0
[pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5090] write(3, "1000", 4) = 4
[pid 5090] close(3) = 0
[pid 5090] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5090] memfd_create("syzkaller", 0) = 3
[pid 5090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca97f12000
[pid 5090] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5090] munmap(0x7fca97f12000, 524288) = 0
[pid 5090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 60.577672][ T5088] ERROR: Out of memory at tomoyo_memory_ok.
[pid 5090] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5090] close(3) = 0
[pid 5090] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
[pid 5090] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "udf", MS_NOATIME, "") = 0
[pid 5090] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
[pid 5090] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 5090] ioctl(4, LOOP_CLR_FD) = 0
[pid 5090] close(4) = 0
[pid 5090] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5090] write(4, "14", 2) = 2
[ 60.642006][ T5090] loop0: detected capacity change from 0 to 1024
[ 60.654799][ T5090] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b
[ 60.665173][ T5090] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[ 60.678318][ T5090] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 60.705350][ T5090] FAULT_INJECTION: forcing a failure.
[ 60.705350][ T5090] name failslab, interval 1, probability 0, space 0, times 0
[ 60.718645][ T5090] CPU: 0 PID: 5090 Comm: syz-executor305 Not tainted 6.2.0-rc6-next-20230203-syzkaller #0
[ 60.728538][ T5090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 60.738604][ T5090] Call Trace:
[ 60.741877][ T5090]
[ 60.744800][ T5090] dump_stack_lvl+0x136/0x150
[ 60.749486][ T5090] should_fail_ex+0x4a3/0x5b0
[ 60.754164][ T5090] should_failslab+0x9/0x20
[ 60.758662][ T5090] kmem_cache_alloc_lru+0x65/0x580
[ 60.763780][ T5090] ? udf_alloc_inode+0x28/0x240
[ 60.768623][ T5090] ? udf_free_in_core_inode+0x30/0x30
[ 60.773991][ T5090] udf_alloc_inode+0x28/0x240
[ 60.778658][ T5090] ? udf_free_in_core_inode+0x30/0x30
[ 60.784036][ T5090] alloc_inode+0x61/0x230
[ 60.788361][ T5090] new_inode+0x2b/0x280
[ 60.792514][ T5090] udf_new_inode+0xfa/0xf50
[ 60.797022][ T5090] ? debug_css_free+0xd/0x20
[ 60.801603][ T5090] ? udf_free_inode+0x60/0x60
[ 60.806279][ T5090] ? inode_permission.part.0+0xb5/0x520
[ 60.811834][ T5090] udf_create+0x21/0x120
[ 60.816069][ T5090] vfs_create+0x1a9/0x3a0
[ 60.820401][ T5090] do_mknodat+0x3d9/0x530
[ 60.824742][ T5090] ? user_path_create+0x60/0x60
[ 60.829585][ T5090] ? getname_flags.part.0+0x1dd/0x4f0
[ 60.834956][ T5090] __x64_sys_mknod+0x11e/0x180
[ 60.839722][ T5090] do_syscall_64+0x39/0xb0
[ 60.844134][ T5090] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.850017][ T5090] RIP: 0033:0x7fcaa035f9a9
[ 60.854595][ T5090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 60.874197][ T5090] RSP: 002b:00007ffedf8b9a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 60.882600][ T5090] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcaa035f9a9
[ 60.890645][ T5090] RDX: 0000000000000701 RSI: 0000000000000000 RDI: 0000000020000200
[ 60.898604][ T5090] RBP: 00007ffedf8b9a50 R08: 0000000000000002 R09: 00007ffedf8b9a60
[pid 5090] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5090] exit_group(0) = ?
[pid 5090] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555947620 /* 4 entries */, 32768) = 360
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
umount2("./1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555594f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555594f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
getdents64(3, 0x555555947620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559465d0) = 5091
./strace-static-x86_64: Process 5091 attached
[pid 5091] chdir("./2") = 0
[pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5091] setpgid(0, 0) = 0
[pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5091] write(3, "1000", 4) = 4
[pid 5091] close(3) = 0
[pid 5091] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5091] memfd_create("syzkaller", 0) = 3
[pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca97f12000
[pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5091] munmap(0x7fca97f12000, 524288) = 0
[pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 60.906576][ T5090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 60.914540][ T5090] R13: 00007ffedf8b9a90 R14: 00007ffedf8b9a70 R15: 0000000000000001
[ 60.922510][ T5090]
[pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5091] close(3) = 0
[pid 5091] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
[pid 5091] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "udf", MS_NOATIME, "") = 0
[pid 5091] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
[pid 5091] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 5091] ioctl(4, LOOP_CLR_FD) = 0
[pid 5091] close(4) = 0
[pid 5091] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5091] write(4, "14", 2) = 2
[ 60.972687][ T5091] loop0: detected capacity change from 0 to 1024
[ 60.986159][ T5091] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b
[ 60.996406][ T5091] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[ 61.009050][ T5091] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 61.036684][ T5091] FAULT_INJECTION: forcing a failure.
[ 61.036684][ T5091] name failslab, interval 1, probability 0, space 0, times 0
[ 61.049568][ T5091] CPU: 0 PID: 5091 Comm: syz-executor305 Not tainted 6.2.0-rc6-next-20230203-syzkaller #0
[ 61.059459][ T5091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 61.069501][ T5091] Call Trace:
[ 61.072773][ T5091]
[ 61.075694][ T5091] dump_stack_lvl+0x136/0x150
[ 61.080379][ T5091] should_fail_ex+0x4a3/0x5b0
[ 61.085052][ T5091] should_failslab+0x9/0x20
[ 61.089554][ T5091] kmem_cache_alloc_lru+0x65/0x580
[ 61.094661][ T5091] ? udf_alloc_inode+0x28/0x240
[ 61.099510][ T5091] ? udf_free_in_core_inode+0x30/0x30
[ 61.104873][ T5091] udf_alloc_inode+0x28/0x240
[ 61.109542][ T5091] ? udf_free_in_core_inode+0x30/0x30
[ 61.114923][ T5091] alloc_inode+0x61/0x230
[ 61.119249][ T5091] new_inode+0x2b/0x280
[ 61.123400][ T5091] udf_new_inode+0xfa/0xf50
[ 61.127904][ T5091] ? debug_css_free+0xd/0x20
[ 61.132484][ T5091] ? udf_free_inode+0x60/0x60
[ 61.137161][ T5091] ? inode_permission.part.0+0xb5/0x520
[ 61.142704][ T5091] udf_create+0x21/0x120
[ 61.146946][ T5091] vfs_create+0x1a9/0x3a0
[ 61.151296][ T5091] do_mknodat+0x3d9/0x530
[ 61.155648][ T5091] ? user_path_create+0x60/0x60
[ 61.160525][ T5091] ? getname_flags.part.0+0x1dd/0x4f0
[ 61.165918][ T5091] __x64_sys_mknod+0x11e/0x180
[ 61.170703][ T5091] do_syscall_64+0x39/0xb0
[ 61.175141][ T5091] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.181044][ T5091] RIP: 0033:0x7fcaa035f9a9
[ 61.185468][ T5091] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.205085][ T5091] RSP: 002b:00007ffedf8b9a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 61.213510][ T5091] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcaa035f9a9
[ 61.221500][ T5091] RDX: 0000000000000701 RSI: 0000000000000000 RDI: 0000000020000200
[ 61.229477][ T5091] RBP: 00007ffedf8b9a50 R08: 0000000000000002 R09: 00007ffedf8b9a60
[pid 5091] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5091] exit_group(0) = ?
[pid 5091] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555947620 /* 4 entries */, 32768) = 360
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
umount2("./2/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555594f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555594f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
getdents64(3, 0x555555947620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559465d0) = 5092
./strace-static-x86_64: Process 5092 attached
[pid 5092] chdir("./3") = 0
[pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5092] setpgid(0, 0) = 0
[pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5092] write(3, "1000", 4) = 4
[pid 5092] close(3) = 0
[pid 5092] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5092] memfd_create("syzkaller", 0) = 3
[pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca97f12000
[pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5092] munmap(0x7fca97f12000, 524288) = 0
[pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[ 61.237457][ T5091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 61.245435][ T5091] R13: 00007ffedf8b9a90 R14: 00007ffedf8b9a70 R15: 0000000000000002
[ 61.253431][ T5091]
[pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5092] close(3) = 0
[pid 5092] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
[pid 5092] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "udf", MS_NOATIME, "") = 0
[pid 5092] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
[pid 5092] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 5092] ioctl(4, LOOP_CLR_FD) = 0
[pid 5092] close(4) = 0
[pid 5092] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5092] write(4, "14", 2) = 2
[pid 5092] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 5092] exit_group(0) = ?
[pid 5092] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555947620 /* 4 entries */, 32768) = 360
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
umount2("./3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555594f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555594f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
getdents64(3, 0x555555947620 /* 0 entries */, 32768) = 0
close(3) = 0
[ 61.301225][ T5092] loop0: detected capacity change from 0 to 1024
[ 61.313510][ T5092] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b
[ 61.323804][ T5092] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[ 61.337393][ T5092] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559465d0) = 5093
./strace-static-x86_64: Process 5093 attached
[pid 5093] chdir("./4") = 0
[pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5093] setpgid(0, 0) = 0
[pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5093] write(3, "1000", 4) = 4
[pid 5093] close(3) = 0
[pid 5093] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5093] memfd_create("syzkaller", 0) = 3
[pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca97f12000
[pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5093] munmap(0x7fca97f12000, 524288) = 0
[pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5093] close(3) = 0
[pid 5093] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
[pid 5093] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "udf", MS_NOATIME, "") = 0
[pid 5093] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
[pid 5093] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 5093] ioctl(4, LOOP_CLR_FD) = 0
[pid 5093] close(4) = 0
[pid 5093] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5093] write(4, "14", 2) = 2
[ 61.415039][ T5093] loop0: detected capacity change from 0 to 1024
[ 61.426273][ T5093] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b
[ 61.436556][ T5093] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[ 61.449517][ T5093] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 61.475140][ T5093] FAULT_INJECTION: forcing a failure.
[ 61.475140][ T5093] name failslab, interval 1, probability 0, space 0, times 0
[ 61.488369][ T5093] CPU: 0 PID: 5093 Comm: syz-executor305 Not tainted 6.2.0-rc6-next-20230203-syzkaller #0
[ 61.498303][ T5093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 61.508372][ T5093] Call Trace:
[ 61.511657][ T5093]
[ 61.514600][ T5093] dump_stack_lvl+0x136/0x150
[ 61.519299][ T5093] should_fail_ex+0x4a3/0x5b0
[ 61.523999][ T5093] should_failslab+0x9/0x20
[ 61.528522][ T5093] __kmem_cache_alloc_node+0x5b/0x330
[ 61.533917][ T5093] ? udf_fiiter_init+0x16c/0x630
[ 61.538875][ T5093] kmalloc_trace+0x26/0x60
[ 61.543307][ T5093] udf_fiiter_init+0x16c/0x630
[ 61.548097][ T5093] udf_fiiter_add_entry+0x1cc/0x1080
[ 61.553401][ T5093] ? udf_expand_dir_adinicb+0xe00/0xe00
[ 61.558992][ T5093] ? __mark_inode_dirty+0x5dd/0x1250
[ 61.564302][ T5093] ? lock_downgrade+0x690/0x690
[ 61.569172][ T5093] ? do_raw_spin_lock+0x124/0x2b0
[ 61.574219][ T5093] udf_add_nondir+0xdb/0x3a0
[ 61.578825][ T5093] ? udf_fiiter_add_entry+0x1080/0x1080
[ 61.584380][ T5093] ? rcu_read_lock_sched_held+0x3e/0x70
[ 61.589965][ T5093] ? udf_new_inode+0xa1b/0xf50
[ 61.594768][ T5093] ? rcu_read_lock_sched_held+0x3e/0x70
[ 61.600331][ T5093] ? __mark_inode_dirty+0x32c/0x1250
[ 61.605643][ T5093] udf_create+0xda/0x120
[ 61.609902][ T5093] vfs_create+0x1a9/0x3a0
[ 61.614248][ T5093] do_mknodat+0x3d9/0x530
[ 61.618598][ T5093] ? user_path_create+0x60/0x60
[ 61.623487][ T5093] ? getname_flags.part.0+0x1dd/0x4f0
[ 61.628908][ T5093] __x64_sys_mknod+0x11e/0x180
[ 61.633791][ T5093] do_syscall_64+0x39/0xb0
[ 61.638235][ T5093] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.644143][ T5093] RIP: 0033:0x7fcaa035f9a9
[ 61.648569][ T5093] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5093] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5093] exit_group(0) = ?
[pid 5093] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555947620 /* 4 entries */, 32768) = 360
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
umount2("./4/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555594f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555594f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
getdents64(3, 0x555555947620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559465d0) = 5094
[ 61.668187][ T5093] RSP: 002b:00007ffedf8b9a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 61.676631][ T5093] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcaa035f9a9
[ 61.684612][ T5093] RDX: 0000000000000701 RSI: 0000000000000000 RDI: 0000000020000200
[ 61.692589][ T5093] RBP: 00007ffedf8b9a50 R08: 0000000000000002 R09: 00007ffedf8b9a60
[ 61.700575][ T5093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 61.708553][ T5093] R13: 00007ffedf8b9a90 R14: 00007ffedf8b9a70 R15: 0000000000000004
[ 61.716562][ T5093]
./strace-static-x86_64: Process 5094 attached
[pid 5094] chdir("./5") = 0
[pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5094] setpgid(0, 0) = 0
[pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5094] write(3, "1000", 4) = 4
[pid 5094] close(3) = 0
[pid 5094] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5094] memfd_create("syzkaller", 0) = 3
[pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca97f12000
[pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5094] munmap(0x7fca97f12000, 524288) = 0
[pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5094] close(3) = 0
[pid 5094] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
[pid 5094] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "udf", MS_NOATIME, "") = 0
[pid 5094] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
[pid 5094] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 5094] ioctl(4, LOOP_CLR_FD) = 0
[pid 5094] close(4) = 0
[pid 5094] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5094] write(4, "14", 2) = 2
[pid 5094] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 5094] exit_group(0) = ?
[pid 5094] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555947620 /* 4 entries */, 32768) = 360
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
umount2("./5/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555594f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555594f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
getdents64(3, 0x555555947620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached
[pid 5095] chdir("./6") = 0
[pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5095] setpgid(0, 0) = 0
[pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5095] write(3, "1000", 4) = 4
[pid 5095] close(3) = 0
[pid 5095] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5095] memfd_create("syzkaller", 0
[pid 5087] <... clone resumed>, child_tidptr=0x5555559465d0) = 5095
[pid 5095] <... memfd_create resumed>) = 3
[pid 5095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca97f12000
[ 61.787100][ T5094] loop0: detected capacity change from 0 to 1024
[ 61.798579][ T5094] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b
[ 61.809602][ T5094] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[ 61.821391][ T5094] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[pid 5095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5095] munmap(0x7fca97f12000, 524288) = 0
[pid 5095] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5095] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5095] close(3) = 0
[pid 5095] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
[pid 5095] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "udf", MS_NOATIME, "") = 0
[pid 5095] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
[pid 5095] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 5095] ioctl(4, LOOP_CLR_FD) = 0
[ 61.891970][ T5095] loop0: detected capacity change from 0 to 1024
[ 61.898652][ T5089] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 61.910861][ T5095] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b
[ 61.921635][ T5095] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[pid 5095] close(4) = 0
[pid 5095] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5095] write(4, "14", 2) = 2
[ 61.934844][ T5095] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 61.963358][ T5095] FAULT_INJECTION: forcing a failure.
[ 61.963358][ T5095] name failslab, interval 1, probability 0, space 0, times 0
[ 61.976085][ T5095] CPU: 1 PID: 5095 Comm: syz-executor305 Not tainted 6.2.0-rc6-next-20230203-syzkaller #0
[ 61.985994][ T5095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 61.996059][ T5095] Call Trace:
[ 61.999332][ T5095]
[ 62.002258][ T5095] dump_stack_lvl+0x136/0x150
[ 62.006934][ T5095] should_fail_ex+0x4a3/0x5b0
[ 62.011618][ T5095] should_failslab+0x9/0x20
[ 62.016130][ T5095] __kmem_cache_alloc_node+0x5b/0x330
[ 62.021532][ T5095] ? udf_fiiter_init+0x16c/0x630
[ 62.026488][ T5095] kmalloc_trace+0x26/0x60
[ 62.030903][ T5095] udf_fiiter_init+0x16c/0x630
[ 62.035683][ T5095] udf_fiiter_add_entry+0x1cc/0x1080
[ 62.040973][ T5095] ? udf_expand_dir_adinicb+0xe00/0xe00
[ 62.046564][ T5095] ? __mark_inode_dirty+0x5dd/0x1250
[ 62.051859][ T5095] ? lock_downgrade+0x690/0x690
[ 62.056749][ T5095] ? do_raw_spin_lock+0x124/0x2b0
[ 62.061780][ T5095] udf_add_nondir+0xdb/0x3a0
[ 62.066386][ T5095] ? udf_fiiter_add_entry+0x1080/0x1080
[ 62.071956][ T5095] ? rcu_read_lock_sched_held+0x3e/0x70
[ 62.077527][ T5095] ? udf_new_inode+0xa1b/0xf50
[ 62.082324][ T5095] ? rcu_read_lock_sched_held+0x3e/0x70
[ 62.087908][ T5095] ? __mark_inode_dirty+0x32c/0x1250
[ 62.093225][ T5095] udf_create+0xda/0x120
[ 62.097464][ T5095] vfs_create+0x1a9/0x3a0
[ 62.101792][ T5095] do_mknodat+0x3d9/0x530
[ 62.106123][ T5095] ? user_path_create+0x60/0x60
[ 62.110986][ T5095] ? getname_flags.part.0+0x1dd/0x4f0
[ 62.116387][ T5095] __x64_sys_mknod+0x11e/0x180
[ 62.121169][ T5095] do_syscall_64+0x39/0xb0
[ 62.125606][ T5095] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.131493][ T5095] RIP: 0033:0x7fcaa035f9a9
[ 62.135900][ T5095] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 62.155517][ T5095] RSP: 002b:00007ffedf8b9a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[pid 5095] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5095] exit_group(0) = ?
[pid 5095] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5095, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555947620 /* 4 entries */, 32768) = 360
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs") = 0
umount2("./6/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555594f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555594f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
getdents64(3, 0x555555947620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559465d0) = 5096
./strace-static-x86_64: Process 5096 attached
[pid 5096] chdir("./7") = 0
[ 62.163983][ T5095] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcaa035f9a9
[ 62.171984][ T5095] RDX: 0000000000000701 RSI: 0000000000000000 RDI: 0000000020000200
[ 62.179965][ T5095] RBP: 00007ffedf8b9a50 R08: 0000000000000002 R09: 00007ffedf8b9a60
[ 62.187950][ T5095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 62.195919][ T5095] R13: 00007ffedf8b9a90 R14: 00007ffedf8b9a70 R15: 0000000000000006
[ 62.203896][ T5095]
[pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5096] setpgid(0, 0) = 0
[pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5096] write(3, "1000", 4) = 4
[pid 5096] close(3) = 0
[pid 5096] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5096] memfd_create("syzkaller", 0) = 3
[pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca97f12000
[pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5096] munmap(0x7fca97f12000, 524288) = 0
[pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5096] close(3) = 0
[pid 5096] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
[pid 5096] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "udf", MS_NOATIME, "") = 0
[pid 5096] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
[pid 5096] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 5096] ioctl(4, LOOP_CLR_FD) = 0
[pid 5096] close(4) = 0
[pid 5096] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5096] write(4, "14", 2) = 2
[pid 5096] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 5096] exit_group(0) = ?
[pid 5096] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555947620 /* 4 entries */, 32768) = 360
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
umount2("./7/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555594f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555594f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
getdents64(3, 0x555555947620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559465d0) = 5097
./strace-static-x86_64: Process 5097 attached
[ 62.272054][ T5096] loop0: detected capacity change from 0 to 1024
[ 62.284378][ T5096] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b
[ 62.295671][ T5096] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[ 62.307562][ T5096] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[pid 5097] chdir("./8") = 0
[pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5097] setpgid(0, 0) = 0
[pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5097] write(3, "1000", 4) = 4
[pid 5097] close(3) = 0
[pid 5097] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5097] memfd_create("syzkaller", 0) = 3
[pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca97f12000
[pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5097] munmap(0x7fca97f12000, 524288) = 0
[pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5097] close(3) = 0
[pid 5097] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
[pid 5097] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "udf", MS_NOATIME, "") = 0
[pid 5097] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
[pid 5097] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 5097] ioctl(4, LOOP_CLR_FD) = 0
[pid 5097] close(4) = 0
[pid 5097] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5097] write(4, "14", 2) = 2
[ 62.393973][ T5097] loop0: detected capacity change from 0 to 1024
[ 62.406314][ T5097] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b
[ 62.416893][ T5097] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[ 62.429968][ T5097] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 62.458842][ T5097] FAULT_INJECTION: forcing a failure.
[ 62.458842][ T5097] name failslab, interval 1, probability 0, space 0, times 0
[ 62.472130][ T5097] CPU: 0 PID: 5097 Comm: syz-executor305 Not tainted 6.2.0-rc6-next-20230203-syzkaller #0
[ 62.482072][ T5097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 62.492129][ T5097] Call Trace:
[ 62.495400][ T5097]
[ 62.498335][ T5097] dump_stack_lvl+0x136/0x150
[ 62.503009][ T5097] should_fail_ex+0x4a3/0x5b0
[ 62.507685][ T5097] should_failslab+0x9/0x20
[ 62.512183][ T5097] __kmem_cache_alloc_node+0x5b/0x330
[ 62.517554][ T5097] ? udf_fiiter_init+0x16c/0x630
[ 62.522491][ T5097] kmalloc_trace+0x26/0x60
[ 62.526919][ T5097] udf_fiiter_init+0x16c/0x630
[ 62.531694][ T5097] udf_fiiter_add_entry+0x1cc/0x1080
[ 62.536991][ T5097] ? udf_expand_dir_adinicb+0xe00/0xe00
[ 62.542562][ T5097] ? __mark_inode_dirty+0x5dd/0x1250
[ 62.547870][ T5097] ? lock_downgrade+0x690/0x690
[ 62.552719][ T5097] ? do_raw_spin_lock+0x124/0x2b0
[ 62.557743][ T5097] udf_add_nondir+0xdb/0x3a0
[ 62.562329][ T5097] ? udf_fiiter_add_entry+0x1080/0x1080
[ 62.567863][ T5097] ? rcu_read_lock_sched_held+0x3e/0x70
[ 62.573415][ T5097] ? udf_new_inode+0xa1b/0xf50
[ 62.578188][ T5097] ? rcu_read_lock_sched_held+0x3e/0x70
[ 62.583728][ T5097] ? __mark_inode_dirty+0x32c/0x1250
[ 62.589028][ T5097] udf_create+0xda/0x120
[ 62.593304][ T5097] vfs_create+0x1a9/0x3a0
[ 62.597683][ T5097] do_mknodat+0x3d9/0x530
[ 62.602024][ T5097] ? user_path_create+0x60/0x60
[ 62.606886][ T5097] ? getname_flags.part.0+0x1dd/0x4f0
[ 62.612267][ T5097] __x64_sys_mknod+0x11e/0x180
[ 62.617034][ T5097] do_syscall_64+0x39/0xb0
[ 62.621451][ T5097] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 62.627342][ T5097] RIP: 0033:0x7fcaa035f9a9
[ 62.631749][ T5097] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 62.651349][ T5097] RSP: 002b:00007ffedf8b9a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[pid 5097] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5097] exit_group(0) = ?
[pid 5097] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555947620 /* 4 entries */, 32768) = 360
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./8/binderfs") = 0
umount2("./8/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555594f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555594f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
getdents64(3, 0x555555947620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559465d0) = 5098
./strace-static-x86_64: Process 5098 attached
[pid 5098] chdir("./9") = 0
[pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5098] setpgid(0, 0) = 0
[pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[ 62.659773][ T5097] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcaa035f9a9
[ 62.667749][ T5097] RDX: 0000000000000701 RSI: 0000000000000000 RDI: 0000000020000200
[ 62.675725][ T5097] RBP: 00007ffedf8b9a50 R08: 0000000000000002 R09: 00007ffedf8b9a60
[ 62.683690][ T5097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 62.691655][ T5097] R13: 00007ffedf8b9a90 R14: 00007ffedf8b9a70 R15: 0000000000000008
[ 62.699721][ T5097]
[pid 5098] write(3, "1000", 4) = 4
[pid 5098] close(3) = 0
[pid 5098] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5098] memfd_create("syzkaller", 0) = 3
[pid 5098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca97f12000
[pid 5098] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5098] munmap(0x7fca97f12000, 524288) = 0
[pid 5098] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5098] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5098] close(3) = 0
[pid 5098] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
[pid 5098] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "udf", MS_NOATIME, "") = 0
[pid 5098] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
[pid 5098] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 5098] ioctl(4, LOOP_CLR_FD) = 0
[pid 5098] close(4) = 0
[pid 5098] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5098] write(4, "14", 2) = 2
[pid 5098] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 0
[pid 5098] exit_group(0) = ?
[pid 5098] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555947620 /* 4 entries */, 32768) = 360
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs") = 0
umount2("./9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555594f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555594f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
getdents64(3, 0x555555947620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
[ 62.769505][ T5098] loop0: detected capacity change from 0 to 1024
[ 62.781330][ T5098] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b
[ 62.791689][ T5098] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[ 62.803458][ T5098] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559465d0) = 5099
./strace-static-x86_64: Process 5099 attached
[pid 5099] chdir("./10") = 0
[pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5099] setpgid(0, 0) = 0
[pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5099] write(3, "1000", 4) = 4
[pid 5099] close(3) = 0
[pid 5099] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5099] memfd_create("syzkaller", 0) = 3
[pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca97f12000
[pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5099] munmap(0x7fca97f12000, 524288) = 0
[pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5099] close(3) = 0
[pid 5099] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
[pid 5099] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "udf", MS_NOATIME, "") = 0
[pid 5099] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
[pid 5099] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 5099] ioctl(4, LOOP_CLR_FD) = 0
[pid 5099] close(4) = 0
[pid 5099] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5099] write(4, "14", 2) = 2
[ 62.897951][ T5099] loop0: detected capacity change from 0 to 1024
[ 62.908151][ T5099] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b
[ 62.918418][ T5099] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[ 62.930728][ T5099] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 62.946058][ T5099] FAULT_INJECTION: forcing a failure.
[ 62.946058][ T5099] name failslab, interval 1, probability 0, space 0, times 0
[ 62.970087][ T5099] CPU: 0 PID: 5099 Comm: syz-executor305 Not tainted 6.2.0-rc6-next-20230203-syzkaller #0
[ 62.980019][ T5099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 62.990063][ T5099] Call Trace:
[ 62.993332][ T5099]
[ 62.996253][ T5099] dump_stack_lvl+0x136/0x150
[ 63.000926][ T5099] should_fail_ex+0x4a3/0x5b0
[ 63.005625][ T5099] should_failslab+0x9/0x20
[ 63.010123][ T5099] __kmem_cache_alloc_node+0x5b/0x330
[ 63.015492][ T5099] ? udf_fiiter_init+0x16c/0x630
[ 63.020427][ T5099] kmalloc_trace+0x26/0x60
[ 63.024839][ T5099] udf_fiiter_init+0x16c/0x630
[ 63.029601][ T5099] udf_fiiter_add_entry+0x1cc/0x1080
[ 63.034910][ T5099] ? udf_expand_dir_adinicb+0xe00/0xe00
[ 63.040468][ T5099] ? __mark_inode_dirty+0x5dd/0x1250
[ 63.046184][ T5099] ? lock_downgrade+0x690/0x690
[ 63.051026][ T5099] ? do_raw_spin_lock+0x124/0x2b0
[ 63.056049][ T5099] udf_add_nondir+0xdb/0x3a0
[ 63.060634][ T5099] ? udf_fiiter_add_entry+0x1080/0x1080
[ 63.066186][ T5099] ? rcu_read_lock_sched_held+0x3e/0x70
[ 63.071756][ T5099] ? udf_new_inode+0xa1b/0xf50
[ 63.076564][ T5099] ? rcu_read_lock_sched_held+0x3e/0x70
[ 63.082128][ T5099] ? __mark_inode_dirty+0x32c/0x1250
[ 63.087437][ T5099] udf_create+0xda/0x120
[ 63.091694][ T5099] vfs_create+0x1a9/0x3a0
[ 63.096041][ T5099] do_mknodat+0x3d9/0x530
[ 63.100394][ T5099] ? user_path_create+0x60/0x60
[ 63.105266][ T5099] ? getname_flags.part.0+0x1dd/0x4f0
[ 63.110662][ T5099] __x64_sys_mknod+0x11e/0x180
[ 63.115445][ T5099] do_syscall_64+0x39/0xb0
[ 63.119883][ T5099] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.125797][ T5099] RIP: 0033:0x7fcaa035f9a9
[pid 5099] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5099] exit_group(0) = ?
[pid 5099] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} ---
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555947620 /* 4 entries */, 32768) = 360
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[ 63.130221][ T5099] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.149842][ T5099] RSP: 002b:00007ffedf8b9a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 63.158268][ T5099] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcaa035f9a9
[ 63.166247][ T5099] RDX: 0000000000000701 RSI: 0000000000000000 RDI: 0000000020000200
[ 63.174225][ T5099] RBP: 00007ffedf8b9a50 R08: 0000000000000002 R09: 00007ffedf8b9a60
[ 63.182207][ T5099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 63.190186][ T5099] R13: 00007ffedf8b9a90 R14: 00007ffedf8b9a70 R15: 000000000000000a
lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./10/binderfs") = 0
umount2("./10/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./10/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555594f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555594f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./10/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
getdents64(3, 0x555555947620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./10") = 0
mkdir("./11", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5100 attached
, child_tidptr=0x5555559465d0) = 5100
[ 63.198182][ T5099]
[pid 5100] chdir("./11") = 0
[pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5100] setpgid(0, 0) = 0
[pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5100] write(3, "1000", 4) = 4
[pid 5100] close(3) = 0
[pid 5100] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5100] memfd_create("syzkaller", 0) = 3
[pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca97f12000
[pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5100] munmap(0x7fca97f12000, 524288) = 0
[pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5100] close(3) = 0
[pid 5100] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
[pid 5100] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "udf", MS_NOATIME, "") = 0
[pid 5100] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
[pid 5100] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 5100] ioctl(4, LOOP_CLR_FD) = 0
[pid 5100] close(4) = 0
[pid 5100] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5100] write(4, "14", 2) = 2
[ 63.264683][ T5100] loop0: detected capacity change from 0 to 1024
[ 63.276676][ T5100] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b
[ 63.287171][ T5100] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[ 63.300048][ T5100] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 63.337804][ T5100] FAULT_INJECTION: forcing a failure.
[ 63.337804][ T5100] name failslab, interval 1, probability 0, space 0, times 0
[ 63.350855][ T5100] CPU: 0 PID: 5100 Comm: syz-executor305 Not tainted 6.2.0-rc6-next-20230203-syzkaller #0
[ 63.360804][ T5100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 63.370900][ T5100] Call Trace:
[ 63.374191][ T5100]
[ 63.377136][ T5100] dump_stack_lvl+0x136/0x150
[ 63.381858][ T5100] should_fail_ex+0x4a3/0x5b0
[ 63.386595][ T5100] should_failslab+0x9/0x20
[ 63.391142][ T5100] __kmem_cache_alloc_node+0x5b/0x330
[ 63.396560][ T5100] ? udf_fiiter_init+0x16c/0x630
[ 63.401527][ T5100] kmalloc_trace+0x26/0x60
[ 63.405979][ T5100] udf_fiiter_init+0x16c/0x630
[ 63.410771][ T5100] udf_fiiter_add_entry+0x1cc/0x1080
[ 63.416088][ T5100] ? udf_expand_dir_adinicb+0xe00/0xe00
[ 63.421661][ T5100] ? __mark_inode_dirty+0x5dd/0x1250
[ 63.426961][ T5100] ? lock_downgrade+0x690/0x690
[ 63.431833][ T5100] ? do_raw_spin_lock+0x124/0x2b0
[ 63.436902][ T5100] udf_add_nondir+0xdb/0x3a0
[ 63.441519][ T5100] ? udf_fiiter_add_entry+0x1080/0x1080
[ 63.447069][ T5100] ? rcu_read_lock_sched_held+0x3e/0x70
[ 63.452673][ T5100] ? udf_new_inode+0xa1b/0xf50
[ 63.457495][ T5100] ? rcu_read_lock_sched_held+0x3e/0x70
[ 63.463048][ T5100] ? __mark_inode_dirty+0x32c/0x1250
[ 63.468338][ T5100] udf_create+0xda/0x120
[ 63.472597][ T5100] vfs_create+0x1a9/0x3a0
[ 63.476928][ T5100] do_mknodat+0x3d9/0x530
[ 63.481258][ T5100] ? user_path_create+0x60/0x60
[ 63.486136][ T5100] ? getname_flags.part.0+0x1dd/0x4f0
[ 63.491529][ T5100] __x64_sys_mknod+0x11e/0x180
[ 63.496321][ T5100] do_syscall_64+0x39/0xb0
[ 63.500757][ T5100] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.506658][ T5100] RIP: 0033:0x7fcaa035f9a9
[ 63.511075][ T5100] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5100] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5100] exit_group(0) = ?
[pid 5100] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555947620 /* 4 entries */, 32768) = 360
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./11/binderfs") = 0
umount2("./11/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./11/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x55555594f660 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555594f660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./11/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
getdents64(3, 0x555555947620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./11") = 0
mkdir("./12", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
[ 63.530691][ T5100] RSP: 002b:00007ffedf8b9a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 63.539112][ T5100] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcaa035f9a9
[ 63.547095][ T5100] RDX: 0000000000000701 RSI: 0000000000000000 RDI: 0000000020000200
[ 63.555092][ T5100] RBP: 00007ffedf8b9a50 R08: 0000000000000002 R09: 00007ffedf8b9a60
[ 63.563067][ T5100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 63.571042][ T5100] R13: 00007ffedf8b9a90 R14: 00007ffedf8b9a70 R15: 000000000000000b
[ 63.579025][ T5100]
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555559465d0) = 5101
./strace-static-x86_64: Process 5101 attached
[pid 5101] chdir("./12") = 0
[pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5101] setpgid(0, 0) = 0
[pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5101] write(3, "1000", 4) = 4
[pid 5101] close(3) = 0
[pid 5101] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5101] memfd_create("syzkaller", 0) = 3
[pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fca97f12000
[pid 5101] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288
[pid 5101] munmap(0x7fca97f12000, 524288) = 0
[pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5101] close(3) = 0
[pid 5101] mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0
[pid 5101] mount("/dev/loop0", "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "udf", MS_NOATIME, "") = 0
[pid 5101] openat(AT_FDCWD, "./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", O_RDONLY|O_DIRECTORY) = 3
[pid 5101] chdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa") = 0
[pid 5101] ioctl(4, LOOP_CLR_FD) = 0
[pid 5101] close(4) = 0
[pid 5101] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5101] write(4, "14", 2) = 2
[ 63.657481][ T5101] loop0: detected capacity change from 0 to 1024
[ 63.670012][ T5101] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x73 != 0x9b
[ 63.680457][ T5101] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found!
[ 63.693906][ T5101] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 63.719405][ T5101] FAULT_INJECTION: forcing a failure.
[ 63.719405][ T5101] name failslab, interval 1, probability 0, space 0, times 0
[ 63.733092][ T5101] CPU: 0 PID: 5101 Comm: syz-executor305 Not tainted 6.2.0-rc6-next-20230203-syzkaller #0
[ 63.743571][ T5101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 63.753624][ T5101] Call Trace:
[ 63.756894][ T5101]
[ 63.759825][ T5101] dump_stack_lvl+0x136/0x150
[ 63.764500][ T5101] should_fail_ex+0x4a3/0x5b0
[ 63.769185][ T5101] should_failslab+0x9/0x20
[ 63.773680][ T5101] __kmem_cache_alloc_node+0x5b/0x330
[ 63.779050][ T5101] ? udf_fiiter_init+0x16c/0x630
[ 63.783990][ T5101] kmalloc_trace+0x26/0x60
[ 63.788404][ T5101] udf_fiiter_init+0x16c/0x630
[ 63.793261][ T5101] ? __mark_inode_dirty+0x32c/0x1250
[ 63.798619][ T5101] udf_expand_dir_adinicb+0x89a/0xe00
[ 63.804033][ T5101] ? udf_rmdir+0x440/0x440
[ 63.808487][ T5101] ? kasan_quarantine_put+0xf9/0x220
[ 63.813809][ T5101] ? slab_free_freelist_hook+0x8b/0x1c0
[ 63.819387][ T5101] ? __kmem_cache_free+0xaf/0x2d0
[ 63.824470][ T5101] udf_fiiter_add_entry+0xcf2/0x1080
[ 63.829830][ T5101] ? udf_expand_dir_adinicb+0xe00/0xe00
[ 63.835439][ T5101] ? __mark_inode_dirty+0x5dd/0x1250
[ 63.840767][ T5101] ? lock_downgrade+0x690/0x690
[ 63.845640][ T5101] ? do_raw_spin_lock+0x124/0x2b0
[ 63.850694][ T5101] udf_add_nondir+0xdb/0x3a0
[ 63.855305][ T5101] ? udf_fiiter_add_entry+0x1080/0x1080
[ 63.860862][ T5101] ? rcu_read_lock_sched_held+0x3e/0x70
[ 63.866431][ T5101] ? udf_new_inode+0xa1b/0xf50
[ 63.871232][ T5101] ? rcu_read_lock_sched_held+0x3e/0x70
[ 63.876803][ T5101] ? __mark_inode_dirty+0x32c/0x1250
[ 63.882116][ T5101] udf_create+0xda/0x120
[ 63.886373][ T5101] vfs_create+0x1a9/0x3a0
[ 63.890729][ T5101] do_mknodat+0x3d9/0x530
[ 63.895085][ T5101] ? user_path_create+0x60/0x60
[ 63.899956][ T5101] ? getname_flags.part.0+0x1dd/0x4f0
[ 63.905377][ T5101] __x64_sys_mknod+0x11e/0x180
[ 63.910163][ T5101] do_syscall_64+0x39/0xb0
[ 63.914601][ T5101] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.920514][ T5101] RIP: 0033:0x7fcaa035f9a9
[ 63.924940][ T5101] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.944558][ T5101] RSP: 002b:00007ffedf8b9a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 63.952985][ T5101] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcaa035f9a9
[ 63.960964][ T5101] RDX: 0000000000000701 RSI: 0000000000000000 RDI: 0000000020000200
[ 63.968943][ T5101] RBP: 00007ffedf8b9a50 R08: 0000000000000002 R09: 00007ffedf8b9a60
[ 63.976925][ T5101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 63.984903][ T5101] R13: 00007ffedf8b9a90 R14: 00007ffedf8b9a70 R15: 000000000000000c
[ 63.992906][ T5101]
[ 63.997030][ T5101] ------------[ cut here ]------------
[ 64.002526][ T5101] WARNING: CPU: 0 PID: 5101 at fs/udf/namei.c:220 udf_expand_dir_adinicb+0xbd8/0xe00
[ 64.012253][ T5101] Modules linked in:
[ 64.016209][ T5101] CPU: 0 PID: 5101 Comm: syz-executor305 Not tainted 6.2.0-rc6-next-20230203-syzkaller #0
[ 64.026169][ T5101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 64.036285][ T5101] RIP: 0010:udf_expand_dir_adinicb+0xbd8/0xe00
[ 64.042448][ T5101] Code: 89 44 24 18 e8 49 21 ee fe 4c 8b 44 24 18 e9 c9 f9 ff ff e8 8a 1d 9f fe 4c 89 ef e8 b2 99 0d ff e9 20 f8 ff ff e8 78 1d 9f fe <0f> 0b e9 fd fd ff ff 41 bc 8b ff ff ff e9 56 f6 ff ff 41 bc f4 ff
[ 64.062127][ T5101] RSP: 0018:ffffc90003d0f858 EFLAGS: 00010293
[ 64.068250][ T5101] RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
[ 64.076302][ T5101] RDX: ffff88801d95d7c0 RSI: ffffffff82e54d28 RDI: 0000000000000005
[ 64.084326][ T5101] RBP: ffff8880741e0158 R08: 0000000000000005 R09: 0000000000000000
[ 64.092298][ T5101] R10: 00000000fffffff4 R11: 0000000000000000 R12: 00000000fffffff4
[ 64.100445][ T5101] R13: ffff888074218910 R14: ffffc90003d0f928 R15: 0000000000000000
[ 64.108470][ T5101] FS: 0000555555946300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 64.117483][ T5101] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 64.124148][ T5101] CR2: 00007fcaa0334610 CR3: 0000000017f44000 CR4: 00000000003506f0
[ 64.132162][ T5101] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 64.140206][ T5101] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 64.148246][ T5101] Call Trace:
[ 64.151564][ T5101]
[ 64.154611][ T5101] ? udf_rmdir+0x440/0x440
[ 64.159071][ T5101] ? kasan_quarantine_put+0xf9/0x220
[ 64.164452][ T5101] ? slab_free_freelist_hook+0x8b/0x1c0
[ 64.170031][ T5101] ? __kmem_cache_free+0xaf/0x2d0
[ 64.175150][ T5101] udf_fiiter_add_entry+0xcf2/0x1080
[ 64.180465][ T5101] ? udf_expand_dir_adinicb+0xe00/0xe00
[ 64.186101][ T5101] ? __mark_inode_dirty+0x5dd/0x1250
[ 64.191444][ T5101] ? lock_downgrade+0x690/0x690
[ 64.196374][ T5101] ? do_raw_spin_lock+0x124/0x2b0
[ 64.201446][ T5101] udf_add_nondir+0xdb/0x3a0
[ 64.206102][ T5101] ? udf_fiiter_add_entry+0x1080/0x1080
[ 64.211668][ T5101] ? rcu_read_lock_sched_held+0x3e/0x70
[ 64.217297][ T5101] ? udf_new_inode+0xa1b/0xf50
[ 64.222108][ T5101] ? rcu_read_lock_sched_held+0x3e/0x70
[ 64.227719][ T5101] ? __mark_inode_dirty+0x32c/0x1250
[ 64.233102][ T5101] udf_create+0xda/0x120
[ 64.237375][ T5101] vfs_create+0x1a9/0x3a0
[ 64.241739][ T5101] do_mknodat+0x3d9/0x530
[ 64.246144][ T5101] ? user_path_create+0x60/0x60
[ 64.251028][ T5101] ? getname_flags.part.0+0x1dd/0x4f0
[ 64.256461][ T5101] __x64_sys_mknod+0x11e/0x180
[ 64.261251][ T5101] do_syscall_64+0x39/0xb0
[ 64.265760][ T5101] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.271858][ T5101] RIP: 0033:0x7fcaa035f9a9
[ 64.276373][ T5101] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.296057][ T5101] RSP: 002b:00007ffedf8b9a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 64.304577][ T5101] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcaa035f9a9
[ 64.312583][ T5101] RDX: 0000000000000701 RSI: 0000000000000000 RDI: 0000000020000200
[ 64.320633][ T5101] RBP: 00007ffedf8b9a50 R08: 0000000000000002 R09: 00007ffedf8b9a60
[ 64.328669][ T5101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 64.336740][ T5101] R13: 00007ffedf8b9a90 R14: 00007ffedf8b9a70 R15: 000000000000000c
[ 64.344769][ T5101]
[ 64.347786][ T5101] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 64.355078][ T5101] CPU: 0 PID: 5101 Comm: syz-executor305 Not tainted 6.2.0-rc6-next-20230203-syzkaller #0
[ 64.364998][ T5101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 64.375081][ T5101] Call Trace:
[ 64.378373][ T5101]
[ 64.381304][ T5101] dump_stack_lvl+0xd9/0x150
[ 64.385897][ T5101] panic+0x61b/0x6c0
[ 64.389795][ T5101] ? panic_smp_self_stop+0x90/0x90
[ 64.394913][ T5101] ? show_trace_log_lvl+0x285/0x390
[ 64.400128][ T5101] ? udf_expand_dir_adinicb+0xbd8/0xe00
[ 64.405680][ T5101] check_panic_on_warn+0xb1/0xc0
[ 64.410649][ T5101] __warn+0xf2/0x4f0
[ 64.414584][ T5101] ? udf_expand_dir_adinicb+0xbd8/0xe00
[ 64.420151][ T5101] report_bug+0x2da/0x500
[ 64.424533][ T5101] handle_bug+0x3c/0x70
[ 64.428715][ T5101] exc_invalid_op+0x18/0x50
[ 64.433246][ T5101] asm_exc_invalid_op+0x1a/0x20
[ 64.438115][ T5101] RIP: 0010:udf_expand_dir_adinicb+0xbd8/0xe00
[ 64.444287][ T5101] Code: 89 44 24 18 e8 49 21 ee fe 4c 8b 44 24 18 e9 c9 f9 ff ff e8 8a 1d 9f fe 4c 89 ef e8 b2 99 0d ff e9 20 f8 ff ff e8 78 1d 9f fe <0f> 0b e9 fd fd ff ff 41 bc 8b ff ff ff e9 56 f6 ff ff 41 bc f4 ff
[ 64.463905][ T5101] RSP: 0018:ffffc90003d0f858 EFLAGS: 00010293
[ 64.469983][ T5101] RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
[ 64.477960][ T5101] RDX: ffff88801d95d7c0 RSI: ffffffff82e54d28 RDI: 0000000000000005
[ 64.485938][ T5101] RBP: ffff8880741e0158 R08: 0000000000000005 R09: 0000000000000000
[ 64.493916][ T5101] R10: 00000000fffffff4 R11: 0000000000000000 R12: 00000000fffffff4
[ 64.501910][ T5101] R13: ffff888074218910 R14: ffffc90003d0f928 R15: 0000000000000000
[ 64.509922][ T5101] ? udf_expand_dir_adinicb+0xbd8/0xe00
[ 64.515502][ T5101] ? udf_expand_dir_adinicb+0xbd8/0xe00
[ 64.521093][ T5101] ? udf_rmdir+0x440/0x440
[ 64.525551][ T5101] ? kasan_quarantine_put+0xf9/0x220
[ 64.530878][ T5101] ? slab_free_freelist_hook+0x8b/0x1c0
[ 64.536457][ T5101] ? __kmem_cache_free+0xaf/0x2d0
[ 64.541519][ T5101] udf_fiiter_add_entry+0xcf2/0x1080
[ 64.546830][ T5101] ? udf_expand_dir_adinicb+0xe00/0xe00
[ 64.552419][ T5101] ? __mark_inode_dirty+0x5dd/0x1250
[ 64.557728][ T5101] ? lock_downgrade+0x690/0x690
[ 64.562614][ T5101] ? do_raw_spin_lock+0x124/0x2b0
[ 64.567665][ T5101] udf_add_nondir+0xdb/0x3a0
[ 64.572287][ T5101] ? udf_fiiter_add_entry+0x1080/0x1080
[ 64.577848][ T5101] ? rcu_read_lock_sched_held+0x3e/0x70
[ 64.583419][ T5101] ? udf_new_inode+0xa1b/0xf50
[ 64.588223][ T5101] ? rcu_read_lock_sched_held+0x3e/0x70
[ 64.593786][ T5101] ? __mark_inode_dirty+0x32c/0x1250
[ 64.599098][ T5101] udf_create+0xda/0x120
[ 64.603355][ T5101] vfs_create+0x1a9/0x3a0
[ 64.607705][ T5101] do_mknodat+0x3d9/0x530
[ 64.612073][ T5101] ? user_path_create+0x60/0x60
[ 64.616945][ T5101] ? getname_flags.part.0+0x1dd/0x4f0
[ 64.622340][ T5101] __x64_sys_mknod+0x11e/0x180
[ 64.627125][ T5101] do_syscall_64+0x39/0xb0
[ 64.631589][ T5101] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.637547][ T5101] RIP: 0033:0x7fcaa035f9a9
[ 64.642075][ T5101] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.661705][ T5101] RSP: 002b:00007ffedf8b9a28 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 64.670136][ T5101] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fcaa035f9a9
[ 64.678120][ T5101] RDX: 0000000000000701 RSI: 0000000000000000 RDI: 0000000020000200
[ 64.686100][ T5101] RBP: 00007ffedf8b9a50 R08: 0000000000000002 R09: 00007ffedf8b9a60
[ 64.694097][ T5101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[ 64.702080][ T5101] R13: 00007ffedf8b9a90 R14: 00007ffedf8b9a70 R15: 000000000000000c
[ 64.710082][ T5101]
[ 64.713253][ T5101] Kernel Offset: disabled
[ 64.717655][ T5101] Rebooting in 86400 seconds..